Competition - Persistence

September 04, 2014

Ladies and gentlemen, we have a special announce to make! After a few months of work, there’s a new competition on horizon currently active! Announcing… Persistence!

Edit: The competition is now over, but the VM still lives on. The results can be found here.

Sagi- (who is the father of the /dev/random series) and superkojiman (the mastermind behind the brainpan series) have teamed up to create a new vulnerable virtual machine! The content of the creation was filled with a mixture of what they have seen in their day jobs, and dreaming up evil and cunning ideas. The end result is a mischievous challenge, which was crying out to headline our next competition.

The download links will go went live on the 7th September 2014 GMT 16:00 UTC, which is also the official start time. You then have 1 month (until the 5th October 2014 23:59 UTC) to submit the flag and solution.

Update: The competition is active. Happy hacking!

Edit: The competition is now over!

As always with competitions, there will be a selection of prizes. They will go to the participants who are deemed to have submitted “the best1” write-ups. The prizes are:

  • E-gift cards - chosen by the winners themselves.
    • 1st place - £50 GBP - Which works out to be about €63 EUR / $82 USD based upon the exchange rate at the time of writing.
    • Two runner ups - £25 GBP
  • Exclusive customized VulnHub t-shirts
  • Stickers

As these T-shirts are custom for the competition, their designs will be released at a later date - keep an eye on our facebook profile or twitter page for the latest information!

So what can you do to win?

  • When Persistence is added to VulnHub, download a copy, and start hacking away at it!
  • Keep trying, and sooner or later you’ll reach the flag.
  • Try and remember what you did & how you did it, then record how in one form or another (Don’t fancy writing? Record a video!).
  • After you have finished, be sure to mail it in to us: ‘competition at vulnhub d0t co m’.

Note: be sure to read & agree to the rules at the bottom of the post.

The competition will only be active for four (4) weeks (ending on 5th October 2014), however the VM will stay hosted on VulnHub afterwards.

After reviewing all the submissions, we will then take up to a week to decide who won. At this point will we let everyone know who the lucky winners are via facebook and twitter. As always, there will be a follow up blog post with the highlights, our views and every submission. All valid entries will be added to the walkthrough section for Persistence on VulnHub.

If you wish to publish it yourself (e.g. on your personal blog) we kindly ask you to refrain from doing so until the competition is over.

If Persistence is beating you, you’re loving it or hating it, be sure to shout about it somewhere! (IRC, facebook, twitter or email!).

The more feedback that is given, helps to encourage additional machines in the series!

We wish you the best of luck with the challenge that is Persistence!

Warm regards,

The VulnHub Team


  1. One entry per person. By submitting your entry, you are agreeing to the rules.
  2. The documents submitted, needs to in either a PDF or TXT file format (and must include proof for verification and any custom code that was created - as they will be tested!). If you choose to do a video, we will accept; AVI, MP4 or MKV formats.
  3. Make sure your steps are reproducible using a “fresh” version of the Persistence. If it doesn’t work for us at the time of reviewing the submission, the entry will be disqualified.
  4. You are not allowed to modify the virtual machine in any way prior to starting it up and attacking it. For example, performing cold boot attacks, externally mounting the virtual disk, using Live CDs/OSs or injecting into the VM in any matter. Booting into ‘single user mode’, ‘recovery console’ or modifying the boot parameters will also be disqualified.
  5. The winners are able to choose any gift e-card based on availability at the time of purchase. Winnings will be sent to the same email address that was used for submission when their prize is ready.
  6. The value of the e-gift cards are £50.00 GBP (winner) and £25.00 GBP (runner ups).
  7. The one “winner” and two “runner ups”, will be based upon VulnHub staff member’s opinion. The judge’s (VulnHub) verdict is final.
  8. If no-one has submitted their submissions within the given time frame (see point 11), the first valid submission after the deadline will get the winners prize.
  9. Postage & shipping will be paid for regarding dispatching the physical items (the goodie bag). However, if there is import tax into finalist country, it will be their responsibility to handle.
  10. VulnHub cannot be held responsible for any damage or lost with the posting of the physical items or how they are handled.
  11. The competition starts on the 2014-Sept-07 16:00 UTC, and will run for four weeks, ending on the 2014-Oct-05 23:59 UTC. All the times are state in Coordinated Universal Time (UTC).
  12. Do not give out any hints, tips or walkthroughs to any other contestant during the duration of the competition being active. Even if they beg.
  13. You must be 13 years old or older at the time of submission.
  14. All sales are final. No refunds. No transfers.
  15. The rules are subject to change without notice at any stage.
  16. Using and attacking Persistence is done at your own risk. VulnHub, Sagi- or superkojiman cannot be held responsible for any loss or damage caused.
  17. Bribes will not be accepted ;).

  1. as defined by Sagi- & superkojiman as well as the the VulnHub staff.

Competition Results - Sokar

Our [Sokar birthday competition][1] is well and truly over now. So the only thing left todo is to summarize everything and of course …… Continue reading

New Blog Desgin

Published on March 01, 2015

Competition - Sokar

Published on January 30, 2015