VulnHub gathers a lot of Capture The Flag virtual machines for practice.
In July, 2018, I did some of them and wrote the writeup about the exploits. I mainly targeted for the VirtualBox virtual machines only. They are running NAT Network interface in VirtualBox.
They are :
(1) BlackMarket
(2) BSides Vancouver 2018 (Workshop)
(3) JIS-CTF : VulnUpload
(4) Bob v2
(5) Toppo v1
(6) DerpNStink v1
(7) Temple of Doom v1
(8) Zico2 v1
(9) Dina 1.0.1
(10) Basic Pentesting : 2
That's all! See you.