Before starting the PWK course I solved little over a dozen of the Vulnhub VMs, mainly so I don’t need to start from rock bottom on the PWK lab. Below is a list of machines I rooted, most of them are similar to what you’ll be facing in the lab. I’ve written walkthroughs for a few of them as well, but try harder first ;)
- Kioptrix: Level 1 (#1)
- Kioptrix: Level 1.1 (#2)
- Kioptrix: Level 1.2 (#3)
- Kioptrix: Level 1.3 (#4)
- FristiLeaks: 1.3
- Stapler: 1
- PwnLab: init
Not so sure (Didn’t solve them yet)
There aren’t many Windows machines around due to licensing. Few options:
- Hack The Box: Got a nice set of Windows machines from Windows 2000 up to Windows 8.1 I believe.
- Metasploitable 3, will download a trial version of Windows Server.
- https://github.com/magnetikonline/linuxmicrosoftievirtualmachines you can download Windows VMs legally then hack your way through them through an unpatched vulnerability or setting up a vulnerable software.
- Set up your own lab. Default Windows XP SP0 will give you the chance to try out a few remote exploits, or doing some privilege escalation using weak services.
- /dev/random: Sleepy (Uses VulnInjector, need to provide you own ISO and key.)
- Bobby: 1 (Uses VulnInjector, need to provide you own ISO and key.)
If you think something is worth to be added to this list please mention it in the comments, I do check them ;)