Damn Small XSS Scanner (DSXS) is a great tool for finding cross site scripting vulnerabilities, the tool has been developed in Python 3. It is really simple and the code can be analysed and used for learning.

Kioptrix 1.0 is the first level of the Kioptrix machines CTF challenges. As you can understand this is the easiest challenge to solve. The main focus of this machine is to learn how to use basic enumeration

Born2Root was developed by " HadiMene" to complete the challenge you will need to gain root access DHCP is enabled on this machine meaning it will automatically pick an IP address. In my case,

Moria 1.2 is themed around the world of Lords of The Rings. With DHCP enabled we will need to find our target IP address trough net discover or a similar arp based tool. Use nmap command for port enumeration

FourAndSix is a capture the flag challenge available at Vulnhub. As usual, the box grabbed an IP address on boot since DHCP is enabled: In my case the IP address was 192.168.10.100 If you are not sure

The aim of this lab is to attain root privileges. As usual the first step is mapping the IP address of the box so that we can begin the enumeration process. On boot, the machine grabbed the following IP

W1R3S is a vulnerable machine by design meant to help you polish your penetration test skills. On this box you are required to gain root access and read a flag located at /root directory. DHCP is enabled

MinU: 1 a boot2root challenge available at Vulnhub. It is based on Ubuntu and has DHCP enabled. In my case the box grabbed the following IP address. 192.168.1.101 To check for services running in this

From my experience,I would rate this cool box posted by 0katz at Vulnhub as intermediate since you are required to think outside the box to hack it. With that in mind lets get started: Note: If DHCP is

Lampião 1 is a unique challenge available at Vulnhub. The box was created for beginners. As usual, let’s find the IP address of the box using arp-scan -l: Great, we now have a list of all hosts. Now we

Temple of Doom is a Boot2Root CTF Challenge and is available at Vulnhub. This machine is intended for "Intermediates" and requires a lot of time and good enumeration skills to get root. In this

BTRSys is a Boot2Root Challenge and is available at Vulnhub. This is a really interesting CTF challenge, especially as its Client Side Restrictions using JavaScript. In this walkthrough, I'll be using

Pluck is a Boot2Root CTF Challenge and is available at Vulnhub. This challenge is for "Intermediates" and requires some good enumeration and exploitation skills to get root. In this walkthrough,

H.A.S.T.E is available at Vulnhub. This is not a Boot2Root Challenge and getting lower shell is enough. This VM is intended for "Intermediates" and has a medium difficulty level. In this

Lin Security is available at Vulnhub. This VM is made for "Beginners" to master Privilege Escalation in Linux Environment using diverse range of techniques. There is no vulnerability in Kernel

FristiLeaks is available at VulnHub. It requires a lot of enumeration to root this VM. This VM is intended for beginners. In this walkthrough, I'll be using Parrot Security OS but you can use any other

Sick OS is available at VulnHub. This machine is similar to ones you might see in OSCP labs. This is a challenging and exciting CTF that contains multiple vulnerabilities and privilege escalation vectors.

Blacklight is a beginner level CTF challenge. The VM is available at VulnHub. This challenge is very easy and short as compared to other VulnHub Challenges. Import the VM into the Virtualbox and turn on.