ExploitMe - Vulnerable Containers & Machines

A collection of bite-sized, vulnerable containers and virtual machines designed for practicing and learning about various security vulnerabilities.

Available Labs

• CVE-2024-51378: CyberPanel 2.3.6-7 - Remote Code Execution (RCE)
• CVE-2017-5618: GNU Screen 4.5.0 privilege escalation vulnerability
• CVE-2019-18862: GNU Mailutils 2.0 <= 3.7 - Privilege Escalation
• CVE-2021-4034: PolicyKit-1 privilege escalation (PwnKit)
• CVE-2015-1328: Linux kernel 3.18.0-9-generic privilege escalation vulnerability
• mv_suid: SUID binary exploitation using the mv command
• touch_suid: SUID binary exploitation using the touch command
• rm_suid: SUID binary exploitation using the rm command

🛠️ Requirements

• Docker (for container-based labs)
• Vagrant & VirtualBox (for VM-based labs)

Lab Structure

Each lab is contained in its own directory under Labs/ and includes either:

• A Dockerfile for container-based vulnerabilities
• A Vagrantfile for kernel or system-level vulnerabilities

🤝 Contributing

Contributions are welcome! If you'd like to add a new vulnerable container or VM:

1. Create a new directory under Labs/
2. Add either a Dockerfile or Vagrantfile
3. Update this README with details about the new lab
4. Submit a pull request