9: Red v Blue: Linux Web Server

What You Need for This Project

The BLUE TEAM needs a computer with VMware.
The RED TEAM can use anything they want, but all they need is a Kali box.

Scenario

The CCSF website upgrade has gone poorly, and students can't find their classes. To fix the problem, we have prepared a replacement Web server to use instead.

The BLUE TEAM needs to get the server running and keep it working. The server image is here:

U18_64_RB3.zip
Size: 2,984,458,314 bytes
SHA-256: 05a7c1dad74f71c84ddf82d1cd7a677875a63400089b6b3e75863038730c699c

It is possible that, in their haste, the web server team failed to entirely secure the server.

Blue Team

Get your server up. In SCIE 37, install VirtualBox. Unzip the VMware machine you downloaded above, create a new VM in VirtualBox and use the existing VMware virtual hard disk.

Switch to Bridged networking.

Set your IP address with DHCP with this command:

sudo dhclient -v enp0s3

Tell your instructor your TEAM NAME and IP ADDRESS to get onto the scoreboard.

The BLUE TEAM needs to get the box up, find the problems, and patch them before the evil RED TEAM does bad things, like defacing the web page.

Your CCDC playbook should be helpful.

Red Team

You get points by doing these things:

Adding up to three PWNED files to the server with these names:
/var/www/html/pwned1.htm /var/www/html/pwned2.htm /var/www/html/pwned3.htm
Each file must contain the text HINT: followed by a clue telling the Blue Team how you got in.
Each file must be produced by getting in a different way.
Replacing the Web page with a different page
Bringing down the target server entirely (not wise)

Post-Mortem

After an hour or two of combat, there will be a discusion of what worked, what didn't work, and how to write better documentation to preserve what has been learned for CCDC in the future.

Posted 11-30-18