You are previewing Kali Linux CTF Blueprints.
O'Reilly logo
Kali Linux CTF Blueprints

Book Description

Build, test, and customize your own Capture the Flag challenges across multiple platforms designed to be attacked with Kali Linux

In Detail

As attackers develop more effective and complex ways to compromise computerized systems, penetration testing skills and tools are in high demand. A tester must have varied skills to combat these threats or fall behind. This book provides practical and customizable guides to set up a variety of exciting challenge projects that can then be tested with Kali Linux.

Learn how to create, customize, and exploit penetration testing scenarios and assault courses. Start by building flawed fortresses for Windows and Linux servers, allowing your testers to exploit common and not-so-common vulnerabilities to break down the gates and storm the walls. Mimic the human element with practical examples of social engineering projects. Facilitate vulnerable wireless and mobile installations and cryptographic weaknesses, and replicate the Heartbleed vulnerability. Finally, combine your skills and work to create a full red-team assessment environment that mimics the sort of corporate network encountered in the field.

What You Will Learn

  • Set up vulnerable services for both Windows and Linux
  • Create dummy accounts for social engineering manipulation
  • Set up Heartbleed replication for vulnerable SSL servers
  • Develop full-size labs to challenge current and potential testers
  • Construct scenarios that can be applied to Capture the Flag style challenges
  • Add physical components to your scenarios and fire USB missile launchers at your opponents
  • Challenge your own projects with a best-practice exploit guide to each scenario
  • Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

    Table of Contents

    1. Kali Linux CTF Blueprints
      1. Table of Contents
      2. Kali Linux CTF Blueprints
      3. Credits
      4. About the Author
      5. About the Reviewers
      6. www.PacktPub.com
        1. Support files, eBooks, discount offers, and more
          1. Why subscribe?
          2. Free access for Packt account holders
      7. Preface
        1. What this book covers
        2. What you need for this book
        3. Who this book is for
        4. Reading guide
        5. A warning
        6. Conventions
        7. Reader feedback
        8. Customer support
          1. Downloading the example code
          2. Errata
          3. Piracy
          4. Questions
      8. 1. Microsoft Environments
        1. Creating a vulnerable machine
          1. Securing a machine
        2. Creating a secure network
          1. Basic requirements
          2. Setting up a Linux network
          3. Setting up a Windows network
        3. Hosting vulnerabilities
        4. Scenario 1 – warming Adobe ColdFusion
          1. Setup
          2. Variations
        5. Scenario 2 – making a mess with MSSQL
          1. Setup
          2. Variations
        6. Scenario 3 – trivializing TFTP
          1. Vulnerabilities
        7. Flag placement and design
          1. Testing your flags
            1. Making the flag too easy
            2. Making your finding too hard
          2. Alternate ideas
        8. Post-exploitation and pivoting
        9. Exploitation guides
          1. Scenario 1 – traverse the directories like it ain't no thing
          2. Scenario 2 – your database is bad and you should feel bad
          3. Scenario 3 – TFTP is holier than the Pope
        10. Challenge modes
        11. Summary
      9. 2. Linux Environments
        1. Differences between Linux and Microsoft
          1. The setup
        2. Scenario 1 – learn Samba and other dance forms
          1. Setup
          2. Configuration
          3. Testing
          4. Variations
            1. Information disclosure
            2. File upload
        3. Scenario 2 – turning on a LAMP
          1. Setup
          2. The PHP
          3. Variations
            1. Out-of-date versions
            2. Login bypass
            3. SQL injection
            4. Dangerous PHP
            5. PHPMyAdmin
        4. Scenario 3 – destructible distros
          1. Setup
          2. Variations
        5. Scenario 4 – tearing it up with Telnet
          1. Setup
          2. Variations
            1. Default credentials
            2. Buffer overflows
        6. Flag placement and design
        7. Exploitation guides
          1. Scenario 1 – smashing Samba
          2. Scenario 2 – exploiting XAMPP
          3. Scenario 3 – like a privilege
          4. Scenario 4 – tampering with Telnet
        8. Summary
      10. 3. Wireless and Mobile
        1. Wireless environment setup
          1. Software
          2. Hardware
        2. Scenario 1 – WEP, that's me done for the day
          1. Code setup
          2. Network setup
        3. Scenario 2 – WPA-2
          1. Setup
        4. Scenario 3 – pick up the phone
          1. Setup
          2. Important things to remember
        5. Exploitation guides
          1. Scenario 1 – rescue the WEP key
          2. Scenario 2 – potentiating partial passwords
          3. Scenario 3.1 – be a geodude with geotagging
          4. Scenario 3.2 – ghost in the machine or man in the middle
          5. Scenario 3.3 – DNS spoof your friends for fun and profit
        6. Summary
      11. 4. Social Engineering
        1. Scenario 1 – maxss your haxss
          1. Code setup
        2. Scenario 2 – social engineering: do no evil
          1. Setup
          2. Variations
        3. Scenario 3 – hunting rabbits
          1. Core principles
          2. Potential avenues
          3. Connecting methods
          4. Creating an OSINT target
        4. Scenario 4 – I am a Stegosaurus
          1. Visual steganography
        5. Exploitation guides
          1. Scenario 1 – cookie theft for fun and profit
          2. Scenario 2 – social engineering tips
          3. Scenario 3 – exploitation guide
          4. Scenario 4 – exploitation guide
        6. Summary
      12. 5. Cryptographic Projects
        1. Crypto jargon
        2. Scenario 1 – encode-ageddon
          1. Generic encoding types
          2. Random encoding types
        3. Scenario 2 – encode + Python = merry hell
          1. Setup
          2. Substitution cipher variations
        4. Scenario 3 – RC4, my god, what are you doing?
          1. Setup
          2. Implementations
        5. Scenario 4 – Hishashin
          1. Setup
          2. Hashing variations
        6. Scenario 5 – because Heartbleed didn't get enough publicity as it is
          1. Setup
          2. Variations
        7. Exploitation guides
          1. Scenario 1 – decode-alypse now
          2. Scenario 2 – trans subs and other things that look awkward in your history
            1. Automatic methods
          3. Scenario 3 – was that a 1 or a 0 or a 1?
          4. Scenario 4 – hash outside of Colorado
          5. Scenario 5 – bleeding hearts
        8. Summary
      13. 6. Red Teaming
        1. Chapter guide
        2. Scoring systems
        3. Setting scenarios
        4. Reporting
          1. Reporting example
          2. Reporting explanation
        5. CTF-style variations
          1. DEFCON game
          2. Physical components
          3. Attack and defense
          4. Jeopardy
        6. Scenario 1 – ladders, why did it have to be ladders?
          1. Network diagram
          2. Brief
          3. Setting up virtual machines
            1. DMZ
            2. missileman
            3. secret1
            4. secret2
            5. secret3
          4. Attack guide
          5. Variations
          6. Dummy devices
          7. Combined OSINT trail
          8. The missile base scenario summary
        7. Scenario 2 – that's no network, it's a space station
          1. Network diagram
          2. Brief
          3. Setting up a basic network
            1. Attack of the clones
          4. Customizing cloned VMs
            1. Workstation1
            2. Workstation2
            3. Workstation3
            4. Workstation4
            5. Workstation5
          5. Attack guide
          6. Variations
          7. The network base scenario summary
        8. Summary
      14. A. Appendix
        1. Further reading
          1. Recommended competitions
          2. Existing vulnerable VMs
      15. Index