Book Image

Kali Linux CTF Blueprints

By : Cameron Buchanan
Book Image

Kali Linux CTF Blueprints

By: Cameron Buchanan

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Kali Linux CTF Blueprints
Cameron Buchanan
Jul, 2014 | 190 pages
No titles found
Table of Contents (14 chapters)
Kali Linux CTF Blueprints
Kali Linux CTF Blueprints
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Microsoft Environments
Microsoft Environments
Creating a vulnerable machine
Creating a secure network
Hosting vulnerabilities
Scenario 1 – warming Adobe ColdFusion
Scenario 2 – making a mess with MSSQL
Scenario 3 – trivializing TFTP
Flag placement and design
Post-exploitation and pivoting
Exploitation guides
Challenge modes
Summary
2
Linux Environments
Linux Environments
Differences between Linux and Microsoft
Scenario 1 – learn Samba and other dance forms
Scenario 2 – turning on a LAMP
Scenario 3 – destructible distros
Scenario 4 – tearing it up with Telnet
Flag placement and design
Exploitation guides
Summary
3
Wireless and Mobile
Wireless and Mobile
Wireless environment setup
Scenario 1 – WEP, that's me done for the day
Scenario 2 – WPA-2
Scenario 3 – pick up the phone
Exploitation guides
Summary
4
Social Engineering
Social Engineering
Scenario 1 – maxss your haxss
Scenario 2 – social engineering: do no evil
Scenario 3 – hunting rabbits
Scenario 4 – I am a Stegosaurus
Exploitation guides
Summary
5
Cryptographic Projects
Cryptographic Projects
Crypto jargon
Scenario 1 – encode-ageddon
Scenario 2 – encode + Python = merry hell
Scenario 3 – RC4, my god, what are you doing?
Scenario 4 – Hishashin
Scenario 5 – because Heartbleed didn't get enough publicity as it is
Exploitation guides
Summary
6
Red Teaming
Red Teaming
Chapter guide
Scoring systems
Setting scenarios
Reporting
CTF-style variations
Scenario 1 – ladders, why did it have to be ladders?
Scenario 2 – that's no network, it's a space station
Summary
Appendix
Appendix
Further reading
Index
Index

Creating a vulnerable machine

The purpose of this book may seem counterintuitive to the majority of practices that security professionals carry out each day, but most core ideas to create a secure machine are the same as those to create a vulnerable machine.

Servers can be thought of as being created to serve a specific purpose—for example, to provide DNS services, host an Exchange environment, or manage a domain. This idea can be applied to the practice of hosting vulnerable services as well. The aim is to expose the server in one very particular way and secure it in every other aspect. You may treat them as authentication methods for the overthinking masochists of the world if you wish; that may help you envision the end result a little more clearly. To that end, the following tenets should be abided by:

  • Unless the scenario aims require it, ensure that any other services that you require to run on the system are fully patched and up to date.

  • Unless the scenario requires it, a proper antivirus solution with a firewall should be in place to secure other services.

  • Run the scenario on a separate network to any production or sensitive systems. This is quite simple to achieve by setting up a new network on a LAN connection without Internet access or through the use of virtual machines.

Securing a machine

Virtual or physical, your machine needs to be secure, and there's a simple process to achieve this. Build a fresh operating system. This is easy with a LiveCD when you have a spare Windows OS, but that's not always possible. At the time of this writing, TechNet provides 180-day accounts of the Windows operating system for testing purposes (technet.microsoft.com), which covers this style of usage. If you are using this book to kick off a future career in CTF building, consider getting a Microsoft Developer Network (MSDN) account, which will enable you to set up multiple environments for testing purposes.

Note

At this point, if you're aiming to host a vulnerable Windows product, don't perform the following step.

So, you have a fresh install—what now? Ensure everything is up to date. As you don't have anything other than the OS installed, you should just run Start | Search | Windows Update. Let it run, finish, and restart. Have a look through your build and remove any unnecessary programs that may have come with the install. You are now working with a clean slate. Wonderful.

Previous Section
End of Section 2
Next Section