My-Tiny.Net :: Breaking Bad

Vulnerable VMs

A Tinynet looks like a standard corporate network, which means it is a great attack target. https://www.vulnhub.com/resources/ has a list of (Free) Virtual Networks (VPNs) that is also worth exploring, along with links to training materials, security courses, books, and more!

The vulnhub.com home page is the entry point to a large collection of virtual machines donated by the community. Essentially they fall into three categories: the majority are general "boot-to-root" Capture The Flag (CTF) challenges, where solving one puzzle leads to another level of challenge; there are a growing number that provide web applications that are vulnerable to well-known security issues, and a few that are dedicated to binary exploitation and reverse engineering.

Some outstanding ones from the last two categories are:

PRIMER: 1.0.1 - Arne Rick 15 Jan 2016 https://www.vulnhub.com/entry/primer-101,136/

Teach some basic well-known techniques and attacks, simple exploits with web security. Spark some curiosity, make the user look at the source code and try to figure out what's going on behind the scenes. Each chapter is unlocked by solving the puzzle. From hardcoded clear text javascript password checks, SQL-injections and cracking hashes to a simulated terminal. You only need to start the VM, a webserver will come up and you can connect with your browser. In fact you never have to leave the browser.

Seattle: v0.3 - HollyGraceful 4 Oct 2016 https://www.vulnhub.com/entry/seattle-v03,145/

A web application running on a virtual machine, designed to simulate a simple eCommerce style website vulnerable to:

SQL Injection (Error-based)
SQL Injection (Blind)
Reflected Cross-Site Scripting
Stored Cross-Site Scripting
Insecure Direct-Object Reference
Username Enumeration
Path Traversal
Exposed phpinfo()
Exposed Administrative Interface
Weak Admin Credentials

Kevgir: 1 - CanYouPwn.Me 15 Feb 2016 https://www.vulnhub.com/entry/kevgir-1,137/

Has a variety of vulnerable services and web applications for testing:

Bruteforce Attacks
Hacking with Redis
Hacking with Tomcat, Jenkins
Hacking with Misconfigurations
Hacking with CMS Exploits
Local Privilege Escalation

And other vulnerabilities.

Lab26: 1.1 - Marius 27 Jun 2017 https://www.vulnhub.com/entry/lab26-11,190/

A VM with Burp Suite free, chromium with a few extensions (including a proxy switcher), sqlmap, and several vulnerable web apps deployed:

bWAPP
Mutillidae (nowasp)
Web for Pentester I (from pentesterlab.com)
DVWA
Django.nV
Google Gruyere
OWASP Juice Shop

The browser home page contains links to some exercises and walkthroughs.

SmashTheTux: 1.0.1 - CanYouPwn.Me 1 Apr 2016 https://www.vulnhub.com/entry/smashthetux-101,138/

Has 9 challenges for those who want to take a step into the world of binary exploitation. Covers basic exploitation of:

Stack Overflow Vulnerability
Off-by-One Vulnerability
Integer Overflow
Format String Vulnerability
Race Conditions
File Access Weaknesses
Heap Overflow Vulnerability

The Pentesters: 64-Bit AppSec Primer (Beta) - Austin Wile 1 Jul 2016 https://www.vulnhub.com/entry/the-pentesters-64-bit-appsec-primer-beta,155/

Has 16 challenges, increasingly more difficult than the previous one, dedicated to learning the basics of 64 bit binary exploitation and reverse engineering. The goal is to get you inside a debugger with intentionally vulnerable binaries, and get you looking at the inner-workings of a 64 bit binary. The challenges consist of varying vulnerabilities and anti-debugger tricks, which as a penetration tester and security engineer will prove useful to understand.

A related interesting resource

https://capec.mitre.org/data/index.html