Share
## https://sploitus.com/exploit?id=9D072F8E-44F5-5274-A323-B4D5BADDF295
# vulnlab

vulnlab is a collection of version-pinned Vagrant virtual machines, each
intentionally running software with known vulnerabilities. The goal is to give
you a reproducible, sandboxed environment for testing proof-of-concept exploits,
experimenting with mitigations, testing patches, and learning how specific
vulnerabilities work hands-on.

Each box directory includes a `scratch/` folder for downloading and compiling
source-based PoCs before Vagrant rsyncs them to `/vagrant` on the guest.

## Quick Start

1.  Change into the vulnerable Vagrant box directory, e.g.,

        cd debian13-20260221.0/

2.  Reset the virtual machine and login

        vagrant destroy -f && vagrant up && vagrant ssh

3.  Exploit

## Boxes

| Directory           | Base Box              | Version    |
| ------------------- | --------------------- | ---------- |
| debian13-20260221.0 | krislamo.org/debian13 | 20260221.0 |

## Vulnerabilities

| CVE            | Name      | CVSS | Type | Box                 | Exploit                                  |
| -------------- | --------- | ---- | ---- | ------------------- | ---------------------------------------- |
| CVE-2026-31431 | copyfail  | 7.8  | LPE  | debian13-20260221.0 | [Python PoC](https://copy.fail/#exploit) |
| CVE-2026-43284 | dirtyfrag | 8.8  | LPE  | debian13-20260221.0 | [C PoC](https://dirtyfrag.io/)           |