10: Red v Blue: Another Linux Web Server
What You Need for This Project
- The BLUE TEAM needs a computer with VirtualBox.
- The RED TEAM can use anything they want, but all they need is a Kali box.
Scenario
CCSF has a new improved Web server,
faster than before!
The BLUE TEAM needs to get the server
running and keep it working. The server image is
here:
p10_140RB_1.ova
Size: 897,992,704 bytes
SHA-256: ef27683b4061d393a340288aa8eb81a3cf4130ee28d838215195318002de2e40
Blue Team
Get your server up. In SCIE 37, install VirtualBox.
Click File, "Import Appliance"
and import the OVA file.
Start the virtual machine. The console
shows the IP address and login information,
as shown below.
Tell your instructor your TEAM NAME and IP ADDRESS
to get onto the scoreboard.
The BLUE TEAM
needs to get the box up, find the problems,
and patch them before the evil RED TEAM
does bad things, like defacing the web page.
Your CCDC playbook should be helpful.
Injects
For additional points, complete these tasks:
- Configure SSH certificate-based authentication. Demonstrate a login using this method. (1000 pts)
- Upgrade the Web server to use HTTPS as well as HTTP. (1000 pts)
- Configure mod_security to protect the Web server. Demonstrate its function. (1000 pts)
- List all the users who have authenticated today and when they did. (1000 pts)
- Configure Apache forensic logging. Demonstrate it recording a complete requested URL. (1000 pts)
- Provide a list of all user accounts, specifying which accounts are able to run commands as root. (1000 pts)
Red Team
You get points by accomplishing these tasks:
- Adding up to three PWNED files to the server,
in the Web root, with the names listed below. Each such
file is worth +20 points every 10 seconds. Each file must contain
the text HINT: followed by a clue telling the Blue Team. how you
got in, and each file must be produced by getting in a different way.
- pwned1.htm
- pwned2.htm
- pwned3.htm
- Locking the Blue Team out so badly
that they need to wipe the machine and load a clean image is worth 1000 points
- Totally destroying the server so it must be reloaded is worth 100 pts
- Other epic feats of
pwnage (variable points)
Post-Mortem
After an hour or two of combat, there will be
a discusion of what worked, what didn't work,
and how to write better documentation to preserve
what has been learned for CCDC in the future.
Posted 12-5-18