RULES:
- No bellyaching, criticizing, whining, griping, grumbling, kvetching.
- Cheating = no score
- If your Gran, Nana, or Babushka would disapprove, it is cheating.
- When in doubt: ask if what you are doing is in or out of scope.
- Host has the right to change rules at any time.
- Stay in scope. Do not go out of scope.
OUT OF SCOPE:
- expsec.us live server (data is wrong for CTF)
- AWS infrastructure or build scripts
- Local login from AWS dashboard
- Direct login to Kali
- SSH key use outside of kali
- Public site testing & authentication
- Hacking 10.0.0.3 server. (You can; but you will be wasting time.)
IN SCOPE:
- Only access KALI thru guac admin panel using host-provided user/pass
- OSINT web server from inside KALI (guacamole server) 10.0.0.3
- Any tool in KALI
- Browse public sites and passively collect viewable data
- External sources that link from your web server to collect data only.
- TRUE TARGET VICTIMS IP’s: 10.0.0.10, 10.0.0.21
NOTES:
- Pulling tools from other locations into KALI is discouraged and a waste of time.
- TLS certificate on Guacamole is let’sencrypt and may fail = accept the risk in browser.
- Your guacamole connection is limited to your local IP by AWS firewall rules.
- TLS certificate on 10.0.0.3 is let’sencrypt and may fail = accept the risk in browser.
Progression: OSINT, Scan, Authenticate, Exploit
OSINT
- Build user.txt, password.txt
- Use Hydra, seclist
Scan
- nmap or nmap from inside metasploit
Authenticate
- Hydra
Exploit
- Metasploit
Have fun!
- Dean Bushmiller, President Expanding Security
- … with Freedom, Responsibility, and Security for All.