Competition - Sokar

January 30, 2015

As promised at our birthday party last week, we’d like to announce the release of our first competition in 2015… Sokar!

Edit: The competition has finished. If you want the results, check the following blog post.

Rasta Mouse (the person to thank and/or blame regarding Kvasir) didn’t bake us a birthday cake, but instead cooked up a brand new virtual machine for you to attack and have some fun.

He is no stranger to breaking boot2root machines. He has now crafted Sokar, using a few ideas that he had not previously seen in his travels of vulnerable virtual machines.

This blog post marks the start of the competition, which will run for 3 weeks. You have until 21st February 2015 23:59 UTC to submit both the flag and your solution.

Edit: The competition is now over! See this page.


To be announced during the competition.

We are going to try and do something slight different this time around. For 1st & 2nd place, we will be giving away some physical goods!! We will wait for the competition to be over before we pick the final hardware prizes (so if you have a geeky prize in mind that you have always wanted, we are open to suggestions).

“Whats up for grabs”, you ask?!

  • Hardware - Deluxe device to make your day easier, or something to show off. Or Both!
  • Challenge Coins - Money can’t buy these. You have to earn it.
  • T-shirts - These are competition t-shirts, customzized to each person.
  • Stickers - Who doens’t like stickers?

So, how can I win?

  • Download it and start hacking.
  • With some luck, sooner or later you’ll reach the flag.
  • Try and remember what you did & how you did it, then record how. (This can be as simple or creative as you like in whichever form you like. Don’t fancy writing? Record a video!.
  • After you have finished, be sure to email it to us: ‘competition at vulnhub d0t co m’.

Note: be sure to read & agree to the rules at the bottom of the post.

The competition will only be active for three (3) weeks (ending on 21st February 2015), however the virtual machine will stay hosted on VulnHub afterwards.

After reviewing all the submissions, we will then take up to a week to decide who won. At this point will we announce the lucky winners via Facebook & Twitter. As always, there will be a follow-up blog post with the highlights, our views, and a list of all the submissions. All valid entries will be added to the walkthrough section for Sokar on VulnHub.

If you wish to publish it yourself (e.g. on your personal blog) we kindly ask you to refrain from doing so until the competition is over.

If Sokar is beating you, you’re loving it or hating it, be sure to shout about it somewhere! (IRC, Facebook, Twitter or email!).

The more feedback we get, the better the competitions and more vulnerable machines will get made!

We wish you the best of luck with the challenge that is Sokar!

Warm regards,

The VulnHub Team


  1. One entry per person. By submitting your entry, you are agreeing to the rules.
  2. The documents submitted, need to be in either a Portable Document Format (PDF) or Text (TXT) file format (and must include proof for verification and any custom code that was created - as they will be tested!). If you choose to do a video, we will accept; AVI, MP4 or MKV formats.
  3. Make sure your steps are reproducible using a “fresh” version of the Sokar. If it doesn’t work for us at the time of reviewing the submission, the entry will be disqualified.
  4. You are not allowed to modify the virtual machine in any way prior to starting it up and attacking it. For example, performing cold boot attacks, externally mounting the virtual disk, using Live CDs/OSs or injecting into the virtual machine in any matter. Booting into “single user mode”, “recovery console” or modifying the boot parameters will also be disqualified.
  5. If no-one has submitted their submissions within the given time frame (see rule #8), the first valid submission after the deadline will get the winners prize.
  6. Postage & shipping will be paid for regarding dispatching the physical items (the goodie bag). However, if there is import tax into finalist country, it will be the responsibility of the finalist to address.
  7. VulnHub cannot be held responsible for any damage or lost with the posting of the physical items or how they are handled.
  8. The competition starts on the 2015-January-30 16:30 UTC, and will run for three (3) weeks, ending on the 2015-February-21 23:59 UTC. All the times are state in Coordinated Universal Time (UTC).
  9. Please do not give out any hints, tips or walkthroughs to any other contestant during the duration of the competition being active. Even if they beg.
  10. You must be 13 years old or older at the time of submission.
  11. All sales are final. No refunds. No transfers.
  12. The rules are subject to change without notice at any stage.
  13. Using and attacking Sokar is done at your own risk. VulnHub, or Rasta Mouse cannot be held responsible for any loss or damage caused.
  14. Bribes will not be accepted ;).

Competition Results - Sokar

Our [Sokar birthday competition][1] is well and truly over now. So the only thing left todo is to summarize everything and of course …… Continue reading

New Blog Desgin

Published on March 01, 2015

Now with HTTPS

Published on January 25, 2015