The description states:  "This boot to root VM is designed for testing your pentesting skills and concepts. It consists of some well known things but it encourages you to use the functionalities rather than vulnerabilities of target."

I believe this is the same author as the Tomcat server I just wrote up this week.  Again, there's a certain style as to how the author builds boxes and I like it.  The point here is that finding mistakes and abusing functionality is very common versus say a zero day or a publicly known exploit, in my opinion. 

We kick off with Nmap:

The description states: "Welcome to 'My Tomcat Host'.  This boot to root VM is designed for testing your basic enumeration skills and concepts."

This is definitely a beginner box but as always, if you haven't played with the technology, it's new and could therefore be confusing. What I like about this box is that it sticks with the theme. 

We kick off with Nmap:

The description states:  "Cloud Anti-Virus Scanner! is a cloud-based antivirus scanning service.  Currently, it's in beta mode. You've been asked to test the setup and find vulnerabilities and escalate privs."

This box is labeled easy and I think that's fair enough although a couple of sections may hang some people up. 

First, we kick off with Nmap: