Differences

This shows you the differences between two versions of the page.

--- cctf_preliminary_experiment [2017/08/25 10:50]
silvio.biagioni@unitn.it
+++ cctf_preliminary_experiment [2021/01/29 10:58]
@@ Line 1: / Line 1: @@
-====== One-On-One Class Capture The Flag Contest - User Guide ======
-===== Before the Contest =====
-  - The Team leader sends an email to silvio[dot]biagioni[at]unitn[dot]it] with object "CCTF Team", including the members of the Team in the CC list of the email.
-  - An email will be sent to the Team's members DETERLab username and a link to set your password.
-  - The enrollment deadline is the **(DD)-th of MONTH at HH:MM**.
-The Rounds' dates are:
-  * Warm-up Questionnaire: **DDst** of MONTH
-  * Training Phase: **(DD+3)-(DD+13)th** of MONTH
-  * One-On-One Attack Phase: **(DD+15)-(DD+16)th** of MONTH
-===== Training Phase (your device) =====
-  - Download Kali Linux ([[https://drive.google.com/drive/URLtoATTACkIMAGE|Attack Clone]]) and TestREx ([[https://drive.google.com/drive/URLtoTARGEtIMAGE|Target Clone]]) images.
-  - Run the images on QEMU (TODO: ADD QEMU NETWORK CONFIGURATIONS TO THE FOLLOWING COMMANDS): <code>% qemu-system-x86_64 -drive file=KALI-RLG,format=raw -m 2048 -enable-kvm</code><code>% qemu-system-x86_64 -drive file=Ubuntu1604-STD,format=raw -m 2048 -enable-kvm -redir tcp:2222::22</code>
-  - Perform your attacks as many time you want. Restore the target containers, if needed, through the following commands: <code> $ sudo python run.py --manual nodegoat__ubuntu-node-mongo --port 8888 </code> <code>$ sudo python run.py --manual wordpress3.2__ubuntu-apache-mysql --port 80 </code>
-  - Write a brief report about the attack(s) that you are going to carry out during the One-On-One Attack Phase.
-===== One-On-One Attack Phase (DETERLab) =====
-  - The Team receives the experiment ID and the list of Qualified and Physical names of their client machines. Follows an example (in which the experiment ID is ''exp1'') of the information that will be received: <file>---------- tbreport.log --------
-Experiment: ExperCCTF1/exp1
-State: active
-Virtual Node Info:
-ID              Type         OS              Qualified Name
---------------- ------------ --------------- --------------------
-client1         pc           Ubuntu1004-STD  client1.exp1.ExperCCTF1.isi.deterlab.net
-client2         pc           Ubuntu1004-STD  client2.exp1.ExperCCTF1.isi.deterlab.net
-server          pc                *          server.exp1.ExperCCTF1.isi.deterlab.net
-Physical Node Mapping:
-ID              Type         OS              Physical
---------------- ------------ --------------- ------------
-client1         pc3000       Ubuntu1004-STD  pc134
-client2         pc3000       Ubuntu1004-STD  pc099
-server          pc3060             *         pc184
-</file>
-  - To access your experimental nodes, you'll need to first SSH into users.deterlab.net using your DETERLab username and password. Once you log in to users, you'll need to SSH again to your actual experimental nodes.  The network topology and the commands to access from the username ''unitn9ab'' to a client in the given example are described in the following picture. ADD IMAGE WITH TWO NODES
-  - To query the server (in the example, ''server.exp1.ExperCCTF1.isi.deterlab.net''), you can access it via SSH through your DETERLab account by using a command line browser (e.g., ''lynx server.exp1.expercctf1.isi.deterlab.net/index.html''). Otherwise, to redirect port 80 on ''pc184'' (which is the ''server'' in the example) to your local machine on port 8080 you would do: <code> ssh -L 8080:pc184:80 unitn9ab@users.isi.deterlab.net</code> Once logged in, you should be able to access the web server on your DETER node by going to [[http://localhost:8080]] from your local browser.
-===== Additional Material =====
-{{teaching:cctfpresentation.pdf|CCTF Presentation}}

DISI Security Research Group Wiki

User Tools

Site Tools

Differences

Page Tools