myHouse7 - Vulnerable Virtual Machine

Description of Vulnerable Virtual Machine

myHouse7 is a vulnerable virtual machine with multiple docker images setup to be a capture-the-flag (CTF) challenge.  The goal of this vulnerable virtual machine is to present a lab where you can learn and practice to pivot through the subnets to be able to compromise all of the hosts/containers except 1.

Download from my Google Drive.

SHA1: ffefa2283d48c98baace90fb1ed93c1aa464c925

CTF Flag Information


This CTF challenge consists of a total of 20 flags.  The virtual machine that is provided contains 2 flags and each docker image/container when running contains 3 additional flags with exception to 1 host.  The 1 host that is the exception has no flags.  (A mistake that I made was to name 2 flags the same.)

The structure of each flag is as follows: {{tryharder:xxx}}.  The xxx in the example could be a single digit or up to 4 digits.

Network Diagram

Below is a network diagram of the setup which may or may not be accurate.  The virtual machine represents the firewall in the network diagram below.  A total of 7 docker images/containers launch each time the virtual machine loads.


Download Information

You are able to download this file from my Google Drive at this link.  The file is 2.7GB compressed with 7-zip.  The file is a compressed OVF exported virtual machine from VMWorkstation 14.  After importing the virtual machine, the first time that it loads will take upwards of 15 minutes due to building the environment and decompressing the docker images.  After the first time you load the virtual machine it will be quicker due to only having to load the docker images into containers.


4 comments:

  1. Hi Leon, Thanks a lot for this VM.

    Did you plan to provide a docker-compose file for only setup containers ?



    ReplyDelete
    Replies
    1. I will provide more information after December 15.

      Delete

Is rockyou password list in the Have I Been Pwned SHA1 hash list?

A couple of posts ago I wrote a tool in python to evaluate a password list for character sets that it uses and length.  While I was working ...