Commit 9bc6e6f
Changed files (6)
docker
files
server_2
docker/files/server_1/root → docker/files/server_1/binx
File renamed without changes
docker/files/server_1/root.pub → docker/files/server_1/binx.pub
File renamed without changes
docker/files/server_2/billybutcherson
@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEA60zSp0yOfX2ZuHRGvYp0kejEUWL3tut154AplEdFqjEgFW5IFTm5
+IoKb2Jme5OQZKzEnUUwmEWDftJgAlAqCMTROJV1gLFmwOdnhKvHgNzyOOwNIPXOpVGYTJL
+VQGWg1fykK66nHgmsYMhpGBrnzsqrdOzjWf96m+6hTA2h9YIBctIn7RZgxADZlXYi69pq1
+3eo3u3g72hX+uJnhu1U+jaLncO+nUpNzB9tOxtNpPcntubIbMu6/9VRs/5kkcFQdcIPu63
+ZJ/GT+4ksNMfZNa0yr2xq5xP/mQmebECZs7ebe7rVQs5oKn2CdHzuJfDycnFiXgIFcY8fY
+RsrduqzlU8u7Mg7pUSTzln1ikA4hJKx8FNqpz+Rcxu6vev392Q8RJuEzPMvmwUCbuf2ohr
+fgvQgRED7/p7i9cTfdcn6sTyf++k3o2jBl6dNAcpaL5QUCXR9klY9l7qUtOEm6TMYuTHXK
+RXoTQvP8s7PbmIi9wpPm3gzbYFvCSeMVS0jthNP5AAAFiJcbw0OXG8NDAAAAB3NzaC1yc2
+EAAAGBAOtM0qdMjn19mbh0Rr2KdJHoxFFi97brdeeAKZRHRaoxIBVuSBU5uSKCm9iZnuTk
+GSsxJ1FMJhFg37SYAJQKgjE0TiVdYCxZsDnZ4Srx4Dc8jjsDSD1zqVRmEyS1UBloNX8pCu
+upx4JrGDIaRga587Kq3Ts41n/epvuoUwNofWCAXLSJ+0WYMQA2ZV2Iuvaatd3qN7t4O9oV
+/riZ4btVPo2i53Dvp1KTcwfbTsbTaT3J7bmyGzLuv/VUbP+ZJHBUHXCD7ut2Sfxk/uJLDT
+H2TWtMq9saucT/5kJnmxAmbO3m3u61ULOaCp9gnR87iXw8nJxYl4CBXGPH2EbK3bqs5VPL
+uzIO6VEk85Z9YpAOISSsfBTaqc/kXMbur3r9/dkPESbhMzzL5sFAm7n9qIa34L0IERA+/6
+e4vXE33XJ+rE8n/vpN6NowZenTQHKWi+UFAl0fZJWPZe6lLThJukzGLkx1ykV6E0Lz/LOz
+25iIvcKT5t4M22BbwknjFUtI7YTT+QAAAAMBAAEAAAGBAJFa2sLYqylgfqaQxeZu8oX0Od
+pg/c+08xf4dzcPNDznrf8vKj5ac0CbWHTcqWiSc+3Xpoc1OEsCAg/I2oqZV0XYHvI8FZ4w
+JYoHS27BDpZwxRg1ddnoalEl4WuKyhl345xTGVjtf77UM5U338xl8OKNZK8h9Hf3bkYF/I
+odcV48zYgFuQCL/LE56TJ3ta+DcRfOiXE43Bhj//+/p8+W4FaUrM56bW24gpX251ox3VB7
+Pmy5Vs4G6PQ/nDnlO7pcasfbDvDb97WStMehPK4IhY3ZGHB1zuBWXd4r6iqDAmedWLdPQU
+0PhEqt0cmy5fapxEcxqIE5oPDJJlmgsDCZR9ekiLP9hWjcbiqMo8f8X4REDbCVYabCwHe4
+5togzvXxO9ujQ3kxQ8U0G+yl6kZNLxUdNE2iJAdl3zhpisSoq4vWltpQwwur5WEjs9zvcn
+zS7XR3IIa5ds/Ga3d27EHSL9zJTPMHpCcwhOAqu4u4Dlgzi+Qhm2ou7jfX1cG5YB2GkQAA
+AMEA9LxehndD2pFra3acNTu5PCGbj6/GOB/Edyl170tdJ2HBXwXkVtEQRtwqNpaJVaHkXq
+b4V65w7Q1NbT0cvBS77cJrbqYSfiZ95xUx9WcY9UMEM5PzMbEkbzIkNmbibWAuGG7OS80J
+4fWmFxx8qHBhGtM6PpT54p8aiAfozfq8uzwpr3m68f0etXU4dWkjtj6c3keAf/54NL7utN
+BKaWojR1TdLs3t/m7di8VNUfuSXF5dKv3tScCTX1c7ImODSrFrAAAAwQD+WO5qtF7cjMnu
+Oatc90QcJ3P+izWfqvM166ElB+X3ekqcjZQ+wkYmyXRriFWysdr/X27qYDvYxk42KCOx45
+0n0PYwKJ+D7M+CbEDRDTATF84e9ANcyaf0uYPQPR8NHVuIbYDarH7r7HfPeSTc66KHF8aU
+WvdmSzDRN6ZSuQUHIhbJBoChelKvYs6G8ERyNd2dINod9GJNSVHIoOPcpLb1jXkAJzfhk1
+lmIRuV3WZTo91CVGzVAHoIZtbpJ6untI0AAADBAOzUNZACi604DB197svZ9x1WtyWMmvc+
+8WN+ouAG6poHetpL88vT5TZG6bmBvkvXneL5EmlIk8uzDaRpYBBtnbu2ebS1kiG86WXkXE
+1xKJvX1WUnN1qpf5HCC14D/4pZ3lxpCpJnKBqVIXOW5y2v2ut+BPj9GzwcUn4qjINZXxdL
+bXnq3oWfTFPlfWSwUV/Xxew/Yv3ZkUcXgbvxE76LJMajwvfvXVHOIdwxLTLmXPO1k+hpty
+6Iw2+JrU264jLgHQAAAAp1YnVudHVAdG1jAQIDBAUGBw==
+-----END OPENSSH PRIVATE KEY-----
docker/files/server_2/billybutcherson.pub
@@ -0,0 +1,1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDrTNKnTI59fZm4dEa9inSR6MRRYve263XngCmUR0WqMSAVbkgVObkigpvYmZ7k5BkrMSdRTCYRYN+0mACUCoIxNE4lXWAsWbA52eEq8eA3PI47A0g9c6lUZhMktVAZaDV/KQrrqceCaxgyGkYGufOyqt07ONZ/3qb7qFMDaH1ggFy0iftFmDEANmVdiLr2mrXd6je7eDvaFf64meG7VT6Noudw76dSk3MH207G02k9ye25shsy7r/1VGz/mSRwVB1wg+7rdkn8ZP7iSw0x9k1rTKvbGrnE/+ZCZ5sQJmzt5t7utVCzmgqfYJ0fO4l8PJycWJeAgVxjx9hGyt26rOVTy7syDulRJPOWfWKQDiEkrHwU2qnP5FzG7q96/f3ZDxEm4TM8y+bBQJu5/aiGt+C9CBEQPv+nuL1xN91yfqxPJ/76TejaMGXp00BylovlBQJdH2SVj2XupS04SbpMxi5MdcpFehNC8/yzs9uYiL3Ck+beDNtgW8JJ4xVLSO2E0/k= ubuntu@tmc
docker-compose.yml
@@ -33,6 +33,46 @@ networks:
- subnet: 192.168.200.0/24
services:
+ server_3:
+ build: docker/ssh/server_3
+ image: sshd_server3
+ restart: always
+ networks:
+ crypt:
+ ipv4_address: 192.168.200.201
+ volumes:
+ - type: bind
+ source: ./docker/files/server_3/book.pub
+ target: /home/book/.ssh/authorized_keys
+ volume:
+ nocopy: True
+ - type: bind
+ source: ./docker/files/server_3/nope.sh
+ target: /bin/nope
+ volume:
+ nocopy: True
+
+ server_2:
+ build: docker/ssh/server_2
+ image: sshd_server2
+ restart: always
+ networks:
+ cemetary:
+ ipv4_address: 10.10.10.109
+ crypt:
+ ipv4_address: 192.168.200.2
+ volumes:
+ - type: bind
+ source: ./docker/files/server_2/billybutcherson.pub
+ target: /home/billybutcherson/.ssh/authorized_keys
+ volume:
+ nocopy: True
+ - type: bind
+ source: ./docker/files/server_2/nope.sh
+ target: /bin/nope
+ volume:
+ nocopy: True
+
server_1:
build: docker/ssh/port_2222
image: sshd_port_2222
@@ -41,10 +81,10 @@ services:
party:
ipv4_address: 172.16.2.31
cemetary:
- ipv4_address: subnet: 10.10.10.1
+ ipv4_address: 10.10.10.2
volumes:
- type: bind
- source: ./docker/files/server_1/root.pub
+ source: ./docker/files/server_1/binx.pub
target: /home/binx/.ssh/authorized_keys
volume:
nocopy: True
@@ -57,7 +97,7 @@ services:
internet:
ipv4_address: 200.200.200.111
party:
- ipv4_address: 172.16.2.1
+ ipv4_address: 172.16.2.2
volumes:
- type: bind
source: ./docker/files/router_firewall/admin.pub
README.md
@@ -77,7 +77,7 @@ beachhead:
- gotty, 200.200.200.X
- throwaway BOO flag
- zombiemap binary in home dir (zmap)
- - some local puzzle to get IP of the party's (must be through redirectors)
+ - some file based puzzle to get IP of the party's (must be through redirectors)
redirectors:
- port scan required to find the service, known password
@@ -92,12 +92,9 @@ server-1:
- gateway ports
server-2:
- - left the BACKDOOR of the MOSULIUM open. Unfortuntely it is unenCRYPTed
- - netcat into unencrypted shell
- - sshd is listening and you have the password
- - doesn't allow inbound ssh (only listening on localhost)
- - ssh 2->1 -R -> server-2 localhost sshd
+ - ssh user + key
+ - is getting connected to by a ssh client (you know the public key and user)
server-3:
- - tcpdump in home directory
- - wireshark shows flag as scrolling data
+ - ssh user + key
+