Book Image

Kali Linux CTF Blueprints

By : Cameron Buchanan
Book Image

Kali Linux CTF Blueprints

By: Cameron Buchanan

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Kali Linux CTF Blueprints
Cameron Buchanan
Jul, 2014 | 190 pages
No titles found
Table of Contents (14 chapters)
Kali Linux CTF Blueprints
Kali Linux CTF Blueprints
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Microsoft Environments
Microsoft Environments
Creating a vulnerable machine
Creating a secure network
Hosting vulnerabilities
Scenario 1 – warming Adobe ColdFusion
Scenario 2 – making a mess with MSSQL
Scenario 3 – trivializing TFTP
Flag placement and design
Post-exploitation and pivoting
Exploitation guides
Challenge modes
Summary
2
Linux Environments
Linux Environments
Differences between Linux and Microsoft
Scenario 1 – learn Samba and other dance forms
Scenario 2 – turning on a LAMP
Scenario 3 – destructible distros
Scenario 4 – tearing it up with Telnet
Flag placement and design
Exploitation guides
Summary
3
Wireless and Mobile
Wireless and Mobile
Wireless environment setup
Scenario 1 – WEP, that's me done for the day
Scenario 2 – WPA-2
Scenario 3 – pick up the phone
Exploitation guides
Summary
4
Social Engineering
Social Engineering
Scenario 1 – maxss your haxss
Scenario 2 – social engineering: do no evil
Scenario 3 – hunting rabbits
Scenario 4 – I am a Stegosaurus
Exploitation guides
Summary
5
Cryptographic Projects
Cryptographic Projects
Crypto jargon
Scenario 1 – encode-ageddon
Scenario 2 – encode + Python = merry hell
Scenario 3 – RC4, my god, what are you doing?
Scenario 4 – Hishashin
Scenario 5 – because Heartbleed didn't get enough publicity as it is
Exploitation guides
Summary
6
Red Teaming
Red Teaming
Chapter guide
Scoring systems
Setting scenarios
Reporting
CTF-style variations
Scenario 1 – ladders, why did it have to be ladders?
Scenario 2 – that's no network, it's a space station
Summary
Appendix
Appendix
Further reading
Index
Index

Scenario 1 – warming Adobe ColdFusion

Adobe ColdFusion is the Adobe framework for hosting web applications. It's available for a 30-day evaluation trial, is easy to set up, and creates remotely accessible web pages—perfect for our purposes.

Setup

First, take your freshly installed or sanitized Windows installation and download Adobe ColdFusion 9. There are newer versions available from adobe.com, but we will be working with version 9, which you can download from http://download.macromedia.com/pub/coldfusion/updates/901/ColdFusion_update_901_WWEJ_win64.exe. Now, perform the following steps:

  1. Run the .exe file to install the program, and use the defaults as you go along.

  2. Make sure you perform the following steps:

    1. Set Adobe ColdFusion 9 to host as a self-contained application as the following screenshot shows:

    2. Set the application to run a built-in server, as shown in the following screenshot:

    3. Set default credentials throughout as shown in the following screenshot, and make a note of them:

    4. Check the Enable RDS option as shown in the following screenshot:

  3. Go through with the final stages of the setup by logging on to the application through your browser. Make a note of the port that you're accessing it through; this will be the port that should be accessible remotely if the software is correctly set up.

  4. To test the installation, browse to the server. The default will be port 8500, so http://127.0.0.1:8500 should provide the installation directory, as the following screenshot shows:

Variations

There are a few vulnerabilities that can work here. First, the RDS login method can be attacked through a Metasploit module to gain an administrative login. This can be used to get a remote shell. Alternatively, default credentials can be used as the vulnerability, and a directory traversal can be used to gain the key.

To place a .flag file for the directory traversal, create a .txt file, or a file in any other format based on what you want it to be, and place it in a directory. As the directory traversal can only call specific files and not print directories, you will have to provide the attackers with the path in brief.

First, work out the scenario you want. It can simply be: find John's PC and exploit the common web weakness to find his bank details. I hear he keeps them in C:/BankDetails.txt.

Then, name the computer such that it has something to do with John. John-PC works for me over JohnBoy or LittleJohn, which make it easy for the attacker to identify it. Create the BankDetails.txt file, and place the file in the correct folder.

Once everything is set up, you have to test it and prepare the brief for the attackers. To test, please see the exploitation guide further along in this chapter.

Previous Section
End of Section 5
Next Section