Pwned
Here’s a list of all the VMs I have compromised so far! The difficulty is the one said by the owner of the machine and not me. There’s also a list of the PicoCTF and OverTheWire challenges I’ve solved and the walkthroughs of other vulnerable web applications like DVWA, bWAPP and others…
VMs
| Walkthrough | OS | Difficulty | Report | Download | |
|---|---|---|---|---|---|
| 1. | Kioptrix #1 | Linux | Easy | Vulnhub | |
| 2. | Kioptrix #2 | Linux | Easy | Vulnhub | |
| 3. | Kioptrix #3 | Linux | Easy | Vulnhub | |
| 4. | Kioptrix #4 | Linux | Easy | Vulnhub | |
| 5. | Tr0ll: 1 | Linux | Easy | Vulnhub | |
| 6. | Lord Of The Root | Linux | Easy | Vulnhub | |
| 7. | Stapler: 1 | Linux | Easy-Medium | Vulnhub | |
| 8. | Fristileaks | Linux | Easy | Vulnhub | |
| 9. | NullByte | Linux | Easy | Vulnhub | |
| 10. | Android4 | Android | Very easy | Vulnhub | |
| 11. | Raven: 1 | WordPress & MySQL | Medium | Vulnhub |
Web Apps
DVWA
| Vulnerability | Tools | Security Up To | Walkthrough |
|---|---|---|---|
| Brute Force | Burp Suite | Impossible | DVWA Brute Force |
| DOM XSS | JavaScript | High | DVWA DOM XSS |
| Reflected XSS | JavaScript | High | DVWA Reflected XSS |
| Stored XSS | JavaScript | High | DVWA Stored XSS |
bWAPP
| Vulnerability | Security Up To | Walkthrough |
|---|---|---|
| OS Command Injection | Medium | bWAPP OS Command Injection |
| Directory Traversal | High | bWAPP Directory Traversal |
| Local File Inclusion | Low | bWAPP LFI |
| Remote File Inclusion | Low | bWAPP RFI |
| File Upload | High | bWAPP File Upload |
Challenges
PicoCTF
| Walkthrough | # of Challenges |
|---|---|
| General Skills in CTF’s | 19 |
| Low Level Binary Intro | 46 |
| Forensics in CTFs | 17 |