[New Torrent] SploitNet - Pentest Challenge

[hAxel]

https://www.defensepointsecurity.com/index.php/projects/sploitnet

Overview
Defense Point Security presents SploitNet: a multi-stage hacking puzzle for cyber security professionals to challenge themselves and each other.

SploitNet is a series of downloadable Virtual Machines (VM) designed to simulate a real-world attack scenario, where an attacker would have to compromise multiple systems to access the desired target. Designed by senior DPS security talent, SploitNet was created to teach hands-on penetration testing skills to computer security professionals who have an introductory to intermediate level of penetration testing experience.

Highlights:

A series of three exploitable Virtual Machines (VM)
Simulates a real-world attack scenario
Attackers must compromise multiple systems to access target data
Attacker will have to use the access obtained from the previous VM to compromise the next VM
Created to teach hands-on penetration testing skills to computer security professionals
Beginner to Intermediate level of experience
These VMs were created by some awesome people in DPS's Fellows program. Feel free to hit us up @defpointsec on twitter if you have comments and/or questions. DPS hopes you enjoy hacking these VM's as much as we have enjoyed creating them!

Who will be the first person in your organization to follow the breadcrumbs to victory?


At its most basic level, the goal of SploitNet is to obtain access to the first (.100) VM and use it to pivot to the second (.101) VM and from there to the third and final (.102) VM. However, to prove that you have fully exploited the VMs you need to collect some information to substantiate that claim. The first VM (.100) is optional, though the second (.101) and third (.102) VMs are mandatory. On each of the VMs there are files with secret keys that will prove that you exploited the VMs. On the first (.100) VM, there are 2 -- one for a non-privileged user and one for root -- these are optional. The second (.101) VM also has 2, one for a non-privileged user and one for root -- these are mandatory. The same is true for the third (.102) VM in that there are also 2 secret key files. The format of the secret key files are _secret_key_file_.txt and they live in the home directory for each user on each VM. As you exploit the VMs, you need to copy the contents of these files (optional on the first (.100) VM) and email them to the DPS fellows to prove that you successfully exploited each of the boxes. This will entitle you to the official DPS SploitNet t-shirt with the badge on the sleeve, which proves to other DPS'rs and the world that you exploited all of the VMs. Good luck! Hack the world!

- Exploit .100
-- Exploit .101
--- Exploit .102
---- Collect Intelligence from .102

Downloads
SploitNet_100.zip - f49dcaa230b85ec87746997fae94375f
SploitNet_101.zip - 0739d52c14c7bd28e77877f2ee5b34d4
SploitNet_102.zip - 862ea79cfb721680f4ddc08a38b843f0
Credits
Chad Clary
Gabriel Pulgar (crackbard)
Jonathan Naugle (SecDood)
Billy Meyers (@_hAxel)
Jonathan Cooper (bigc00p)
Bryce Kunz (@i2tbee)
Jake Groth (@gphreakx)
VMs tweaked by Bryce Kunz, VP of Computer Network Exploitation (CNE) @ DPS