hacking-lab online wargames 19. november 2008 · ch-8640 rapperswil t +41 55 214 41 60 f +41 55 214...

Compass Security

Glärnischstrasse 7

Postfach 1671

CH-8640 Rapperswil

T +41 55 214 41 60

F +41 55 214 41 61

[email protected]

Hacking-Lab

Online Wargames

19. November 2008

Name EN_Hacking_Lab_V3.2.doc

Version: V 3.2

Authors Ivan Buetler, Hacking-Lab

Delivery 19. November 2008

Classification E-Lab

E-LAB

Seite: 2 Datum: 19. Nov. 2008

Hacking-Lab – Online Wargames – V 3.2

Content

1 HACKING-LAB INFRASTRUCTURE..............................................................1 1.1 Topology 1 1.2 Hacking-Lab Access using SSL Explorer 2 1.3 Hacking-Lab Access using OpenVPN 7

1.3.1 Installation OpenVPN 7 1.3.2 Client Certificate for OpenVPN 7

1.4 Basic Access Test 8 1.5 Tool Reference List 9

2 HACKING-LAB EXERCISES ........................................................................10 2.1 Example Screenshot 10 2.2 Solution Form 10 2.3 Vulnerable Web Application (Educational Web App) 11


E-LAB


1 Hacking-Lab Infrastructure

1.1 Topology

The E-Lab of Compass security consists of a central OpenVPN server for the net access and corresponding servers in the DMZ of Compass for the hands-on labs. Important systems for the lab exercises are called:

glocken.hacking-lab.com Vulnerable Swiss Cow-Bell Shop

xssshell.hacking-lab.com XSS Shell Server for Attacker

myspace.hacking-lab.com Glocken Community Site

If the task description says you should login with hackerXX, this means you can choose any user from hacker10 to hacker40. The Password is always „compass“.


E-LAB


1.2 Hacking-Lab Access using SSL Explorer

For those who have chosen the SSL VPN access method (skip this section if you use OpenVPN) https://sslvpn.csnc.ch/

Enter your password afterwards


E-LAB


Choose „Browser Settings“

Choose: Browser Settings (Global) Profile:


E-LAB


If you click on „My Applications“, the selection box of the validated applications appears.

Launching SSL Explorer (tunnelling RDP via HTTP), requires JAVA to be installed on your computer.


E-LAB


You have to authenticate again at the SSL VPN gateway using the given SSL VPN credentials

You should have an SSL Explorer icon now.

Try the application. The following message appears:

The tunnel is established

You have to say „connect“ here in order to start the RDP tunnel.


E-LAB


Finally, you have your RDP session.

From the technical point of view the RDP traffic is converted by an Applet in HTTP and is unpacked again on the sslvpn.csnc.ch.


E-LAB


1.3 Hacking-Lab Access using OpenVPN

For those who have chosen the OpenVPN access method (skip this section if you use SSL VPN)

1.3.1 Installation OpenVPN

Please download/install the OpenVPN package and make sure, you have received a valid client.zip (including client certificate and everything from Hacking-Lab).

� OpenVPN Client http://openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe � Hacking-Lab Client Certificate (config.zip)

After the OpenVPN client setup, you should have the „OpenVPN“ directory, including a directory folder. C:\Program Files\OpenVPN>dir

Volume in drive D is swdata

Volume Serial Number is 80B4-6DCF

Directory of c:\Program Files\OpenVPN

19.05.2008 11:55 <DIR> .

19.05.2008 11:55 <DIR> ..

24.01.2008 10:43 <DIR> bin

04.06.2008 22:49 <DIR> config

24.01.2008 10:43 <DIR> driver

24.01.2008 10:43 <DIR> easy-rsa

01.10.2006 14:37 83 INSTALL-win32.txt

21.04.2005 11:54 28'387 license.txt

24.01.2008 18:34 <DIR> log

18.08.2005 08:20 8'705 OpenVPN GUI ReadMe.txt

16.05.2004 09:30 766 openvpn.ico

24.01.2008 10:43 <DIR> sample-config

24.01.2008 10:44 72'907 Uninstall.exe

5 File(s) 110'848 bytes

9 Dir(s) 8'240'791'552 bytes free

1.3.2 Client Certificate for OpenVPN

Copy everything from the given config.zip to the OpenVPN config directory.


E-LAB


1.4 Basic Access Test

After you have established your first Hacking-Lab connection (via SSLVPN or OpenVPN), you should then open the following URL and you should see a page like the one below: http://glocken.hacking-lab.com/12001/cookie_case6/cookie6/

If you don’t see the page above, you are not properly connected yet. Troubleshooting: If you are using OpenVPN: Did you get a new DNS server pushed to your client computer? This is mandatory for resolving hacking-lab domain names. The DNS name server is on 192.168.200.203


E-LAB


1.5 Tool Reference List

Please use the following tools to solve the puzzles.

� [ Paros ] http://www.parosproxy.org/ � [ LiveHttpHeader Firefox Plugin ] http://livehttpheaders.mozdev.org/ � [ Add N Edit Firefox Plugin ] http://addneditcookies.mozdev.org/ � [ Firebug ] http://www.getfirebug.com/ � [ Venkmann Java Script Debugger ] http://www.mozilla.org/projects/venkman/ � [ Tamper Firefox Plugin ] https://addons.mozilla.org/en-US/firefox/addon/966 � [ Firefox 2 ] http://www.mozilla.com/en-US/firefox/ � [ Eclipse WTB ] http://download.eclipse.org/webtools/downloads/ � [ SwitchProxy ] http://mozmonkey.com/switchproxy/


E-LAB


2 Hacking-Lab Exercises

You will have your task descriptions at www.hacking-lab.com. You must be authenticated to see the wargame cases.

2.1 Example Screenshot

Make sure all wargame cases you have chosen are listed. Otherwise mail to [email protected]

2.2 Solution Form

Please use the given Hacking-Lab web form to post your solution to the jury.


E-LAB


2.3 Vulnerable Web Application (Educational Web App)

You must be connected to the Hacking-Lab infrastructure to solve the wargames. The URLs are not working from the Internet directly.


E-LAB


If you see the Cow-Bell shop (see below), you are properly connected.

hacking-lab online wargames 19. november 2008 · ch-8640 rapperswil t +41 55 214 41 60 f +41 55 214...

Documents