As I mentioned last week, we'll be running a CTF tomorrow. (Tuesday the 16th)

1.  
2. As I mentioned last week, we'll be running a CTF tomorrow. (Tuesday the 16th).
3.  
4. We have a scoreboard server where I'll be sharing the details to access it tomorrow. You create an account and download an OpenVPN configuration file to connect to the challenges. When you solve a machine, you submit it's flag and your account will go up the leaderboard.
5.  
6. We have 4 main machines to target and one sanity check machine (to confirm you can connect etc).
7.  
8. Each of the main machines has two stages to it, one remote and one local, each with a flag. You have to solve the remote stage to gain access to the local stage.
9.  
10. The goal of this is to compromise and get the flags from as many of the machines as possible. Difficulty varies, but most aren't too hard. If you've done the harder machines on HackTheBox, you'll have no problems with any of them. If you aren't experienced, they should be good to learn from.
11.  
12. We'll be leaving them up until next week, where we'll go though how to solve them and a bit about the infrastructure used to run these. All the code will be open sourced then.
13.  
14. If you have never done anything like this, I'd highly recomend watching a few of IppSec's videos to get an idea of the process (The videos on Nibbles and Shocker would be easy to follow.)
15. https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA/videos
16.  
17. I have also posted a list of resources [1] on computer security to help everyone get started.
18.  
19. Ideally, to do this you'll need an openvpn client and a linux VM (VirtualBox[2] is good for this). You can run the openvpn client on the Linux machine as that'll make everything much easier. Good options for this are Ubuntu[3] or Kali Linux[4]
20. If you can't setup a VM, then get an SSH client like Putty[5] (Windows) or otherwise use the default one (On OSX).
21.  
22. For connecting to the OpenVPN server from a Windows computer you can use the client avaliable here [6] and for OSX Tunnelblick is good [7].
23.  
24.  
25. Technical Detials:
26.  
27. * The only machines in scope are in the 10.10.2.0/24 range. Do not attack anything outside this range.
28. * Only the 10.10.0.0/16 range is pushed to your device, so you'll not be proxying though our server when accessing the normal internet.
29. * Because of how we set this up, you can't do connect backs to the VPN host. You either have to run a box on the internet, or use another machine on the network to pivot :) [*hint* the sanity check machine *hint*]. Bindshells should be fine though, just don't pick port 1337 :). This is due to it running on a docker bridge network.
30. * All machines have resource limits, so be reasonable else the machine you are attempting will be restarted automatically.
31. * You can connect to the outside internet on these machines. Please do not abuse this.
32. * The server is on DigitalOcean, running in their AMS3 datacenter.
33. * Scoreboard server is running CTFd [6]
34. * Machines are mostly based on the Ubuntu:latest docker image.
35. * None of the challenges require brute forcing. Put `hydra` away.
36.  
37.  
38.  
39. [1] https://gist.github.com/bahorn/95bfffc939fe201fdba3f7bddea13d41
40. [2] https://www.virtualbox.org/wiki/Downloads
41. [3] https://www.ubuntu.com/download/desktop
42. [4] https://www.kali.org/
43. [5] https://www.putty.org/
44. [6] https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-windows/
45. [7] https://tunnelblick.net/
46. [8] https://github.com/CTFd/CTFd