Kali Linux CTF Blueprints : build, test, and customize your own Capture the Flag challenges across multiple platforms designed to be attacked with Kali Linux / Cameron Buchanan.

Format:

Book

Author/Creator:

Buchanan, Cameron, author.

Series:

Community experience distilled.

Community Experience Distilled

Language:

English

Subjects (All):

Computer security.

Computers--Access control.

Computers.

Computer networks--Security measures.

Computer networks.

Physical Description:

1 online resource (190 p.)

Edition:

1st edition

Other Title:

Kali Linux capture the flag blueprints

Place of Publication:

Birmingham, England : [Packt] Publishing, 2014.

Language Note:

English

System Details:

text file

Summary:

Build, test, and customize your own Capture the Flag challenges across multiple platforms designed to be attacked with Kali Linux In Detail As attackers develop more effective and complex ways to compromise computerized systems, penetration testing skills and tools are in high demand. A tester must have varied skills to combat these threats or fall behind. This book provides practical and customizable guides to set up a variety of exciting challenge projects that can then be tested with Kali Linux. Learn how to create, customize, and exploit penetration testing scenarios and assault courses. Start by building flawed fortresses for Windows and Linux servers, allowing your testers to exploit common and not-so-common vulnerabilities to break down the gates and storm the walls. Mimic the human element with practical examples of social engineering projects. Facilitate vulnerable wireless and mobile installations and cryptographic weaknesses, and replicate the Heartbleed vulnerability. Finally, combine your skills and work to create a full red-team assessment environment that mimics the sort of corporate network encountered in the field. What You Will Learn Set up vulnerable services for both Windows and Linux Create dummy accounts for social engineering manipulation Set up Heartbleed replication for vulnerable SSL servers Develop full-size labs to challenge current and potential testers Construct scenarios that can be applied to Capture the Flag style challenges Add physical components to your scenarios and fire USB missile launchers at your opponents Challenge your own projects with a best-practice exploit guide to each scenario

Contents:

Intro

Kali Linux CTF Blueprints

Table of Contents

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Reading guide

A warning

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Microsoft Environments

Creating a vulnerable machine

Securing a machine

Creating a secure network

Basic requirements

Setting up a Linux network

Setting up a Windows network

Hosting vulnerabilities

Scenario 1 - warming Adobe ColdFusion

Setup

Variations

Scenario 2 - making a mess with MSSQL

Scenario 3 - trivializing TFTP

Vulnerabilities

Flag placement and design

Testing your flags

Making the flag too easy

Making your finding too hard

Alternate ideas

Post-exploitation and pivoting

Exploitation guides

Scenario 1 - traverse the directories like it ain't no thing

Scenario 2 - your database is bad and you should feel bad

Scenario 3 - TFTP is holier than the Pope

Challenge modes

Summary

2. Linux Environments

Differences between Linux and Microsoft

The setup

Scenario 1 - learn Samba and other dance forms

Configuration

Testing

Information disclosure

File upload

Scenario 2 - turning on a LAMP

The PHP

Out-of-date versions

Login bypass

SQL injection

Dangerous PHP

PHPMyAdmin

Scenario 3 - destructible distros

Scenario 4 - tearing it up with Telnet

Default credentials

Buffer overflows

Flag placement and design.

Exploitation guides

Scenario 1 - smashing Samba

Scenario 2 - exploiting XAMPP

Scenario 3 - like a privilege

Scenario 4 - tampering with Telnet

3. Wireless and Mobile

Wireless environment setup

Software

Hardware

Scenario 1 - WEP, that's me done for the day

Code setup

Network setup

Scenario 2 - WPA-2

Scenario 3 - pick up the phone

Important things to remember

Scenario 1 - rescue the WEP key

Scenario 2 - potentiating partial passwords

Scenario 3.1 - be a geodude with geotagging

Scenario 3.2 - ghost in the machine or man in the middle

Scenario 3.3 - DNS spoof your friends for fun and profit

4. Social Engineering

Scenario 1 - maxss your haxss

Scenario 2 - social engineering: do no evil

Scenario 3 - hunting rabbits

Core principles

Potential avenues

Connecting methods

Creating an OSINT target

Scenario 4 - I am a Stegosaurus

Visual steganography

Scenario 1 - cookie theft for fun and profit

Scenario 2 - social engineering tips

Scenario 3 - exploitation guide

Scenario 4 - exploitation guide

5. Cryptographic Projects

Crypto jargon

Scenario 1 - encode-ageddon

Generic encoding types

Random encoding types

Scenario 2 - encode + Python = merry hell

Substitution cipher variations

Scenario 3 - RC4, my god, what are you doing?

Implementations

Scenario 4 - Hishashin

Hashing variations

Scenario 5 - because Heartbleed didn't get enough publicity as it is

Scenario 1 - decode-alypse now

Scenario 2 - trans subs and other things that look awkward in your history

Automatic methods

Scenario 3 - was that a 1 or a 0 or a 1?.

Scenario 4 - hash outside of Colorado

Scenario 5 - bleeding hearts

6. Red Teaming

Chapter guide

Scoring systems

Setting scenarios

Reporting

Reporting example

Reporting explanation

CTF-style variations

DEFCON game

Physical components

Attack and defense

Jeopardy

Scenario 1 - ladders, why did it have to be ladders?

Network diagram

Brief

Setting up virtual machines

DMZ

missileman

secret1

secret2

secret3

Attack guide

Dummy devices

Combined OSINT trail

The missile base scenario summary

Scenario 2 - that's no network, it's a space station

Setting up a basic network

Attack of the clones

Customizing cloned VMs

Workstation1

Workstation2

Workstation3

Workstation4

Workstation5

The network base scenario summary

A. Appendix

Further reading

Recommended competitions

Existing vulnerable VMs

Index.

Notes:

Bibliographic Level Mode of Issuance: Monograph

Includes bibliographical references at the end of each chapters and index.

Description based on online resource; title from PDF title page (ebrary, viewed August 9, 2014).

ISBN:

9781783985999

1783985992

OCLC:

885020720