Skip to content

CTF exercise

Jump to bottom
reubenajohnston edited this page May 5, 2021 · 24 revisions

Overview

  • Players will host their own insecure nfs, nginx, and terminal servers
  • Players will send instructor
    • ip addresses of their vulnerable servers (once the dhcp server assigns them one) and the open ports
    • user names and passwords for accounts on their vulnerable servers
  • Players will also host their own suricata server that monitors the servers above
  • Players will host their own attack VM
  • All player hosted systems will need an Internet-connected network interface, as well as a netsec.isi.jhu.edu-connected network interface
  • Teams will maintain their servers (to ensure they are operational and accessible) during the event
  • Teams will attack other student servers to obtain points
  • Teams will monitor their vulnerable servers to obtain points
  • Instructor will maintain webpage with current team scores
  • netsec.isi.jhu.edu infrastructure provides dns, dhcp, and email server used for submitting proof of scores
    • netsec.isi.jhu.edu email server can also be used as an open relay server
  • Watch out for the tar pits and honeypots your sneaky Professor installed!

Rules

  • Attack system needs to be its own VM or PC separate from the other servers
  • Insecure servers may be any combination of VMs, PCs, or Docker containers
  • nfs share needs
    • rw, insecure, and no_root_squash attributes
    • goldenkey.txt key file will need to be placed in /root (if running in a Docker container, place in that container's /root directory)
    • /root should have drwx------ permissions
  • Servers need at least two users, with usernames
    • root
    • lowercase, first name of one of your team members (e.g., sally)
  • User passwords on servers need to be from this list: //sitatunga/nwsec/lame.txtSources
  • DOS attacks must
    • be no longer than 30sec in duration per target
    • wait at least 5 minutes until attacking the same target

Scoring

  • nginx server (live scores are available here) will post the team names and names of their members, as well as current score for the team
  • Points
    • 1 point for identifying another team's server ip address and port for server
    • 1 point for identifying a honeypot server's ip address and ports
    • 1 point for identifying a tar pit server's ip address and port
    • 1 points for determining username/password on another team's server
    • 1 points for obtaining root access on another team's nfs server via privilege escalation
    • 1 points for spamming another user
    • 1 points for spamming another user via open relay server (include your team name in the email somewhere so we can score appropriately)
    • 1 point for unique, creative versions of attacks (e.g., something funny added)
      • include details when submitting proof for the verification of items above

Knowledge to gather

  • Ip addresses of servers
  • Function of servers (nfs, email, terminal, honeypot, tar pit, etc.)
  • Usernames on servers
  • Passwords on servers
  • Open relay server IP
  • Dictionary for cracking passwords (see dictionary link above)

References

Clone this wiki locally