This is the twelfth post of a series of posts I’m creating to study for OSCP. You can find the previous post by clicking here.

URL: https://www.vulnhub.com/entry/symfonos-1,322/

Release date: 29 Jun 2019

Author: Zayotic

Provided description:

Beginner real life based machine designed to teach a interesting way of obtaining a low priv shell. SHOULD work for both VMware and Virtualbox.

Note: You may need to update your host file for symfonos.local

Vulnerabilities found:

Local File Inclusion

SMTP Log Poisoning

Path Env. Variable Misconfiguration

Privilege Escalation

#Scanning and Enumeration

Nmap


This is the eleventh post of a series of posts I’m creating to study for OSCP. You can find the previous post by clicking here.

URL: https://www.vulnhub.com/entry/brainpan-1,51/

Release date: 20 Mar 2013

Author: superkojiman

Provided description:

by superkojiman
http://www.techorganic.com

DISCLAIMER
— — — — —
By using this virtual machine, you agree that in no event will I be liable
for any loss or damage including without limitation, indirect or
consequential loss or damage, or any loss or damage whatsoever arising
from loss of data or profits arising out of or in connection with the use
of this software.

TL;DR…


This is the tenth post of a series of posts I’m creating to study for OSCP. You can find the previous post by clicking here.

URL: https://www.vulnhub.com/entry/prime-1,358/

Release date: 1 Sep 2019

Author: Suraj Pandey

Provided description: This machine is designed for those one who is trying to prepare for OSCP or OSCP-Exam.

This is first level of prime series. Some help at every stage is given. Machine is lengthy as OSCP and Hackthebox’s machines are designed.

So you have a target to get root flag as well as user flag. If stuck on a point some help are given…


This is the ninth post of a series of posts I’m creating to study for OSCP. You can find the previous post by clicking here.

URL: https://www.vulnhub.com/entry/digitalworldlocal-joy,298/

Release date: 31 Mar 2019

Author: Donavan

Provided description: Does penetration testing spark joy? If it does, this machine is for you.

This machine is full of services, full of fun, but how many ways are there to align the stars? Perhaps, just like the child in all of us, we may find joy in a playground such as this.

This is somewhat OSCP-like for learning value, but is nowhere as easy to…


This is the eighth post of a series of posts I’m creating to study for OSCP. You can find the previous post by clicking here.

URL: https://www.vulnhub.com/entry/digitalworldlocal-mercy-v2,263/

Release date: 28 Dec 2018

Author: Donavan

Provided description: MERCY is a machine dedicated to Offensive Security for the PWK course, and to a great friend of mine who was there to share my sufferance with me. :-)

MERCY is a name-play on some aspects of the PWK course. It is NOT a hint for the box.

If you MUST have hints for this machine (even though they will probably not help you…


This is the seventh post of a series of posts I’m creating to study for OSCP. You can find the previous post by clicking here.

URL: https://www.vulnhub.com/entry/digitalworldlocal-bravery,281/

Release date: 28 Dec 2018

Author: Donavan

Provided description: This machine hopes to inspire BRAVERY in you; this machine may surprise you from the outside. This is designed for OSCP practice, and the original version of the machine was used for a CTF. It is now revived, and made more nefarious than the original.

If you MUST have hints for this machine (even though they will probably not help you very much until…


Hi!
This is a quick post to show you how to set up a machine downloaded from vulnhub. Sometimes it is hard to know what’s happening with a machine that won’t boot up. In this post I will help you with that.

#Downloading Virtualbox

Virtualbox is a good virtualization tool if you want to hack vulnhub machines, it accepts VHD, OVF, OVA, VMDK while hyper-v and vmware only accept their own file type. I’m talking about that because I had a lot of troubles trying to configure some vms using Hyper-V, then I decided to move out to Virtualbox.

Windows

To Download it…


This is the sixth post of a series of posts I’m creating to study for OSCP. You can find the previous post by clicking here.

URL: https://www.vulnhub.com/entry/dc-9,412/

Release date: 29 Dec 2019

Author: DCAU

Provided description: DC-9 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.The ultimate goal of this challenge is to get root and to read the one and only flag.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.For beginners, Google can be of great assistance…


This is the fifth post of a series of posts I’m creating to study for OSCP. You can find the previous post by clicking here.

URL: https://www.vulnhub.com/entry/kioptrix-2014-5,62/

Release date: 6 Apr 2014

Author: Kioptrix

Provided description: As usual, this vulnerable machine is targeted at the beginner. It’s not meant for the seasoned pentester or security geek that’s been at this sort of stuff for 10 years. Everyone needs a place to start and all I want to do is help in that regard.

Vulnerabilities Found:

Kernel Exploit;

Directory Traversal;

Sensitive File Disclosure

Privilege Escalation;

Remote Code Execution

At the time…


This is the fourth post of a series of posts I’m creating to study for OSCP. You can find the previous post by clicking here.

URL: https://www.vulnhub.com/entry/kioptrix-level-13-4,25/

Release date: 8 Feb 2012

Author: Kioptrix

Provided description: Keeping in the spirit of things, this challenge is a bit different than the others but remains in the realm of the easy. Repeating myself I know, but things must always be made clear: These VMs are for the beginner. It’s a place to start.

Vulnerabilities Found:

SQL Injection;

Command Injection;

Privilege Escalation;

With that being said, let’s get started.

#Scanning and Enumeration

Nmap

Starting the scanning and…

Rafael Medeiros

Sysadmin | Azure | MCSE Certified | Security Enthusiast | OSCP Student | A guy who wants to understand how things work

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store