# vulnlab

vulnlab is a collection of version-pinned Vagrant virtual machines, each
intentionally running software with known vulnerabilities. The goal is to give
you a reproducible, sandboxed environment for testing proof-of-concept exploits,
experimenting with mitigations, testing patches, and learning how specific
vulnerabilities work hands-on.

Each box directory includes a `scratch/` folder for downloading and compiling
source-based PoCs before Vagrant rsyncs them to `/vagrant` on the guest.

## Quick Start

1.  Change into the vulnerable Vagrant box directory, e.g.,

        cd debian13-20260221.0/

2.  Reset the virtual machine and login

        vagrant destroy -f && vagrant up && vagrant ssh

3.  Exploit

## Boxes

| Directory           | Base Box              | Version    |
| ------------------- | --------------------- | ---------- |
| debian13-20260221.0 | krislamo.org/debian13 | 20260221.0 |

## Vulnerabilities

| CVE            | Name            | CVSS | Type      | Box                 | Exploit                                                       |
| -------------- | --------------- | ---- | --------- | ------------------- | ------------------------------------------------------------- |
| CVE-2026-31431 | copyfail        | 7.8  | LPE       | debian13-20260221.0 | [Python PoC](https://copy.fail/#exploit)                      |
| CVE-2026-43284 | dirtyfrag       | 8.8  | LPE       | debian13-20260221.0 | [C PoC](https://dirtyfrag.io/)                                |
| CVE-2026-46333 | ssh-keysign-pwn | 7.1  | Info Leak | debian13-20260221.0 | [C PoC](https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn) |