LAB-1/2 (CYBER-GAMES):

Cyber-Games is laboratory exercise that is used to test the understanding of th students of the vulnerabilities of the operating systems, applications, and protocols. The students are divided into teams, each team controls 4 VMs of two are servers (Windows 2000 Advanced Server SP4 and Mandrake 8.1) and the other two are hacking clients (Knoppix and Windows). The Linux server hosts and runs the following programs/services:Awstats 6.1, phpnuke 6.0, phpBB .0.7, OpenSSH, Samba, Webmin, SNMP, Telnet, FTP, MySQL, PosgreSQL, Squid. The Windows server hosts and runs the following program/services:Serv-U FTP server, IIS, Microsoft SQL Server 2000, Microsoft .NET Framework 1.1, Terminal Server Services, Microsoft ASP.NET Portal Starter Kit.

The virtual machines are located at <FYI: Mr. Nelson> and ready to download. If you need GUI for Mandrake type “startx” and press Enter.

Each team has two IP addresses available to them for the servers in the following format, A.A.A.X[0,1] where X is the team number and the digit specifies the system, Linux(0), Windows(1). Set these addresses statically. The client Vms get their address from DHCP.<FYI: Mr. Nelson>

Please only log on to the machines with your team number specified on top of it. <FYI: Mr. Nelson>

Team/Static IP Pairs:<FYI: Mr. Nelson>

SESSION I (Setting up the servers & Attack):

Patching the OS (i.e. fixing the vulnerabilities of the OS), enabling firewalls, and defence (i.e. fixing the vulnerabilities of the applications/protocols) are NOT allowed in this session.

1. Download and start both Linux Mandrake and Windows 2000 servers on Vmplayer.

2. Assign Static IP addresses to the servers<FYI: Mr. Nelson>

3. Perform exploratory network enumeration (using NMap) in an attempt to learn about computers on the network and the services they are running .

4. Make sure all the services defined above are running. (During both sessions we will constantly be checking whether the services are available.)

5. Start to attack(using nmap, nessus try to acquire passwords, get backdoors, restart machines) the opponents.

6. Points awarded for successful exploits and active services on your servers .

SESSION II (Hardening&Defence&Attack):

There are two phases A and B.

Phase A(Hardening):

Firewalls and system patching are NOT allowed in this and the following phase. Participants will harden their servers in an attempt to prevent attacks.

Attacking is NOT allowed in this phase.

1. Apply nmap, nessus, and other tools to you own servers in order to systematically reveal the weaknesses in password policies, backdoors, and other exploitable points.

2. Following the practices discussed in the lecture on system hardening, participants should attempt to protect their systems from attacks while maintaining service availability.

Phase B (Attack & Defence):

In this phase both attacking and defending is allowed but still firewalls and OS patches are NOT allowed.

1. During this phase, we will also supply several simplistic operational requirements from a fake “business” which will necessitate small changes to your systems.

2. Attack & Defence: Remember that on the session, passwords for every VM server image, as well as the services that run on them, will be identical. Use this knowledge to your advantage. Beyond this, we suggest that you begin your attacks on other systems with exhaustive enumeration and scanning techniques (nmap, Nessus). Refer to the allocation sheet in this packet for the IP addresses of other team servers. You may also scan your own system to learn about its configuration. Following this, begin to research exploits, consider discussed techniques (Hint: SNMP enumeration...?) and begin to try techniques on different systems. Also consider that when you have exploited a system, it is in your best interests to keep this machine running for as long as possible under your control. Immediately shutting down services which you need to connect to these systems and not insuring that you always have access to these systems is disadvantageous to your goal: more points. While other teams do loose points for service unavailability, the points system rewards attacks more than it penalizes for down services, especially if you are able to gain root access to a system your team attacks and continue attacks from that privilege level.

3. The teams are scored indicated as below: