Commit 7836fd4
2020-10-03 17:22:00
Changed files (8)
docker
ssh
port_1337
gotty
scenario
ssh
docker/ssh/port_1337/.Dockerfile.swp
Binary file
docker/ssh/port_1337/Dockerfile
@@ -0,0 +1,21 @@
+
+FROM ubuntu:20.04
+
+RUN apt-get update && apt-get install -y openssh-server
+
+RUN mkdir /var/run/sshd
+RUN echo 'root:boo' | chpasswd
+RUN sed -i 's/#*PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
+RUN sed -i 's/#*Port 22/Port 1337/' /etc/ssh/sshd_config
+
+# SSH login fix. Otherwise user is kicked off after login
+RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
+
+ENV NOTVISIBLE "in users profile"
+RUN echo "export VISIBLE=now" >> /etc/profile
+
+EXPOSE 1337
+CMD ["/usr/sbin/sshd", "-D", "-e"]
+
+
+
gotty/Dockerfile
@@ -0,0 +1,23 @@
+FROM ubuntu:20.04
+EXPOSE 8080
+RUN apt-get -y update && \
+apt-get install -y \
+ curl \
+ tmux \
+ iproute2 \
+ iputils-ping \
+ openssh-client \
+ vim \
+ nano \
+ screen \
+ tcpdump && \
+VERSION=v1.0.1 && \
+curl -sLk https://github.com/yudai/gotty/releases/download/$VERSION/gotty_linux_amd64.tar.gz \
+| tar xzC /usr/local/bin && \
+apt-get purge --auto-remove -y curl && \
+apt-get clean && \
+rm -rf /var/lib/apt/lists*
+ENV TERM=xterm-256color
+ENTRYPOINT ["/usr/local/bin/gotty"]
+CMD ["--permit-write","--reconnect","/usr/bin/tmux","new","-A","-s","gotty"]
+
scenario/00.md
@@ -0,0 +1,9 @@
+### 00 beachhead
+
+Technical tasks:
+ - get basic aps installed:
+
+ ```
+ apt update
+ apt install iproute2
+
ssh/Dockerfile
@@ -0,0 +1,20 @@
+
+FROM ubuntu:20.04
+
+RUN apt-get update && apt-get install -y openssh-server
+
+RUN mkdir /var/run/sshd
+RUN echo 'root:boo' | chpasswd
+RUN sed -i 's/#*PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
+
+# SSH login fix. Otherwise user is kicked off after login
+RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
+
+ENV NOTVISIBLE "in users profile"
+RUN echo "export VISIBLE=now" >> /etc/profile
+
+EXPOSE 22
+CMD ["/usr/sbin/sshd", "-D", "-e"]
+
+
+
docker-compose.yml
@@ -0,0 +1,210 @@
+version: '3'
+
+networks:
+ bchd:
+ driver: bridge
+ ipam:
+ driver: default
+ config:
+ - subnet: 201.200.200.0/24
+ internet:
+ driver: bridge
+ ipam:
+ driver: default
+ config:
+ - subnet: 200.200.200.0/24
+ party:
+ driver: bridge
+ ipam:
+ driver: default
+ config:
+ - subnet: 172.16.2.0/24
+ cemetary:
+ driver: bridge
+ ipam:
+ driver: default
+ config:
+ - subnet: 10.10.10.0/24
+ crypt:
+ driver: bridge
+ ipam:
+ driver: default
+ config:
+ - subnet: 192.168.200.0/24
+
+services:
+
+# 40 redirectors
+ redirector01:
+ build: docker/ssh/port_1337
+ image: sshd_port_1337
+ restart: always
+ networks:
+ - internet
+ redirector02:
+ build: docker/ssh/port_1337
+ image: sshd_port_1337
+ restart: always
+ networks:
+ - internet
+
+# 20 beachheads
+ bchd1:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2001:8080
+ bchd2:
+ image: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2002:8080
+ bchd3:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2003:8080
+ bchd4:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2004:8080
+ bchd5:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2005:8080
+ bchd6:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2006:8080
+ bchd7:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2007:8080
+ bchd8:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2008:8080
+ bchd9:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2009:8080
+ bchd10:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2010:8080
+ bchd11:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2011:8080
+ bchd12:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2012:8080
+ bchd13:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2013:8080
+ bchd14:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2014:8080
+ bchd15:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2015:8080
+ bchd16:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2016:8080
+ bchd17:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2017:8080
+ bchd18:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2018:8080
+ bchd19:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2019:8080
+ bchd20:
+ image: gotty
+ build: gotty
+ restart: always
+ networks:
+ - internet
+ ports:
+ - 2020:8080
questions.md
@@ -0,0 +1,4 @@
+# Questions
+
+- Can you launch containers in a large network with actually ranomly assigned IPs?
+ The default behavior is to give the ips out sequentually, I want random :(
README.md
@@ -0,0 +1,104 @@
+
+## TBD
+
+### Event details (sent via Teams)
+
+#### Teams Channel:
+!RSD-Intermediate Training (training is only offered
+via Teams – no in-person offering)
+
+#### Training Times:
+Sunday with core training hours from 9-11 & 12-1500
+(these times are available on most Sq schedules). However, trainers
+will be available as early as 7 so members may start early, schedule
+permitting, and trainers will be available until 1600.
+
+#### Overview:
+Maj Fryer and MSgt Patrick from 276 COS are kind enough to
+host our Oct RSD training. Here’s what members can expect: “Tunneling
+and Unix enumeration with hands on labs focusing on understanding
+environmental clues to solve spooky puzzles and practicing key
+redirection spells that every ghoul should have in their grimoire. Too
+spooky for some, Intermediate level training (IST completion
+recommended).” Labs will be Instructor-led and walk-throughs of
+solutions will also be provided throughout the day and recorded.
+
+#### Logistics:
+A computer with internet access and Teams. Members will
+ideally have a PCTE account but efforts will be made to pair
+individuals based upon experience and to ensure one person has a PCTE
+account. It's recommended member's test their PCTE account prior to
+RSD to ensure they can login. A video camera with mic is helpful for
+collaboration but not required.
+REQUIRED FOR THOSE WHO PLAN TO ATTEND! Members must complete this
+simple 5 question sign-up form NLT 1500 on Sat so our trainers can be
+prepared to effectively train on Sun.
+
+[Form Link](https://forms.microsoft.com/Pages/ResponsePage.aspx?id=s_usIb4yFUeQJR4vAVy76UEnk2chioJPhEwjXFMOazdUOFYzSExKU1VYVlcxVzdXTFNRMTdBMzdDWC4u)
+
+## Networks
+
+### Original PCTE network
+| Name | First Interface | Second Interface |
+|----------------------|-----------------|------------------|
+| redirector | 200.200.200.101 | |
+| yachtzee-edge-router | 172.16.0.1 | 200.200.200.1 |
+| yachtzee-firewall | 172.16.0.2 | 172.16.0.5 |
+| yachtzee-core-router | 172.16.0.6 | 172.16.2.1 |
+| yachtzee-server-1 | 172.16.2.100 | 10.10.10.44 |
+| yachtzee-server-2 | 10.10.10.55 | 192.168.200.66 |
+| yachtzee-server-3 | 192.168.200.89 | |
+
+### Supporting software
+sudo apt install docker.io docker-compose
+
+### New Networks
+| Name | Subnet/Mask | Spooky Level |
+|---------------------------|------------------|--------------|
+| Home base | 201.200.200.0/24 | Not Spooky |
+| Trick-or-Treat (Internet) | 200.200.200.0/24 | Spoopy |
+| Halloween Party | 172.16.2.0/24 | P Spoopy |
+| Back Yard Cemetary | 10.10.10.0/24 | Spooky |
+| Crypt | 192.168.200.0/24 | 2Spooky |
+
+### New hosts
+| Name | First Interface | Second Interface |
+|--------------------------|-----------------|------------------|
+| beachheads | 200.200.200.X | |
+| redirectors | 200.X.X.X | |
+| yachtzee-router-firewall | 172.16.2.1 | 200.200.200.1 |
+| yachtzee-server-1 | 172.16.2.100 | 10.10.10.44 |
+| yachtzee-server-2 | 10.10.10.55 | 192.168.200.66 |
+| yachtzee-server-3 | 192.168.200.89 | |
+
+
+# scenario
+beachhead:
+ - gotty, 200.200.200.X
+ - throwaway BOO flag
+ - zombiemap binary in home dir (zmap)
+ - some local puzzle to get IP of the party's (must be through redirectors)
+ - if you drop packets you get less results
+
+redirectors:
+ - port scan required to find the service, known password
+
+router-firewall:
+ - no shell, only port forward via key
+ - proxychains nmap syn scan for next
+
+server-1:
+ - is getting connected to by a random connection / random port
+ - port foward back to nc to get details of next and flag
+ - gateway ports
+
+server-2:
+ - left the BACKDOOR of the MOSULIUM open. Unfortuntely it is unenCRYPTed
+ - netcat into unencrypted shell
+ - sshd is listening and you have the password
+ - doesn't allow inbound ssh (only listening on localhost)
+ - ssh 2->1 -R -> server-2 localhost sshd
+
+server-3:
+ - tcpdump in home directory
+ - wireshark shows flag as scrolling data