Mr. Robot

Location Description Based on the show, Mr. Robot. This VM has three keys hidden in different locations. Your goal is to find all three. Each key is progressively difficult to find. The VM isn’t too difficult. There isn’t any advanced exploitation or reverse engineering. The level is considered beginner-intermediate. Enumeration Mr. Robot is one […]

Sidney: 0.2

Location Description Welcome to my third boot2root / CTF this one is called Sidney. The VM is set to grab a DHCP lease on boot. As before, gaining root is not the end of this VM. You will need to snag the flag, and being me, it’s never where they normally live… B-) If […]

Tommy Boy: 1

Location Description HOLY SCHNIKES! Tommy Boy needs your help! The Callahan Auto company has finally entered the world of modern technology and stood up a Web server for their customers to use for ordering brake pads. Unfortunately, the site just went down and the only person with admin credentials is Tom Callahan Sr. – […]

Droopy: v0.2

Location CTF challenge @ Description Welcome to Droopy. This is a beginner’s boot2root/CTF VM. The VM is set to grab a DHCP lease on boot. There’s 2 hints I would offer you: 1.) Grab a copy of the rockyou wordlist. 2.) It’s fun to read other people’s email. Enumeration It’s a beginner’s boot2root. So […]

SecTalks: BNE0x02 – Fuku

Description Fuku (pronounced “far queue”) CTF is designed to fuck with people. This is a boot2root. Import it in VirtualBox, using a Host Only adapter, or use an adapter that will assign it an IP address in the range. It only likes having an IP address in that range. Treat the box as if […]

SecTalks: BNE0x00 – Minotaur

Description Minotaur CTF Minotaur is a boot2root CTF. Once you load the VM, treat it as a machine you can see on the network, i.e. you don’t have physical access to this machine. Therefore, tricks like editing the VM’s BIOS or Grub configuration are not allowed. Only remote attacks are permitted. There are a few […]


Description A small VM made for a Dutch informal hacker meetup called Fristileaks. Meant to be broken in a few hours without requiring debuggers, reverse engineering, etc.. Enumeration nmap -p- -sV dirb http://1952.168.2.19 Let’s start with robots.txt Nothing there to be found. Every page was filled with a pic saying I’m off track. I […]