VulnHub is a training platform which provides “a catalogue of ‘stuff’ that is (legally) ‘breakable, hackable & exploitable’”, understand: a pool of vulnerable virtual machines. The downloads are essentially .iso, .vbox or .ova which can be opened with VirtualBox or VMware.

The machines are created and proposed by the community itself. Also different versions of the famous Damn Vulnerable Linux and the Exploit Exercises suite are in. You will have to deal with many many different kinds of vulnerabilities like file permissions, web application, shellcode, heap overflows, password cracking, privilege escalation and so on…

For instance, you can read the solution of one of those challenge on InfoSec Institute website: The Tr0ll Challenge

Authors are available on irc to help you in the game ;)

VulnHub