Related: Grey Hack is a fake OS, Network, Internet in a multiplayer game where the objective is to hack (including each other). It simulates many basic functions quite well (you can steal files, place files on other computers, install software, run commands from a command line, including imitations of many tools). You can also write your own programs.
Some time ago, I found a site that provided different variants of VMs you could download which contained exploits you could utilize to pwn the machines. There were also walkthroughs and guides available to teach you how to break in.
Unfortunately I can no longer find the site, and my Google fu has failed me.
Unlike Hack the Box, no signup was necessary, you could just download the VM and get started.
Does anyone here know of any good alternatives they'd like to recommend?
There is [vulnhub](https://www.vulnhub.com/). There was another one that started with an “e” (it had Linux and code challenges too (e.g. here is the C code, exploit privilege escalation)). I remember a few years ago the site went down and a mirror was stood up under a different domain. Don’t have those links unfortunately.
I’ve always thought it would be interesting to try something like that for a LARP.
It would be fun to run in an “anything goes” type setup. Get a cheap raspberry pi and install some really old Linux kernel with plenty of well know holes. I’d worry about delineating between game-machines and real ones. It would have to be totally isolated from the real network I guess.
At a certain point on the realism continuum, just get rid of the gamey parts and deliver someone a set of VM images that they have to boot up and break into.
(Maybe that's actually what Hack the Box is, mentioned in the sibling— I hadn't heard of that and only looked briefly at the homepage for it.)
> Maybe that's actually what Hack the Box is, mentioned in the sibling
Hack the Box hosts the VM for you on their servers (and you connect to a VPN to get access), but it's effectively that. They release a box every so often (roughly monthly?) and users compete to collect the user/root flags.
They also have a rotating selection of past boxes (and I think you get access to all of them if you pay them), so it's kind of like an "on demand" CTF.
