VulnHub is a great pen testing tool especially for beginners. What VulnHub excels on is its almost unlimited resources of virtual machines – VMs for short. If you are looking for the best ones, here is a shortlist of great virtual machines according to experienced VulnHub users. Best of all, they are completely free to use.
Considered as the most used Virtual Machines on the hub, Mr. Robot is based on the same show with the exact title. The machine has 3 hidden keys that you need to find on different locations. Obviously, your goal is to find all 3 keys but everytime you retrieve a key, the difficulty significantly gets higher.
By the time you get to the second key, the skll ceiling spikes, giving you an extra layer of challenge. Yet, this is not considered one of the toughest VMs on the hub. It is also the best entry-level VM for beginners and internediate pen testers.
The Necromancer is a CTF-based VM that is used to prepare its players for the highly competitive SecTalks Brisbane CTF league. You will need to capture 11 keys. The game also gradually gets tougher per key acquisition and, by the time you acquire the 11th key, you must face the “final boss” of the game: the necromancer.
SickOS 1.1 and 1.2
SickOS is a great two-part VM series where you must fight to get to the highest priviledges to compromise the system. It is also considered as one of the most realistic VMs in the hub as it is replicated from the OSCP labs. 1.1 has a low skill ceiling where you must work your way up in the system to compromise it. 1.2 expands all the best things in 1.1 but on a more masterful level.
Tr0ll 1 and 2
Another VM that was close to OSCP labs is the Tr0ll series. In this game, you must acquire the root and get a hold of Proof.txt from the /root directory. However, getting there is tough and you will need to work with plenty of strategy. The sequel also follows the same system but with a much harder difficulty.
These VMs are completely free to use and these are just a few out of hundreds of virtual machines in VulnHub. Should you wish to try all of them, consider visiting the VulnHub website.