User Tools

Site Tools


cctf_preliminary_experiment

This is an old revision of the document!


One-On-One Capture The Flag Contest

------------ User Guide -----------

             ____________________________________________________
            /                                                    \
           |    _____________________________________________     |
           |   |                                             |    |
           |   |  # echo Welcome!                            |    |
           |   |  Welcome!                                   |    |
           |   |  # rm -rf /                                 |    |
           |   |                                             |    |
           |   |                                             |    |
           |   |                                             |    |
           |   |                                             |    |
           |   |                                             |    |
           |   |                                             |    |
           |   |                                             |    |
           |   |                                             |    |
           |   |                                             |    |
           |   |_____________________________________________|    |
           |                                                      |
            \_____________________________________________________/
                   \_______________________________________/
                _______________________________________________
             _-'    .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.  --- `-_
          _-'.-.-. .---.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.--.  .-.-.`-_
       _-'.-.-.-. .---.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-`__`. .-.-.-.`-_
    _-'.-.-.-.-. .-----.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-----. .-.-.-.-.`-_
 _-'.-.-.-.-.-. .---.-. .-----------------------------. .-.---. .---.-.-.-.`-_
:-----------------------------------------------------------------------------:
`---._.-----------------------------------------------------------------._.---'

Before the Contest

  1. The Team leader sends an email to silvio[dot]biagioni[at]unitn[dot]it] with object “CCTF Team”, including the members of the Team in the CC list of the email.
  2. An email will be sent to the Team's leader containing DETERLab username and a link to set the password.
  3. The enrollment deadline is the (DD)-th of MONTH at HH:MM.

The Rounds' dates are:

  • Warm-up Questionnaire: DDst of MONTH
  • Training Phase: (DD+3)-(DD+13)th of MONTH
  • One-On-One Attack Phase: (DD+15)-(DD+16)th of MONTH

Training Phase (on your device)

  1. Download Kali Linux ( Attack Clone) and TestREx ( Target Clone) images and import them through VirtualBox: File>Import Appliance…
  2. Add a virtual NAT Network on VirtualBox: go to File>Preferences , select Network on the left and add a new NAT Network.
  3. Add TestREx and Kali Linux to the virtual network just created in the previous step,To view and configure the settings of a virtual machine, select it from the list on the left and either click on the Settings button located in the toolbar, or select the Machine→Settings… menu option. Thus, select the Network section on the left and set the Attached to: field with the NAT Network option, ensuring that the value of Name: corresponds with the virtual NAT Network previously generated.
  4. Run the virtual machines.
  5. Perform your attacks against the target machine from your own browser, or out of the Kali Linux's command line, as many time you want. Restore the target containers, if needed, through the following commands:
     $ sudo python run.py --manual nodegoat__ubuntu-node-mongo --port 8888 
    $ sudo python run.py --manual wordpress3.2__ubuntu-apache-mysql --port 80 
  6. Write a brief report about the attack(s) that you are going to carry out during the One-On-One Attack Phase.

One-On-One Attack Phase (on DETERLab)

  1. The Team leader receives the experiment ID and the list of Qualified and Physical names of the client machines. Follows an example (in which the experiment ID is exp1) of the information that will be received:
    ---------- tbreport.log --------
    Experiment: ExperCCTF1/exp1
    State: active
    
    Virtual Node Info:
    ID              Type         OS              Qualified Name
    --------------- ------------ --------------- --------------------
    client1         pc           KALI-RLG        client1.exp1.ExperCCTF1.isi.deterlab.net
    server          pc           Ubuntu1604-STD  server.exp1.ExperCCTF1.isi.deterlab.net
    
    Physical Node Mapping:
    ID              Type         OS              Physical    
    --------------- ------------ --------------- ------------
    client1         pc3000       KALI-RLG        pc134
    server          pc3060       Ubuntu1604-STD  pc184
  2. To access your experimental nodes, you'll need to SSH into users.deterlab.net using your DETERLab username and password. Once you log in to users, you'll need to SSH again to your actual experimental nodes. The network topology and the commands to access from the username unitn9ab to a client in the given example are described in the following picture. ADD IMAGE WITH TWO NODES
  3. Attack the target as reported at the end of the Training Phase, making sure to use the correct Qualified Name (in the example, server.exp1.ExperCCTF1.isi.deterlab.net).

Additional Material

cctf_preliminary_experiment.1503930171.txt.gz · Last modified: 2017/08/28 16:22 by silvio.biagioni@unitn.it