Month: September 2012

TUTORIALS

pWnOS 2 (PHP Web Application)

September 19, 2012by Black Hat Sec

Original link: is the second release in the "pWnOS" vulnerable machine collection, however, it has a different creator from the previous one (which explains why it has a different "feel" to it). As always with "boot2root" machines, it has purposely built "issues" allowing for the machine to become compromised, with the end goal being to become the super user, "root". This method uses a vulnerability in a PHP web application (see here for exploiting via SQL injection).

TUTORIALS

pWnOS 2 (SQL Injection)

September 19, 2012by Black Hat Sec

Original link: is the second release in the "pWnOS" vulnerable machine collection, however, it has a different creator from the previous one (which explains why it has a different "feel" to it). As before, it has purposely built in "issues" allowing the machine to become compromised. This method uses a SQL injection flaw (see here for exploiting the PHP web application). As always with "boot2root" machines, the end goal is to become the super user, "root".

TUTORIALS

21LTR – Scene 1

September 14, 2012by Black Hat Sec

Original link: is another boot2root collection, with its own unique twist. It has various 'issues' with the operating system, which have been purposely put in place to make it vulnerable by design. The end goal is to become the 'super user' of the system (aka 'root'). There is an optional stage afterwards, in which the user can try and find the 'flag', proving (to themselves) that they successfully completed it.