OSCP-like Vulnhub VMs

Before starting the PWK course I solved little over a dozen of the Vulnhub VMs, mainly so I don’t need to start from rock bottom on the PWK lab. Below is a list of machines I rooted, most of them are similar to what you’ll be facing in the lab. I’ve written walkthroughs for a few of them as well, but try harder first :wink:


Beginner friendly


Not so sure (Didn’t solve them yet)


There aren’t many Windows machines around due to licensing. Few options:

  • Hack The Box: Got a nice set of Windows machines from Windows 2000 up to Windows 8.1 I believe.
  • Metasploitable 3, will download a trial version of Windows Server.
  • GitHub - magnetikonline/linux-microsoft-ie-virtual-machines: Run Internet Explorer 8/9/10/11/MS-Edge Virtual machines from Microsoft under Linux via VirtualBox. you can download Windows VMs legally then hack your way through them through an unpatched vulnerability or setting up a vulnerable software.
  • Set up your own lab. Default Windows XP SP0 will give you the chance to try out a few remote exploits, or doing some privilege escalation using weak services.
  • /dev/random: Sleepy (Uses VulnInjector, need to provide you own ISO and key.)
  • Bobby: 1 (Uses VulnInjector, need to provide you own ISO and key.)
    If you think something is worth to be added to this list please mention it in the comments, I do check them :wink: Source
1 Like

Damn if these VM are like OSCP thanks for the heads up really helps alot to have an idea and focus on what to study of course everything is best to study but at least you setup a general idea of what the course will look like