11: Red v Blue: Domain Controllerr

What You Need for This Project

The BLUE TEAM needs a computer with VirtualBox.
The RED TEAM can use anything they want, but all they need is a Kali box.

SCOREBOARD

Scenario

CCSF's even newer Web server, runs on Windows, and includes Splunk!

The BLUE TEAM needs to get the server running and keep it working. The server image is here:

p11Win16RB.ova
Size: 6,776,176,640 bytes
SHA-256: 42882d73ce6e43856887925ac24afd23f4ee3019f7ab7b9da949f5294fc4572c

Blue Team

Get your server up. In SCIE 37, install VirtualBox. Click File, "Import Appliance" and import the OVA file.

Start the virtual machine.

You need to assign your server the IP address provided by your instructor. You get points for:

Server answering a ping
Serving the CCSF web page on port 80
Serving the Splunk page on port 8000

The BLUE TEAM needs to get the box up, find the problems, and patch them before the evil RED TEAM does bad things, like defacing the web page.

Your CCDC playbook should be helpful.

Injects

For additional points, complete these tasks:

Make a list of all services listening on the network, with their port number and purpose. (1000 pts)
Write an Incident Report for any security issues you fix, with a brief explanation of the problem and how you fixed it. (varies, typically 500-1000 pts)
Upgrade the Web server to use HTTPS as well as HTTP. (2000 pts)
Add new user acccounts for these employees. Demonstrate one of them logging in. (500 pts)
- BBunny
- EFudd
- Ppig
- WileE
List all the users who have authenticated today and when they did. (1000 pts)
Provide a list of all user accounts, specifying which accounts are able to run commands as root. (1000 pts)
Use Splunk to find the top ten IP addresses connecting to the website today (500 pts)

Red Team

You get points by accomplishing these tasks:

Adding up to three PWNED files to the server, in the Web root, with the names listed below. Each such file is worth +20 points every 10 seconds. Each file must contain the text HINT: followed by a clue telling the Blue Team. how you got in, and each file must be produced by getting in a different way.
- pwned1.htm
- pwned2.htm
- pwned3.htm
Locking the Blue Team out so badly that they need to wipe the machine and load a clean image is worth 1000 points
Totally destroying the server so it must be reloaded is worth 100 pts
Other epic feats of pwnage (variable points)

Post-Mortem

After an hour or two of combat, there will be a discusion of what worked, what didn't work, and how to write better documentation to preserve what has been learned for CCDC in the future.

Scoring Engine

For other schools who want to do this, here are the scripts that ran the scoring engine.

They are amazingly simple Python scripts.

We ran them on an Ubuntu server.

Posted 12-15-18