1.6 KiB
1.6 KiB
vulnlab
vulnlab is a collection of version-pinned Vagrant virtual machines, each intentionally running software with known vulnerabilities. The goal is to give you a reproducible, sandboxed environment for testing proof-of-concept exploits, experimenting with mitigations, testing patches, and learning how specific vulnerabilities work hands-on.
Each box directory includes a scratch/ folder for downloading and compiling
source-based PoCs before Vagrant rsyncs them to /vagrant on the guest.
Quick Start
-
Change into the vulnerable Vagrant box directory, e.g.,
cd debian13-20260221.0/ -
Reset the virtual machine and login
vagrant destroy -f && vagrant up && vagrant ssh -
Exploit
Boxes
| Directory | Base Box | Version |
|---|---|---|
| debian13-20260221.0 | krislamo.org/debian13 | 20260221.0 |
Vulnerabilities
| CVE | Name | CVSS | Type | Box | Exploit |
|---|---|---|---|---|---|
| CVE-2026-31431 | copyfail | 7.8 | LPE | debian13-20260221.0 | Python PoC |
| CVE-2026-43284 | dirtyfrag | 8.8 | LPE | debian13-20260221.0 | C PoC |
| CVE-2026-46333 | ssh-keysign-pwn | 7.1 | Info Leak | debian13-20260221.0 | C PoC |