Before starting the PWK course I solved little over a dozen of the Vulnhub VMs, mainly so I don’t need to start from rock bottom on the PWK lab. Below is a list of machines I rooted, most of them are similar to what you’ll be facing in the lab. I’ve written walkthroughs for a few of them as well, but try harder first ;)


Beginner friendly


Not so sure (Didn’t solve them yet)


There aren’t many Windows machines around due to licensing. Few options:

  • Hack The Box: Got a nice set of Windows machines from Windows 2000 up to Windows 8.1 I believe.
  • Metasploitable 3, will download a trial version of Windows Server.
  • you can download Windows VMs legally then hack your way through them through an unpatched vulnerability or setting up a vulnerable software.
  • Set up your own lab. Default Windows XP SP0 will give you the chance to try out a few remote exploits, or doing some privilege escalation using weak services.
  • /dev/random: Sleepy (Uses VulnInjector, need to provide you own ISO and key.)
  • Bobby: 1 (Uses VulnInjector, need to provide you own ISO and key.)

If you think something is worth to be added to this list please mention it in the comments, I do check them ;)

- Abatchy