11: Red v Blue: Domain Controllerr
What You Need for This Project
- The BLUE TEAM needs a computer with VirtualBox.
- The RED TEAM can use anything they want, but all they need is a Kali box.
Scenario
CCSF's even newer Web server,
runs on Windows, and includes Splunk!
The BLUE TEAM needs to get the server
running and keep it working. The server image is
here:
p11Win16RB.ova
Size: 6,776,176,640 bytes
SHA-256: 42882d73ce6e43856887925ac24afd23f4ee3019f7ab7b9da949f5294fc4572c
Blue Team
Get your server up. In SCIE 37, install VirtualBox.
Click File, "Import Appliance"
and import the OVA file.
Start the virtual machine.
You need to assign your server the IP address
provided by your instructor. You get points
for:
- Server answering a ping
- Serving the CCSF web page on port 80
- Serving the Splunk page on port 8000
The BLUE TEAM
needs to get the box up, find the problems,
and patch them before the evil RED TEAM
does bad things, like defacing the web page.
Your CCDC playbook should be helpful.
Injects
For additional points, complete these tasks:
- Make a list of all services listening on the network, with their port number and purpose. (1000 pts)
- Write an Incident Report for any security issues you fix, with a brief explanation of the problem and how you fixed it. (varies, typically 500-1000 pts)
- Upgrade the Web server to use HTTPS as well as HTTP. (2000 pts)
- Add new user acccounts for these employees. Demonstrate one of them logging in. (500 pts)
- List all the users who have authenticated today and when they did. (1000 pts)
- Provide a list of all user accounts, specifying which accounts are able to run commands as root. (1000 pts)
- Use Splunk to find the top ten IP addresses connecting to the website today (500 pts)
Red Team
You get points by accomplishing these tasks:
- Adding up to three PWNED files to the server,
in the Web root, with the names listed below. Each such
file is worth +20 points every 10 seconds. Each file must contain
the text HINT: followed by a clue telling the Blue Team. how you
got in, and each file must be produced by getting in a different way.
- pwned1.htm
- pwned2.htm
- pwned3.htm
- Locking the Blue Team out so badly
that they need to wipe the machine and load a clean image is worth 1000 points
- Totally destroying the server so it must be reloaded is worth 100 pts
- Other epic feats of
pwnage (variable points)
Post-Mortem
After an hour or two of combat, there will be
a discusion of what worked, what didn't work,
and how to write better documentation to preserve
what has been learned for CCDC in the future.
Scoring Engine
For other schools who want to do this,
here
are the scripts that ran the scoring engine.
They are amazingly simple Python scripts.
We ran them on an Ubuntu server.
Posted 12-15-18