37 lines
1.6 KiB
Markdown
37 lines
1.6 KiB
Markdown
# vulnlab
|
|
|
|
vulnlab is a collection of version-pinned Vagrant virtual machines, each
|
|
intentionally running software with known vulnerabilities. The goal is to give
|
|
you a reproducible, sandboxed environment for testing proof-of-concept exploits,
|
|
experimenting with mitigations, testing patches, and learning how specific
|
|
vulnerabilities work hands-on.
|
|
|
|
Each box directory includes a `scratch/` folder for downloading and compiling
|
|
source-based PoCs before Vagrant rsyncs them to `/vagrant` on the guest.
|
|
|
|
## Quick Start
|
|
|
|
1. Change into the vulnerable Vagrant box directory, e.g.,
|
|
|
|
cd debian13-20260221.0/
|
|
|
|
2. Reset the virtual machine and login
|
|
|
|
vagrant destroy -f && vagrant up && vagrant ssh
|
|
|
|
3. Exploit
|
|
|
|
## Boxes
|
|
|
|
| Directory | Base Box | Version |
|
|
| ------------------- | --------------------- | ---------- |
|
|
| debian13-20260221.0 | krislamo.org/debian13 | 20260221.0 |
|
|
|
|
## Vulnerabilities
|
|
|
|
| CVE | Name | CVSS | Type | Box | Exploit |
|
|
| -------------- | --------------- | ---- | --------- | ------------------- | ------------------------------------------------------------- |
|
|
| CVE-2026-31431 | copyfail | 7.8 | LPE | debian13-20260221.0 | [Python PoC](https://copy.fail/#exploit) |
|
|
| CVE-2026-43284 | dirtyfrag | 8.8 | LPE | debian13-20260221.0 | [C PoC](https://dirtyfrag.io/) |
|
|
| CVE-2026-46333 | ssh-keysign-pwn | 7.1 | Info Leak | debian13-20260221.0 | [C PoC](https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn) |
|