hacking-lab online wargames 19. november 2008 · ch-8640 rapperswil t +41 55 214 41 60 f +41 55 214...
TRANSCRIPT
Compass Security
Glärnischstrasse 7
Postfach 1671
CH-8640 Rapperswil
T +41 55 214 41 60
F +41 55 214 41 61
Hacking-Lab
Online Wargames
19. November 2008
Name EN_Hacking_Lab_V3.2.doc
Version: V 3.2
Authors Ivan Buetler, Hacking-Lab
Delivery 19. November 2008
Classification E-Lab
E-LAB
Seite: 2 Datum: 19. Nov. 2008
Hacking-Lab – Online Wargames – V 3.2
Content
1 HACKING-LAB INFRASTRUCTURE..............................................................1 1.1 Topology 1 1.2 Hacking-Lab Access using SSL Explorer 2 1.3 Hacking-Lab Access using OpenVPN 7
1.3.1 Installation OpenVPN 7 1.3.2 Client Certificate for OpenVPN 7
1.4 Basic Access Test 8 1.5 Tool Reference List 9
2 HACKING-LAB EXERCISES ........................................................................10 2.1 Example Screenshot 10 2.2 Solution Form 10 2.3 Vulnerable Web Application (Educational Web App) 11
Hacking-Lab – Online Wargames – V 3.2
E-LAB
Seite: 1 Datum: 19. Nov. 2008
1 Hacking-Lab Infrastructure
1.1 Topology
The E-Lab of Compass security consists of a central OpenVPN server for the net access and corresponding servers in the DMZ of Compass for the hands-on labs. Important systems for the lab exercises are called:
glocken.hacking-lab.com Vulnerable Swiss Cow-Bell Shop
xssshell.hacking-lab.com XSS Shell Server for Attacker
myspace.hacking-lab.com Glocken Community Site
If the task description says you should login with hackerXX, this means you can choose any user from hacker10 to hacker40. The Password is always „compass“.
Hacking-Lab – Online Wargames – V 3.2
E-LAB
Seite: 2 Datum: 19. Nov. 2008
1.2 Hacking-Lab Access using SSL Explorer
For those who have chosen the SSL VPN access method (skip this section if you use OpenVPN) https://sslvpn.csnc.ch/
Enter your password afterwards
Hacking-Lab – Online Wargames – V 3.2
E-LAB
Seite: 3 Datum: 19. Nov. 2008
Choose „Browser Settings“
Choose: Browser Settings (Global) Profile:
Hacking-Lab – Online Wargames – V 3.2
E-LAB
Seite: 4 Datum: 19. Nov. 2008
If you click on „My Applications“, the selection box of the validated applications appears.
Launching SSL Explorer (tunnelling RDP via HTTP), requires JAVA to be installed on your computer.
Hacking-Lab – Online Wargames – V 3.2
E-LAB
Seite: 5 Datum: 19. Nov. 2008
You have to authenticate again at the SSL VPN gateway using the given SSL VPN credentials
You should have an SSL Explorer icon now.
Try the application. The following message appears:
The tunnel is established
You have to say „connect“ here in order to start the RDP tunnel.
Hacking-Lab – Online Wargames – V 3.2
E-LAB
Seite: 6 Datum: 19. Nov. 2008
Finally, you have your RDP session.
From the technical point of view the RDP traffic is converted by an Applet in HTTP and is unpacked again on the sslvpn.csnc.ch.
Hacking-Lab – Online Wargames – V 3.2
E-LAB
Seite: 7 Datum: 19. Nov. 2008
1.3 Hacking-Lab Access using OpenVPN
For those who have chosen the OpenVPN access method (skip this section if you use SSL VPN)
1.3.1 Installation OpenVPN
Please download/install the OpenVPN package and make sure, you have received a valid client.zip (including client certificate and everything from Hacking-Lab).
� OpenVPN Client http://openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe � Hacking-Lab Client Certificate (config.zip)
After the OpenVPN client setup, you should have the „OpenVPN“ directory, including a directory folder. C:\Program Files\OpenVPN>dir
Volume in drive D is swdata
Volume Serial Number is 80B4-6DCF
Directory of c:\Program Files\OpenVPN
19.05.2008 11:55 <DIR> .
19.05.2008 11:55 <DIR> ..
24.01.2008 10:43 <DIR> bin
04.06.2008 22:49 <DIR> config
24.01.2008 10:43 <DIR> driver
24.01.2008 10:43 <DIR> easy-rsa
01.10.2006 14:37 83 INSTALL-win32.txt
21.04.2005 11:54 28'387 license.txt
24.01.2008 18:34 <DIR> log
18.08.2005 08:20 8'705 OpenVPN GUI ReadMe.txt
16.05.2004 09:30 766 openvpn.ico
24.01.2008 10:43 <DIR> sample-config
24.01.2008 10:44 72'907 Uninstall.exe
5 File(s) 110'848 bytes
9 Dir(s) 8'240'791'552 bytes free
1.3.2 Client Certificate for OpenVPN
Copy everything from the given config.zip to the OpenVPN config directory.
Hacking-Lab – Online Wargames – V 3.2
E-LAB
Seite: 8 Datum: 19. Nov. 2008
1.4 Basic Access Test
After you have established your first Hacking-Lab connection (via SSLVPN or OpenVPN), you should then open the following URL and you should see a page like the one below: http://glocken.hacking-lab.com/12001/cookie_case6/cookie6/
If you don’t see the page above, you are not properly connected yet. Troubleshooting: If you are using OpenVPN: Did you get a new DNS server pushed to your client computer? This is mandatory for resolving hacking-lab domain names. The DNS name server is on 192.168.200.203
Hacking-Lab – Online Wargames – V 3.2
E-LAB
Seite: 9 Datum: 19. Nov. 2008
1.5 Tool Reference List
Please use the following tools to solve the puzzles.
� [ Paros ] http://www.parosproxy.org/ � [ LiveHttpHeader Firefox Plugin ] http://livehttpheaders.mozdev.org/ � [ Add N Edit Firefox Plugin ] http://addneditcookies.mozdev.org/ � [ Firebug ] http://www.getfirebug.com/ � [ Venkmann Java Script Debugger ] http://www.mozilla.org/projects/venkman/ � [ Tamper Firefox Plugin ] https://addons.mozilla.org/en-US/firefox/addon/966 � [ Firefox 2 ] http://www.mozilla.com/en-US/firefox/ � [ Eclipse WTB ] http://download.eclipse.org/webtools/downloads/ � [ SwitchProxy ] http://mozmonkey.com/switchproxy/
Hacking-Lab – Online Wargames – V 3.2
E-LAB
Seite: 10 Datum: 19. Nov. 2008
2 Hacking-Lab Exercises
You will have your task descriptions at www.hacking-lab.com. You must be authenticated to see the wargame cases.
2.1 Example Screenshot
Make sure all wargame cases you have chosen are listed. Otherwise mail to [email protected]
2.2 Solution Form
Please use the given Hacking-Lab web form to post your solution to the jury.
Hacking-Lab – Online Wargames – V 3.2
E-LAB
Seite: 11 Datum: 19. Nov. 2008
2.3 Vulnerable Web Application (Educational Web App)
You must be connected to the Hacking-Lab infrastructure to solve the wargames. The URLs are not working from the Internet directly.
Hacking-Lab – Online Wargames – V 3.2
E-LAB
Seite: 12 Datum: 19. Nov. 2008
If you see the Cow-Bell shop (see below), you are properly connected.