Difference between revisions of "VM Setup Guide"
(Created page with "Category:Hacking Category:Virtual Machines thumb|Example CTF Configuration This '''VM Setup Guide''' is designed to help stude...") |
m |
||
| Line 1: | Line 1: | ||
[[Category:Hacking]] | [[Category:Hacking]] | ||
[[Category:Virtual Machines]] | [[Category:Virtual Machines]] | ||
| − | |||
[[File:Attack Environment Example.png|thumb|Example CTF Configuration]] | [[File:Attack Environment Example.png|thumb|Example CTF Configuration]] | ||
This '''VM Setup Guide''' is designed to help students taking the [http://e-catalog.jhu.edu/search/?P=EN.650.631 EN.650.631] Ethical Hacking course plan their virtual machine configurations for the [https://en.wikipedia.org/wiki/Capture_the_flag#Computer_security Capture the Flag] (CTF) challenge. | This '''VM Setup Guide''' is designed to help students taking the [http://e-catalog.jhu.edu/search/?P=EN.650.631 EN.650.631] Ethical Hacking course plan their virtual machine configurations for the [https://en.wikipedia.org/wiki/Capture_the_flag#Computer_security Capture the Flag] (CTF) challenge. | ||
Revision as of 12:38, 26 December 2018
This VM Setup Guide is designed to help students taking the EN.650.631 Ethical Hacking course plan their virtual machine configurations for the Capture the Flag (CTF) challenge.
This guide will not show you how to configure, test, or choose vulnerabilities for this project. You will need to do this using what you've learned during the course.
Contents
About the Challenge
At the end of this course, students will create a system of networked virtual machines configured with intentional vulnerabilities for challengers to uncover and exploit in a controlled environment. Each successful attack should uncover clues or unlock new attack vectors to allow further exploitation through the system towards a pre-determined goal.
Official Instructions
Since this challenge changes from year to year, please make sure to familiarize yourself with the rules and instructions given to you by your instructor.
Understanding the Playing Field
In order to effectively configure your challenge, you should be well aware of how your systems will be hosted and made accessible on the network. Failure to do so may result in your challenge being unintentionally simplified or, worse yet, impossible to complete.
The VM Host
All virtual machines provided by students will be hosted on a VMWare vSphere cluster (ESXi version 6.5 U2) hosted internally by the Information Security Institute. When creating your VMs, please ensure that they are compatible with this system. The best way to do this is to create your VMs using VMWare Workstation or VMWare Fusion. VMWare Workstation is installed on all MSSI General-Use Workstations, but students may download VMWare software for use on their own devices using the department VMAP subscription.
The Attack System
When the challenge begins, your team will be granted SSH access to a fully updated Kali Linux system with two virtual network interfaces: One on the ISI DMZ and the other on the virtual network of the system (or systems) you will be attacking. You will have root on this system, so you are free to configure it however you choose.
Once you gain access to the attack system, change the password immediately.
You do not want other teams gaining access to your system as this may grant them an unfair advantage while solving challenges.
Accessing the Attack System
By default, the only way to access Kali is via SSH. If you need to use GUI applications on this system, you can use X11 Forwarding. If this is still not adequate for your needs, you are welcome to install and configure something like VNC yourself to gain access to a complete desktop environment.
Pivoting
It is recommended that you become familiar with SSH and Metasploit pivoting techniques, as this will make traversal of these VM networks far easier.
