This VM quest is based on the Dr. Who television series. This scenario works for the...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
This VM quest is based on the Dr. Who television series. This scenario works for the 12th Doctor (Peter Capaldi). So that Whovians don't get an advantage, here is the cast of characters. All you need to know is who is good and who is evil. . Dr. Who, or the Doctor. The hero. Clara Oswald. The Doctor's traveling companion and co-hero. Tardis. The Doctor's time and space travel ship. Davros. Evil mad scientist who created the Dalek race of cyborgs. .Dalek. Evil cyborgs. Skaros. Home planet of the Daleks. The VM you need on the Virginia Cyber Range and is named "Linux Dr Who Adventure BRCC." The VM you need on the Virginia Cyber Range and is named "Linux Dr Who Adventure BRCC." There are two VMs there; we will use the desktop.example.com until the very end, when we return to use the terminal. Start the Primary Machine, desktop.example.com. Dr. Who Linux Adventure BRCC TONO Secumentation Manage 1:29,44,3 LTS (SMUILLAN 5.8-9-1942-bvs 485_34) tas://lasha.com Mtps://landscape.camnice.com Systen ernaaof The 340 2 13/04/17 TC 2921 feston d Processes Viers Segad DHE Press for 4: 16.1.30.11 Last Jagi: Thu Sep 2:33:44:10 2621 from 18.1.3.221 tel Description This is a ctf/scavenger hunt for my BRCC class. As part of the hunt you will attain root, but at the beginning the account, student, has no extended privileges yorkj@emaill.vccs.edu for the document that goes with it. This environment contains two minimal installs of Ubuntu Linux with no network level controls blocking communication between them. The desktop machine an XFCE GUI, and is where you will do your work. The terminal machine (terminal.example.com) has only SSH access. It is used at the end to test the evil bar These environments are configured to automatically log in users. H File 5 U AutoSave On t Linux test1. Saved Undo Home Paste Insert Draw Design Layout X Cut Copy Format Painter Clipboard Page 4 of 11 1640 words 68F Mostly cloudy 8 G References Mailings Review A^ A Aa P Times New Roman 16 B I U ab X Font x ADA 5 General All Employees (unrestricted) Text Predictions: On View Help 13-16 2 = = = =+ Paragraph Search (Alt+Q) T G Iarais. Ine Doctor's time and space travel snip. Davros. Evil mad scientist who created the Dalek race of cyborgs. .Dalek. Evil cyborgs. Skaros. Home planet of the Daleks. Details Availability desktop.example.com. Dr. Who Linux Adventure BRCC c Primary Machine Normal The VM you need on the Virginia Cyber Range and is named Linux Dr Who Adventure BRCC." The VM you need on the Virginia Cyber Range and is named "Linux Dr Who Adventure BRCC." There are two VMs there; we will use the desktop.example.com until the very end, when we return to use the terminal. Start the Primary Machine, Other Machines No Spacing desktop.example.com Accessibility: Investigate Heading 1 terminal.example.com Description This is a ctf/scavenger hunt for my BRCC class. As part of the hunt you will attain root, but at the beginning the account, student, has no extended privileges yorkj@email.vccs.edu for the document that goes with it. Monday, August 2, 2021 12:00 AM UTC Styles This environment contains two minimal installs of Ubuntu Linux with no network level controls blocking communication between them. The desktop machine an XFCE GUI, and is where you will do your work. The terminal machine (terminal.example.com) has only SSH access. It is used at the end to test the evil bar These environments are configured to automatically log in users. The default username/password is student/student. Heading 2 Mps://andscape.canonical.com Systen Information as of The Sep 2:13:04:17 UTC 2021 of 7,68 for th: 18.1.99.111 Last Topin: The Sep 2. 13:04/10 2021 from 10.1.3.221 rsday, December 16, 2021 11:59 PM UTC iday, August 2, 2021 11:06 PM UTC en Reader in Ubuntu 20.04 Desktop - Orca: ctrl-shift+| keyboard shortcut wond for both VM- in stradantlatsidant Heading 3 Title Find Replace Select Editing Rawand Adam Dictate A Read Aloud Focus Comments Voice Sensitivity Editing Editor Reuse Files Sensitivity Editor Reuse Fi.... Te Share 100% 4:02 PM 11/1/2022 H File 5 U AutoSave On t Linux test1. Saved Undo Home Paste Insert Draw Design Layout X Cut Copy Format Painter Clipboard Page 5 of 11 1640 words 68F Mostly cloudy 8 G References Mailings Review Times New Roman B I U ab 16 X Font View Help A^ A Aa P 15-16 a= x ADA EAT Paragraph Search (Alt+Q) Other Machines desktop.example.com G terminal.example.com Normal No Spacing Heading 1 General All Employees (unrestricted) Text Predictions: On Accessibility: Investigate Styles Heading 2 The username/password for both VMs is student/student. 1) What users can run a terminal in the VM? (Hint: There's a standard file in Linux that lists all the users; it also lists the user's terminal. If the terminal is listed as "nologin", "sync", "false", or "halt", that user can't run a terminal.) 2) Clara always forgets her password, so she had the Doctor save it in a file called Danny (her boyfriend's name is Danny Pink.) She forgot where the file is, so you'll have to find it for her. (Hint: the find command will help.) What is Clara's password? (Hint: if the command gives so many errors that you can't find the file, you can: pipe the output to less; use the technique in the files lesson to redirect the errors to a place where they won't bother you; or pipe the output to something that searches for Danny.) 3) The Doctor created a directory /home/tardis. a. Who is the owner and what is the group for that directory? What permissions are assigned? b. Log in as, or switch user to clara. Can she read the Tardis Manual in /home/tardis? Can she write files? (Hint: if clara can read files try to create a file in that directory to see if she has write privileges.) c. Look at the permissions on /home/tardis/TardisManual. Why does clara have the rights she does? Heading 3 Title Find Replace Select Editing Rawand Adam Dictate A Read Aloud Focus Comments Voice Sensitivity Editing Editor Reuse Files Sensitivity Editor Reuse Fi.... Te Share 100% 4:02 PM 11/1/2022 H File 5 U AutoSave On t Linux test1. Saved Undo Home Paste Insert Draw Design Layout X Cut Copy Format Painter Clipboard Page 6 of 11 1640 words 68F Mostly cloudy 8 G Times New Roman 16 U ab B I References X Mailings Review A^ A Aa P x ADA Font General All Employees (unrestricted) Text Predictions: On View Help 13-16 a- === Paragraph Search (Alt+Q) T Normal No Spacing Heading 1 Accessibility: Investigate Styles Heading 2 d. Using the clara user, read the Tardis manual. How do you make the Tardis take off? 4) The Doctor can't remember passwords either. He is in the habit of emailing his password to himself so he can find it later. He thinks it is clever to use the password as the From: address. Usually it looks like From: @tardis.com and To:doctor@tardis.com. There is a large SMTP log file in /var/log/smtp. It would take a long time to page through the entire file, but you should be able to find the password with one simple command. (Don't let it bother you that the SMTP log file is from a Windows server but is stored on an Ubuntu machine. Weird things happen when the Doctor is involved.) a. What is the Doctor's password? 5) Since the Doctor is the hero, he should have root access. Log in as doctor and see if he does. How does the Doctor access his privileges? (Hint: remember there are two ways, and both start with "su". Try both and see if they work.) 6) Now that you have root access using the Doctor's account, let's go back and look at the users again. Examine /etc/shadow, and determine which of the users you found in step 1) can actually log in. (Hint: they need a valid hash. An '!' in the position for the hash means the account is disabled, and an **' means no password has ever been set for that account. Valid hashes are usually long.) 7) Davros tried to create a service that runs when the machine changes run levels. He used the old SysV method for creating services. Can you find it? (Hint: Where are scripts for services Heading 3 Title Find Replace Select Editing Rawand Adam Dictate A Read Aloud Focus Comments Voice Sensitivity Editing Editor Reuse Files Sensitivity Editor Reuse Fi.... Te Share 100% 4:02 PM 11/1/2022 H File 5 U AutoSave On t Linux test1. Saved Undo Home Paste Insert Draw Design Layout References Mailings Review X Cut Copy Format Painter Clipboard Page 7 of 11 1640 words 68F Mostly cloudy 8 G Times New Roman 16 U ab B I X Font A^ A Aa P x ADA General All Employees (unrestricted) Text Predictions: On View Help 13-16 a- Paragraph Search (Alt+Q) T R Accessibility: Investigate Normal No Spacing Heading 1 Styles Heading 2 7) Davros tried to create a service that runs when the machine changes run levels. He used the old SysV method for creating services. Can you find it? (Hint: Where are scripts for services put in SysV? Hint: Look for filenames that might be relevant to this scenario.) What is the full path to the file he made? What are the contents of the file, or, what happens when the student user executes the file? (The answer to this question is a strong hint for the next question.) 8) The Doctor says the root password should be the same as his password, but it's not. It appears Davros has changed it. Can you guess the root password? What is it? (Hint: see the answer for question 7 and look for something that is repeated.) 9) Davros was successful in installing a back door that is listening to the network. Use the techniques you learned in the lab on unnecessary services to find it. Note: the open TCP ports 3350 and 3389 are what VA Cyber Range uses to give you a GUI connection to your VM, and VACR uses SSH on TCP 22 as well. Don't mess with them. a. Is there a suspicious port open? b. What is the process ID (PID)? c. What file or command opened the suspicious port? 10) For fun, let's be Davros and use his back door. There is a second VM in this environment called terminal that we can use to connect to Davros' back door on the main VM. To access the second VM, go back to the VACR page for the Dr. Who Linux Heading 3 Title Find Replace Select Editing Rawand Adam Dictate A Read Aloud Focus Comments Voice Sensitivity Editing Editor Reuse Files Sensitivity Editor Reuse Fi.... Te Share 100% 4:02 PM 11/1/2022 H File 5 U AutoSave On t Linux test1. Saved Undo Home Paste Insert Draw Design Layout X Cut Copy Format Painter Clipboard Page 8 of 11 1640 words 68F Mostly cloudy 8 G References Mailings Review A^ A Aa P Times New Roman 16 B I U ab X Font x ADA 5 General All Employees (unrestricted) Text Predictions: On View Help 15-16 a = = = =+ Paragraph Details Availability Search (Alt+Q) C Primary Machine A T Styles c. What file or command opened the suspicious port? 10) For fun, let's be Davros and use his back door. There is a second VM in this environment called terminal that we can use to connect to Davros' back door on the main VM. To access the second VM, go back to the VACR page for the Dr. Who Linux Adventure and start terminal.example.com. It will open a new tab in your browser with the new VM. Dr. Who Linux Adventure BRCC Other Machines Description This is a ctf/scavenger hunt for my BRCC class. As part of the hunt you will attain root, but at the beginning the account, student, has no extended privileges. Contact yorkj@email.vccs.edu for the document that goes with it Normal desktop.example.com No Spacing This environment contains two minimal installs of Ubuntu Linux with no network level controls blocking communication between them. The desktop machine (desktop.example.com) has an XFCE GUI, and is where you will do your work. The terminal machine (terminal.example.com) has only SSH access. It is used at the end to test the evil backdoor that Davros installed. These environments are configured to automatically log in users. The default username/password is student/student. Accessibility: Investigate Heading 1 terminal.example.com Heading 2 Monday, August 2, 2021 12:00 AM UTC rsday, December 16, 2021 11:59 PM UTC iday, August 2, 2021 11:06 PM UTC en Reader in Ubuntu 20.04 Desktop-Orca: ctrl-shift+ keyboard shortcut https://landscape.canonical.com https://ubuntu.com/advantage Heading 3 console.virginiacyberrange.net/range/#/client/Zjg1 NGUONjgtODNiNy00ZjM5LThjNjEtYWFjMDFIOTQxNDY2L2Y0MTMxZTk2LV Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.8.0-1042-aws x86_64) *Documentation: https://help.ubuntu.com * Management: * Support: Title Find Replace Select Editing Rawand Adam Dictate A Read Aloud Focus Comments Voice Sensitivity Editing Editor Reuse Files Sensitivity Editor Reuse Fi.... Te Share 100% 4:02 PM 11/1/2022 H File 5 U AutoSave On t Linux test1. Saved Undo Home Paste Insert Draw Design Layout X Cut Copy Format Painter Clipboard Page 9 of 11 1640 words 68F Mostly cloudy 8 G References Times New Roman 16 B I U ab X Font Mailings Review A^ A Aa P x ADA General All Employees (unrestricted) Text Predictions: On View Help 15-16 22 E ALT = = = =+ Paragraph Search (Alt+Q) G Normal No Spacing Accessibility: Investigate Heading 1 Last login: Wed Sep 22 20:43:02 2021 from 10.1.1.188 student@terminal:-$|| Styles Heading 2 The image above shows the new, or audit VM. We want to use the terminal VM to connect to Davros' backdoor on the main VM. To do that we will use nc (netcat), but first we will need to know: 11) a. The IP address of the main VM. The command, ip address, may help. Hint: If you are choosing between addresses, it is not 127.0.0.1; that's the loopback address.) b. The port that Davros' back door listens on. (You should have found that in step 9.) Once you have the information, enter the command below on the audit VM. The audit VM is the one with the blue title bar where you connected with SSH. The output of its hostname command was audit.example.com. nc [ip address of main VM] [port that Davros' back door listens on] Here's an example, but with the wrong IP (10.0.0.1) and port (1234) nc 10.0.0.1 1234 Last login: Wed Sep 22 20:43:02 2021 from 10.1.1.188 student@terminal:~$ nc 10. If the command gives no output, don't panic! Davros' back Heading 3 Title N Find Replace Select Editing Rawand Adam Dictate A Read Aloud Focus Comments Voice Sensitivity Editing Editor Reuse Files Sensitivity Editor Reuse Fi.... Te Share 100% 4:03 PM 11/1/2022 H File 5 U AutoSave On t Linux test1. Saved Undo Home Paste Insert Draw Design Layout X Cut Copy Format Painter Clipboard Page 10 of 11 1640 words 68F Mostly cloudy & G References Times New Roman B I U ab 16 X Mailings Review A^ A Aa P x ADA Font View Help 13-16 a- General All Employees (unrestricted) Text Predictions: On = = = =+ Paragraph Search (Alt+Q) Accessibility: Investigate T G Normal No Spacing Styles If the command gives no output, don't panic! Davros back door is a shell, not a terminal/console. It does not give you a prompt (ex. student@ip-10-1-169-80:~$). However, if you type a command, you should get a response. In the image below, I typed hostname, and the backdoor responded with ip-10-1-169-80. hostname student@terminal:~$ nc 10. desktop.example.com Heading 1 Heading 2 Try other commands for basic exploration, like pwd (show the current directory, or print working directory) whoami (show the user I'm logged in as) uname -a (show all the info about the Unix version) ls You can also mess around with changing directories, executing programs, or whatever you want. GUI programs and nano will not work, though. When you are finished, you can type exit or hit control-C to get your prompt back on the audit VM. The answer to this question is a screenshot of the audit VM terminal with the response to the hostname command from Davros' back door, just like the image above (without the whiteout, though :-) 12) (Extra Credit) If you kill the back-door process, you should find that it will restart within 5 minutes. Can you (and your friend Google) find something that would cause an application to restart every 5 minutes? Heading 3 Title Find Replace Select Editing Rawand Adam Dictate A Read Aloud Focus Comments Voice Sensitivity Sensitivity Te Editing Share Editor Reuse Files Editor Reuse Fi.... 1 100% 4:03 PM 11/1/2022 This VM quest is based on the Dr. Who television series. This scenario works for the 12th Doctor (Peter Capaldi). So that Whovians don't get an advantage, here is the cast of characters. All you need to know is who is good and who is evil. . Dr. Who, or the Doctor. The hero. Clara Oswald. The Doctor's traveling companion and co-hero. Tardis. The Doctor's time and space travel ship. Davros. Evil mad scientist who created the Dalek race of cyborgs. .Dalek. Evil cyborgs. Skaros. Home planet of the Daleks. The VM you need on the Virginia Cyber Range and is named "Linux Dr Who Adventure BRCC." The VM you need on the Virginia Cyber Range and is named "Linux Dr Who Adventure BRCC." There are two VMs there; we will use the desktop.example.com until the very end, when we return to use the terminal. Start the Primary Machine, desktop.example.com. Dr. Who Linux Adventure BRCC TONO Secumentation Manage 1:29,44,3 LTS (SMUILLAN 5.8-9-1942-bvs 485_34) tas://lasha.com Mtps://landscape.camnice.com Systen ernaaof The 340 2 13/04/17 TC 2921 feston d Processes Viers Segad DHE Press for 4: 16.1.30.11 Last Jagi: Thu Sep 2:33:44:10 2621 from 18.1.3.221 tel Description This is a ctf/scavenger hunt for my BRCC class. As part of the hunt you will attain root, but at the beginning the account, student, has no extended privileges yorkj@emaill.vccs.edu for the document that goes with it. This environment contains two minimal installs of Ubuntu Linux with no network level controls blocking communication between them. The desktop machine an XFCE GUI, and is where you will do your work. The terminal machine (terminal.example.com) has only SSH access. It is used at the end to test the evil bar These environments are configured to automatically log in users. H File 5 U AutoSave On t Linux test1. Saved Undo Home Paste Insert Draw Design Layout X Cut Copy Format Painter Clipboard Page 4 of 11 1640 words 68F Mostly cloudy 8 G References Mailings Review A^ A Aa P Times New Roman 16 B I U ab X Font x ADA 5 General All Employees (unrestricted) Text Predictions: On View Help 13-16 2 = = = =+ Paragraph Search (Alt+Q) T G Iarais. Ine Doctor's time and space travel snip. Davros. Evil mad scientist who created the Dalek race of cyborgs. .Dalek. Evil cyborgs. Skaros. Home planet of the Daleks. Details Availability desktop.example.com. Dr. Who Linux Adventure BRCC c Primary Machine Normal The VM you need on the Virginia Cyber Range and is named Linux Dr Who Adventure BRCC." The VM you need on the Virginia Cyber Range and is named "Linux Dr Who Adventure BRCC." There are two VMs there; we will use the desktop.example.com until the very end, when we return to use the terminal. Start the Primary Machine, Other Machines No Spacing desktop.example.com Accessibility: Investigate Heading 1 terminal.example.com Description This is a ctf/scavenger hunt for my BRCC class. As part of the hunt you will attain root, but at the beginning the account, student, has no extended privileges yorkj@email.vccs.edu for the document that goes with it. Monday, August 2, 2021 12:00 AM UTC Styles This environment contains two minimal installs of Ubuntu Linux with no network level controls blocking communication between them. The desktop machine an XFCE GUI, and is where you will do your work. The terminal machine (terminal.example.com) has only SSH access. It is used at the end to test the evil bar These environments are configured to automatically log in users. The default username/password is student/student. Heading 2 Mps://andscape.canonical.com Systen Information as of The Sep 2:13:04:17 UTC 2021 of 7,68 for th: 18.1.99.111 Last Topin: The Sep 2. 13:04/10 2021 from 10.1.3.221 rsday, December 16, 2021 11:59 PM UTC iday, August 2, 2021 11:06 PM UTC en Reader in Ubuntu 20.04 Desktop - Orca: ctrl-shift+| keyboard shortcut wond for both VM- in stradantlatsidant Heading 3 Title Find Replace Select Editing Rawand Adam Dictate A Read Aloud Focus Comments Voice Sensitivity Editing Editor Reuse Files Sensitivity Editor Reuse Fi.... Te Share 100% 4:02 PM 11/1/2022 H File 5 U AutoSave On t Linux test1. Saved Undo Home Paste Insert Draw Design Layout X Cut Copy Format Painter Clipboard Page 5 of 11 1640 words 68F Mostly cloudy 8 G References Mailings Review Times New Roman B I U ab 16 X Font View Help A^ A Aa P 15-16 a= x ADA EAT Paragraph Search (Alt+Q) Other Machines desktop.example.com G terminal.example.com Normal No Spacing Heading 1 General All Employees (unrestricted) Text Predictions: On Accessibility: Investigate Styles Heading 2 The username/password for both VMs is student/student. 1) What users can run a terminal in the VM? (Hint: There's a standard file in Linux that lists all the users; it also lists the user's terminal. If the terminal is listed as "nologin", "sync", "false", or "halt", that user can't run a terminal.) 2) Clara always forgets her password, so she had the Doctor save it in a file called Danny (her boyfriend's name is Danny Pink.) She forgot where the file is, so you'll have to find it for her. (Hint: the find command will help.) What is Clara's password? (Hint: if the command gives so many errors that you can't find the file, you can: pipe the output to less; use the technique in the files lesson to redirect the errors to a place where they won't bother you; or pipe the output to something that searches for Danny.) 3) The Doctor created a directory /home/tardis. a. Who is the owner and what is the group for that directory? What permissions are assigned? b. Log in as, or switch user to clara. Can she read the Tardis Manual in /home/tardis? Can she write files? (Hint: if clara can read files try to create a file in that directory to see if she has write privileges.) c. Look at the permissions on /home/tardis/TardisManual. Why does clara have the rights she does? Heading 3 Title Find Replace Select Editing Rawand Adam Dictate A Read Aloud Focus Comments Voice Sensitivity Editing Editor Reuse Files Sensitivity Editor Reuse Fi.... Te Share 100% 4:02 PM 11/1/2022 H File 5 U AutoSave On t Linux test1. Saved Undo Home Paste Insert Draw Design Layout X Cut Copy Format Painter Clipboard Page 6 of 11 1640 words 68F Mostly cloudy 8 G Times New Roman 16 U ab B I References X Mailings Review A^ A Aa P x ADA Font General All Employees (unrestricted) Text Predictions: On View Help 13-16 a- === Paragraph Search (Alt+Q) T Normal No Spacing Heading 1 Accessibility: Investigate Styles Heading 2 d. Using the clara user, read the Tardis manual. How do you make the Tardis take off? 4) The Doctor can't remember passwords either. He is in the habit of emailing his password to himself so he can find it later. He thinks it is clever to use the password as the From: address. Usually it looks like From: @tardis.com and To:doctor@tardis.com. There is a large SMTP log file in /var/log/smtp. It would take a long time to page through the entire file, but you should be able to find the password with one simple command. (Don't let it bother you that the SMTP log file is from a Windows server but is stored on an Ubuntu machine. Weird things happen when the Doctor is involved.) a. What is the Doctor's password? 5) Since the Doctor is the hero, he should have root access. Log in as doctor and see if he does. How does the Doctor access his privileges? (Hint: remember there are two ways, and both start with "su". Try both and see if they work.) 6) Now that you have root access using the Doctor's account, let's go back and look at the users again. Examine /etc/shadow, and determine which of the users you found in step 1) can actually log in. (Hint: they need a valid hash. An '!' in the position for the hash means the account is disabled, and an **' means no password has ever been set for that account. Valid hashes are usually long.) 7) Davros tried to create a service that runs when the machine changes run levels. He used the old SysV method for creating services. Can you find it? (Hint: Where are scripts for services Heading 3 Title Find Replace Select Editing Rawand Adam Dictate A Read Aloud Focus Comments Voice Sensitivity Editing Editor Reuse Files Sensitivity Editor Reuse Fi.... Te Share 100% 4:02 PM 11/1/2022 H File 5 U AutoSave On t Linux test1. Saved Undo Home Paste Insert Draw Design Layout References Mailings Review X Cut Copy Format Painter Clipboard Page 7 of 11 1640 words 68F Mostly cloudy 8 G Times New Roman 16 U ab B I X Font A^ A Aa P x ADA General All Employees (unrestricted) Text Predictions: On View Help 13-16 a- Paragraph Search (Alt+Q) T R Accessibility: Investigate Normal No Spacing Heading 1 Styles Heading 2 7) Davros tried to create a service that runs when the machine changes run levels. He used the old SysV method for creating services. Can you find it? (Hint: Where are scripts for services put in SysV? Hint: Look for filenames that might be relevant to this scenario.) What is the full path to the file he made? What are the contents of the file, or, what happens when the student user executes the file? (The answer to this question is a strong hint for the next question.) 8) The Doctor says the root password should be the same as his password, but it's not. It appears Davros has changed it. Can you guess the root password? What is it? (Hint: see the answer for question 7 and look for something that is repeated.) 9) Davros was successful in installing a back door that is listening to the network. Use the techniques you learned in the lab on unnecessary services to find it. Note: the open TCP ports 3350 and 3389 are what VA Cyber Range uses to give you a GUI connection to your VM, and VACR uses SSH on TCP 22 as well. Don't mess with them. a. Is there a suspicious port open? b. What is the process ID (PID)? c. What file or command opened the suspicious port? 10) For fun, let's be Davros and use his back door. There is a second VM in this environment called terminal that we can use to connect to Davros' back door on the main VM. To access the second VM, go back to the VACR page for the Dr. Who Linux Heading 3 Title Find Replace Select Editing Rawand Adam Dictate A Read Aloud Focus Comments Voice Sensitivity Editing Editor Reuse Files Sensitivity Editor Reuse Fi.... Te Share 100% 4:02 PM 11/1/2022 H File 5 U AutoSave On t Linux test1. Saved Undo Home Paste Insert Draw Design Layout X Cut Copy Format Painter Clipboard Page 8 of 11 1640 words 68F Mostly cloudy 8 G References Mailings Review A^ A Aa P Times New Roman 16 B I U ab X Font x ADA 5 General All Employees (unrestricted) Text Predictions: On View Help 15-16 a = = = =+ Paragraph Details Availability Search (Alt+Q) C Primary Machine A T Styles c. What file or command opened the suspicious port? 10) For fun, let's be Davros and use his back door. There is a second VM in this environment called terminal that we can use to connect to Davros' back door on the main VM. To access the second VM, go back to the VACR page for the Dr. Who Linux Adventure and start terminal.example.com. It will open a new tab in your browser with the new VM. Dr. Who Linux Adventure BRCC Other Machines Description This is a ctf/scavenger hunt for my BRCC class. As part of the hunt you will attain root, but at the beginning the account, student, has no extended privileges. Contact yorkj@email.vccs.edu for the document that goes with it Normal desktop.example.com No Spacing This environment contains two minimal installs of Ubuntu Linux with no network level controls blocking communication between them. The desktop machine (desktop.example.com) has an XFCE GUI, and is where you will do your work. The terminal machine (terminal.example.com) has only SSH access. It is used at the end to test the evil backdoor that Davros installed. These environments are configured to automatically log in users. The default username/password is student/student. Accessibility: Investigate Heading 1 terminal.example.com Heading 2 Monday, August 2, 2021 12:00 AM UTC rsday, December 16, 2021 11:59 PM UTC iday, August 2, 2021 11:06 PM UTC en Reader in Ubuntu 20.04 Desktop-Orca: ctrl-shift+ keyboard shortcut https://landscape.canonical.com https://ubuntu.com/advantage Heading 3 console.virginiacyberrange.net/range/#/client/Zjg1 NGUONjgtODNiNy00ZjM5LThjNjEtYWFjMDFIOTQxNDY2L2Y0MTMxZTk2LV Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.8.0-1042-aws x86_64) *Documentation: https://help.ubuntu.com * Management: * Support: Title Find Replace Select Editing Rawand Adam Dictate A Read Aloud Focus Comments Voice Sensitivity Editing Editor Reuse Files Sensitivity Editor Reuse Fi.... Te Share 100% 4:02 PM 11/1/2022 H File 5 U AutoSave On t Linux test1. Saved Undo Home Paste Insert Draw Design Layout X Cut Copy Format Painter Clipboard Page 9 of 11 1640 words 68F Mostly cloudy 8 G References Times New Roman 16 B I U ab X Font Mailings Review A^ A Aa P x ADA General All Employees (unrestricted) Text Predictions: On View Help 15-16 22 E ALT = = = =+ Paragraph Search (Alt+Q) G Normal No Spacing Accessibility: Investigate Heading 1 Last login: Wed Sep 22 20:43:02 2021 from 10.1.1.188 student@terminal:-$|| Styles Heading 2 The image above shows the new, or audit VM. We want to use the terminal VM to connect to Davros' backdoor on the main VM. To do that we will use nc (netcat), but first we will need to know: 11) a. The IP address of the main VM. The command, ip address, may help. Hint: If you are choosing between addresses, it is not 127.0.0.1; that's the loopback address.) b. The port that Davros' back door listens on. (You should have found that in step 9.) Once you have the information, enter the command below on the audit VM. The audit VM is the one with the blue title bar where you connected with SSH. The output of its hostname command was audit.example.com. nc [ip address of main VM] [port that Davros' back door listens on] Here's an example, but with the wrong IP (10.0.0.1) and port (1234) nc 10.0.0.1 1234 Last login: Wed Sep 22 20:43:02 2021 from 10.1.1.188 student@terminal:~$ nc 10. If the command gives no output, don't panic! Davros' back Heading 3 Title N Find Replace Select Editing Rawand Adam Dictate A Read Aloud Focus Comments Voice Sensitivity Editing Editor Reuse Files Sensitivity Editor Reuse Fi.... Te Share 100% 4:03 PM 11/1/2022 H File 5 U AutoSave On t Linux test1. Saved Undo Home Paste Insert Draw Design Layout X Cut Copy Format Painter Clipboard Page 10 of 11 1640 words 68F Mostly cloudy & G References Times New Roman B I U ab 16 X Mailings Review A^ A Aa P x ADA Font View Help 13-16 a- General All Employees (unrestricted) Text Predictions: On = = = =+ Paragraph Search (Alt+Q) Accessibility: Investigate T G Normal No Spacing Styles If the command gives no output, don't panic! Davros back door is a shell, not a terminal/console. It does not give you a prompt (ex. student@ip-10-1-169-80:~$). However, if you type a command, you should get a response. In the image below, I typed hostname, and the backdoor responded with ip-10-1-169-80. hostname student@terminal:~$ nc 10. desktop.example.com Heading 1 Heading 2 Try other commands for basic exploration, like pwd (show the current directory, or print working directory) whoami (show the user I'm logged in as) uname -a (show all the info about the Unix version) ls You can also mess around with changing directories, executing programs, or whatever you want. GUI programs and nano will not work, though. When you are finished, you can type exit or hit control-C to get your prompt back on the audit VM. The answer to this question is a screenshot of the audit VM terminal with the response to the hostname command from Davros' back door, just like the image above (without the whiteout, though :-) 12) (Extra Credit) If you kill the back-door process, you should find that it will restart within 5 minutes. Can you (and your friend Google) find something that would cause an application to restart every 5 minutes? Heading 3 Title Find Replace Select Editing Rawand Adam Dictate A Read Aloud Focus Comments Voice Sensitivity Sensitivity Te Editing Share Editor Reuse Files Editor Reuse Fi.... 1 100% 4:03 PM 11/1/2022
Expert Answer:
Related Book For
Quantitative Methods for Business
ISBN: 978-0324651751
11th Edition
Authors: David Anderson, Dennis Sweeney, Thomas Williams, Jeffrey cam
Posted Date:
Students also viewed these computer network questions
-
Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...
-
Adam Hoover bought 72 shares of General Oil Co. stock at a par value of $85 per share. The stock paid annual dividends of 7 1/2%. How much did Adam receive in dividends this year? Commissions 0. Mrs....
-
A recent engineering graduate intends to purchase a new car. He plans to pay $2000 down and to finance the balance over a Cyear period. The maximum amount that he can repay each month is $200. What...
-
If a Saturn V rocket with an Apollo spacecraft attached had a combined mass of 2.9 x 105 kg and reached a speed of 2.9 x 105 km/s, how much kinetic energy would it then have?
-
The main constituent of \(\mathrm{CNG}\) is: (a) Methane (b) Butane (c) Hydrogen (d) Propane
-
On November 30, 2007, Feiner Company announced its plans to discontinue the operations of Division P (a component of the company) by selling the division. On December 31, 2007, Division P had not yet...
-
The big hope housing company uses a predetermined overhead rate to allocate overhead based on Direct Labor cost. This years budget includes Overhead equal to $500,000 and Direct Labor cost of...
-
Use the functions f(x) a. f(9) b. f(-7): c. g(8) = d. g(-2): e. g(a) Hint: = = 15 4x and g(x) = 4x + x + 3 to evaluate the following:
-
Pacific and Atlantic are all-equity firms. Pacific has 9,000 shares outstanding at a market price of $49.80 a share. Atlantic has 4,500 shares outstanding at a price of $42.50 a share. Pacific is...
-
Determine the deflection at C (in mm). Let P = 27.1 kN, a = 4 m. Use E = 200 GPa, 1 = 70(106) mm. Do not include the sign. A F a P a B. + a C
-
Executives at Southwestern Construction have noticed that the company's construction team in the Phoenix office is more efficient with its resources than the other teams in the Las Vegas, Salt Lake,...
-
You are to PAY 350,000 on March 16. Todays spot rate is $1.15/. The forward rate is $1.18/. On March 16 the spot rate is $1.14/. Futures contracts are for 125,000 each. Q1. How many contracts do you...
-
Given the following figure, calculate the effective vertical stress at points A, B, and C. (10 marks) Datum 8888888888888 2 m Water level at base of clay layer (A) 6-m [ 2 m Dry Sand Ytot 12 kN/m...
-
1. What duties do humans have to the other creatures likely to be affected by our actions? 2. What does sufficiency mean for other creatures, especially those threatened with extinction? 3. What...
-
General Electric Capital, a division of General Electric, uses long-term debt extensively. In a recent year, GE Capital issued $11 billion in long-term debt to investors, then within days filed legal...
-
The Statewide Auto Insurance Company developed the following probability distribution for automobile collision claims paid during the past year: Payment ($) Probability 0 ............ 0.83 500...
-
Micromedia offers computer training seminars on a variety of topics. In the seminars each student works at a personal computer, practicing the particular activity that the instructor is presenting....
-
A perishable dairy product is ordered daily at a particular supermarket. The product, which costs $1.19 per unit, sells for $1.65 per unit. If units are unsold at the end of the day, the supplier...
-
Why might you choose a phone call, an email, a memo, a text message, or a particular social media for a given business message?
-
What are five characteristics of good audience benefits?
-
The Acme Corporation has been planning to acquire Best Products, and Acme employees are worried about how the acquisition will affect them. Ed Zeplin, Acmes human resource manager, has been visiting...
Study smarter with the SolutionInn App