SC 105: Building a Vulnerable Windows Server in the Cloud (25 pts)

What You Need

A cloud Windows server. I used Windows Server 2022 on the Google Cloud. I recommend 2 vCPUs and 8 GB RAM.

Installing MinGW

MinGW is a port of the gcc C compiler to Windows.

On your Windows system, in a Web browser, go to https://sourceforge.net/projects/mingw/files/

Click the big green "Download Latest Version" button, as shown below.

In your Downloads folder, double-click the mingw-get-setup.exe file.

Click the Install button, as shown below.

On the "Step 1" page, click the Continue button.

On the "Step 2" page, wait for files to download and then click the Continue button.

The MinGW Installation Manager opens.

Check all the boxes, as shown below.

Then click Installation, "Apply Changes".

In the "Okay to proceed?" box, click the Apply button.

Wait for software to install.

When it's done, you'll see a message saying "All changes were applied successfully".

Click Close.

Close the MinGW Installation Manager.

Updating the Path

On your Windows machine, open a Command Prompt.

Execute this command, as shown below.

setx path "%PATH%;C:\MinGW\bin"

Close the Command Prompt window and open a new one.

Execute this command, as shown below.

gcc

You get a "fatal error", showing that the gcc program was found (although there was no code to compile), as shown below.

Getting the VulnserverSC Source Code

On your Windows system, in a Web browser, go to https://github.com/sambowne/vulnserverSC

Click the green Code button, and click "Download ZIP, as shown below.

In your Downloads folder, right-click the vulnserverSC-master.zip file and click "Extract All..., Extract.

A window opens showing the vulnserverSC-master folder.

Double-click the vulnserverSC-master folder.

You should see a folder containing two C source files, along with some other files, as shown below.

Preparing a Working Directory

On your Windows machine, in a Command Prompt window, execute these commands, as shown below.

cd %USERPROFILE% mkdir vs cd vs copy ..\Downloads\vulnserverSC-master\vulnserverSC-master\*.c . dir

You see a folder containing the C source files, as shown below.

Compiling the Code

On your Windows machine, in the Command Prompt window, execute these commands, as shown below.

gcc -c essfunc.c gcc -shared -o essfunc.dll -Wl,--out-implib=libessfunc.a -Wl,--image-base=0x62500000 essfunc.o gcc vulnserver.c -o vulnserver.exe -lws2_32 ./libessfunc.a dir vulnserver

An executable file "vulnserver.exe" is created, and when it runs, it begins waiting for client connections, as shown below.

Turning Off the Windows Firewall

On your Windows cloud server, click Start and type FIREWALL.

Click "Windows Defender Firewall".

On the left side, click "Turn Windows Defender Firewall on or off".

Click both "Turn off Windows Defender Firewall (not recommended)" buttons.

Click OK.

Opening the Google Cloud Firewall

Click the link below to open the Google Cloud Console page:

https://console.cloud.google.com

At the top left, click the three-bar icon.

Point to "Compute Engine" and click "VM instances", as shown below.

On the "VM instances" page, click the name of your Windows server, as shown below.

Note your External IP address, outlined in yellow in the image below. You'll need it later.

On the next page, in the "Network interfaces" section, click your Network name, which is probably "default", as shown below.

On the "VPC network details" page, on the left side, click Firewall, as shown below.

On the "Firewall policies" page, at the top, click "CREATE FIREWALL RULE" and enter these values:

Name: allow9999
Targets: All instances on the network
Source IPv4 ranges: 0.0.0.0/0
Specified protocols and ports: Check TCP and enter 9999

At the botton, click Create, as shown below.

Testing your Server

To connect to your server, follow the instructions in the appropriate box below, depending on the operating system of your local machine.

Windows
On your Windows machine, install Nmap from https://nmap.org/download
Then execute this command, replacing the IP address with the external IP of your cloud Windows server:
ncat 34.72.162.255 9999

Linux or MacOS
On your Linux or MacOS machine, execute this command, replacing the IP address with the external IP of your cloud Windows server:
nc 34.72.162.255 9999

You should see a welcome message, as shown below.

Enter these commands:

HELP EXIT

Flag SC 105.1: Original Server Test (15 pts)
In a Web browser, open this page:
https://samlols.samsclass.info/SC/SC105.htm
Enter the IP address of your cloud Windows server in the form for flag SC 105.1, as shown below, and submit the form.
If your code is correct, the flag will appear.

Making a Change

In the Command Prompt running vulnserver.exe, press Ctrl+C to stop the process.

Then execute this command:

notepad vulnserver.c

Change the welcome message, as shown in the highlighted line in the image below. Note that you must also change the length parameter after the text.

Save the file. Close Notepad.

Execute these commands to rebuild and start the app:

gcc vulnserver.c -o vulnserver.exe -lws2_32 ./libessfunc.a vulnserver

Flag SC 105.2: Modified Server Test (10 pts)
In a Web browser, open this page:
https://samlols.samsclass.info/SC/SC105.htm
Enter the IP address of your cloud Windows server in the form for flag SC 105.2, as shown below, and submit the form.
If your code is correct, the flag will appear.

References

How To install MinGW on Windows 10 (GCC & G++)

Posted 3-21-24