hackthebox – Bootlesshacker's Cybersecurity Blog

I’ve not created a new box for some time, so I spent my time today making a new one for you all!

This one is quite different from my normal machines. It’s probably more realistic and less like a CTF. I’m going to stop grading my boxes though because what’s difficult to one person is easy to another and vice versa. If you find this difficult, don’t be put off. This is simply a learning step which everyone at some point crosses. This box is probably hard though – it’s certainly not for beginners. I hope you learn something new.

Take your time. Have patience. And take time to learn about the environment once you pop the initial shell.

When I first published this CTF, I offered a prize for one three month TryHackMe voucher to the first person who successfully completed the box and submitted a valid walkthrough. This prize has now been claimed.

Download

You can download Cereal here (version 1.1, fixed issue with DHCP in VMWare).

SHA-256: 9aa01288b184174ce70a81288d1f2eeb685ab34dbaba4d6efcfd843a18d86e66

Loading ...

GreenOptic CTF

GreenOptic is my fourth Capture the Flag box. It is rated as ‘Very Hard’ (as per the difficulty matrix). As with all of my CTFs, please run this in ‘Host Only’ mode – it does not need an internet connection.

Download Now

Don’t let the difficulty put you off though – the CTF is designed to be realistic, so you won’t come across anything you wouldn’t experience in a real environment.

You will need to enumerate this box very well, and likely chain together different bits of information and vulnerabilities in order to gain access.

Synopsis:

British Internet Service Provider GreenOptic has been subject to a large scale Cyber Attack. Over 5 million of their customer records have been stolen, along with credit card information and bank details.

GreenOptic have created an incident response team to analyse the attack and close any security holes. Can you break into their server before they fix their security holes?

You can download GreenOptic here.

SHA-256: 00af6eb4a29fa6447fb68ea4dae112de822c78d2021e210d8233e0b0ba8cc5e9

Once you’ve completed my CTF, let me know how you found it.

Loading ...