CBR $203$ A $$ Linux, Application Security and Cryptography

Challenge $-$ Infiltration

Introduction

Objective

Infiltration $-$ The object of this next challenge is to gain access to the User network from the DEV network.

Overview

Level $$ Intermediate

Skills Needed $-$ Network Fundamentals, Password Cracking, Metasploit, Linux

Goal $-$ Gain access to the User network using brute force password cracking and enumeration.

Known Networks $192\mathrm{.}168\mathrm{.}1\mathrm{.}0/24,10\mathrm{.}10\mathrm{.}10\mathrm{.}8/29,10\mathrm{.}10\mathrm{.}30\mathrm{.}16/28$

Tools Used $$ Nmap, Metasploit, Hydra, ProxyChains, net$($Windows CLI utility$).$ Open Infosec Challenge Infiltration

$2.$ Create a Document to post to Canvas

$3.$ Add the list of open ports, protocols, operating system, and application information

to your document $($i$.$e$.,$ as much information as you can find $$ You may find that all

ports are closed on $192\mathrm{.}168\mathrm{.}1\mathrm{.}33)$

$4.$ Use Reverse TCP exploit to gain access to $192\mathrm{.}168\mathrm{.}1\mathrm{.}33$

$5.$ Once you gain access, ls the files in the directory and post a screenshot to your

document

$6.$ Find the three flags in each user$$s home directory

$7.$ List all the running processes on $192\mathrm{.}168\mathrm{.}1\mathrm{.}33$

$8.$ Find out who you are logged in as $/$ Find the last time root was logged in

Anything from this point is extra credit

$1.$ Attempt to find users, groups, and encrypted passwords

$2.$ Run Nmap from within Metasploit

$3.$ Find devfs server Shares

$4.$ Find anything else of interest and add it to your document

$5.$ Post your Document to Canvas

Challenge $-$ Infiltration

Challenge

Start the lab by clicking the Start button and when the environment is ready, log into the virtual machine with the below credentials.

Username: student

Password: @ttck$3$r

Use multi$/$handler in metasploit to catch a reverse connection on port $9000.$ This connects to the DEV network where the challenge starts.

Challenge #$1$

Challenge #$2$

What is the flag hidden in Junior's account folder?

Skip

Challenge #$3$

What is the flag hidden in Maxine's folder?

Skip

Challenge #$4$

What is the flag on the file server share?

Skip

Challenge #$5$

What is the flag in the account home folder of the machine on the user network?