ITX8063:2011:Labs
Allikas: Lambda
Sisukord
Lab Setup For ITX8063 2011/2012
Access
- The environment (Lab) used for the practical tasks is not running in classroom but in another private network accessible over the VPN.
- Every student has a private BackTrack5 virtual machine which has to be used for accomplishing the tasks.
- There are 2 possible ways to access the BackTrack5 VM in Lab:
- Classroom is connected with Lab over site-to-site VPN.
- Every student has to setup an OpenVPN connection to access the BackTrack VM running in Lab from his/her own computer.
Setup OpenVPN on your own machine to access the Lab
- Download:
- http://cs.tud.ttu.ee/itx8063/course-lab-2011.tar.gz.bf
- Alternative: Fail:Course-lab-2011.tar.gz.bf.gz (lambda allows to upload files with specific extension so you would have to gunzip it first)
- Decrypt the configuration:
- openssl enc -bf -d -in course-lab-2011.tar.gz.bf -out course-lab-2011.tar.gz
- The password for the key has been provided in classroom and in ivcm11 e-mail list.
- Install OpenVPN to your machine and run the configuration provided. E.g. when using ubuntu:
- apt-get install openvpn
- tar zxvf course-lab-2011.tar.gz
- cd course-lab-2011/
- sudo openvpn course-lab-2011.conf
- The password for the key has been provided in classroom and in ivcm11 e-mail list.
- In case openvpn is running correctly you should have received routes to networks 192.168.133.0/24 and 192.168.136.0/24
BackTrack5 VM in Lab
- Each student is provided a BackTrack machine in lab for accessing and attacking the target systems.
- Each student is allowed to access only the machine with the IP specified below.
- Default username is root and password is toor. You would probably like to change it after first login...
- This VM shall be used only for completing the course exercises. All student machines and targets are running on same server - therefore be sure that you do not leave unnecessary processes running.
1. Maksim: 192.168.133.1 2. Mikheil: 192.168.133.2 3. Dmitri: 192.168.133.3 4. Stanislav: 192.168.133.4 5. Heliand: 192.168.133.5 6. Karl: 192.168.133.6 7. Tiit: 192.168.133.7 8. Margus: 192.168.133.8 9. Franck: 192.168.133.9 10. Zülfikar: 192.168.133.10 11. Sebstian: 192.168.133.11 12. Piret: 192.168.133.12 13. Kaarel: 192.168.133.13 14. Alexandre: 192.168.133.14 15. Martin: 192.168.133.15 16. Aleksandra: 192.168.133.16 17. Elar: 192.168.133.17 18. Aleksandr: 192.168.133.18 19. Maike: 192.168.133.19 20. Rossella: 192.168.133.20 21. Sandra: 192.168.133.21 22. Robert: 192.168.133.22 23. Dyan: 192.168.133.23 24. Mauno: 192.168.133.24 25. Kuuno: 192.168.133.25 26. Ronny: 192.168.133.26 27. Truls: 192.168.133.27 28. Anis: 192.168.133.28 29. Roman: 192.168.133.29 30. Predrag: 192.168.133.30 31. Tamara: 192.168.133.31 32. Rait: 192.168.133.32 33. Eerik: 192.168.133.33 34. Allan: 192.168.133.34 35. Uko: 192.168.133.35 36. Kristi: 192.168.133.36 37. Kaspar: 192.168.133.37
Accessing BackTrack VM
- After the VPN has been correctly setup, the students can access BackTrack VMs over SSH or VNC
- Command line access: ssh root@192.168.133.X
- Obviously, X denotes the number that has been allocated for specific student.
- Default password is toor.
- X11 session redirected over SSH
- ssh -X -C root@192.168.133.X
- Now you can start programs with GUI e.g. konqueror &, firefox &. Note that it could be relatively slow.
- VNC for graphical user interface
- Log into BackTrack VM over SSH and start vncserver: vncserver -geometry 1280x800
- Obviously, the geometry specifies the screen size, adjust it according to your monitor
- When executing vncserver first time, you will be asked for a password. This password just protects access to the display of your machine. Choose password that you prefer. The password file is /home/user/.vnc/passwd. If you would like to change the password, just remove that file and start vncserver again.
- If you need to kill any vncserver instances: vncserver -kill :1. This kills X desktop number 1.
- To access the display use vncviewer on your machine (not on the BackTrack): vncviewer 192.168.133.X:1. Number 1 expresses the display number.
Course Management Application
- Mission and task descriptions as well as scoreboard will be displayed over simple web application located here: https://cma.ex/ (https://192.168.136.5)
- You have to use your BackTrack5 virtual machine to access it!
- Presentation slides are available here (http!): http://cma.ex/files (http://192.168.136.5/files/)
- Register a new user account. Username will be displayed on the scoreboard - this can be something anonymous
- First and Last Name will be used to track if you have participated in the lab - these have to be real.
- NB! Please, do not hack the scoreboard! If you find any vulnerabilities, report them to the instructor and you'll get bonus.
Practical Tasks
Task Descriptions
- As described previously, the task descriptions will be provided using simple web application which is accessible from your BackTrack VM:
- There is no password recovery functionality. If you forgot your password you have to contact the instructor for a reset.
- Please read the description of the task carefully. When specifying targets (IP addresses, domain names) avoid making typos.
Hints
- When you do not have a good idea where to start or how to proceed, use the hints. There are specific buttons on the web application for that: Hints++ and Hints--
- Usually, the hints cost you points. The application will describe how many points the specific hint cost. After that you have to specifically confirm that you really want to use the hint.
- In terms of final grade for the course it is only important that you have accomplished the task. The amount of points you get for a task does not influence the grade. However, you should still firstly try to finish the task on your own and take the hints if you really do not know what to do...
- Sometimes the first hint does not cost anything. This will be said in task description. In this case you should always use the first hint to avoid wasting your time.
Lab Report
- For every Task under each Mission you have to provide a short description of how did you solve it. Basically, you have to take notes and provide it in the end of the course to the instructor.
- Which tools did you use to solve the task?
- Which commands with which options did you executed?
- If the target was a web application, what requests did you send to the target to accomplish the mission?
Problems
- The lab was initially designed for instructor led courses and not for solving the tasks individually by accessing the lab remotely. During this course there are too many persons in the classroom to do effective lab work, not enough computers, and not enough time.
- Unfortunately, there is no interface for you to reset the lab machines.
- If you accidentally shut down your BackTrack VM or crash some of the targets you have to contact the instructor. We apologize for inconvenience.
- However, always firstly make sure the problem is not on your side. We see surprisingly often students just starting to execute commands without exactly understanding what they have to do...