digital-forensics-labs/SecGen
1
0
Fork 0
mirror of https://github.com/cliffe/SecGen.git synced 2026-02-20 13:50:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ee5c9c2a2c830ebd08e20e7ed202053d9c4e2382
SecGen/scenarios/labs/introducing_attacks/3_vulnerabilities.xml
Z. Cliffe Schreuders 4e4ad45247 Improve and update metadata descriptions of lab scenarios
2023-11-07 23:55:15 +00:00

155 lines
5.9 KiB
XML
Raw Blame History

<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>Vulnerabilities, Exploits, and Remote Access Payloads</name>
<author>Z. Cliffe Schreuders</author>
<description>
# Introduction
In this lab you will explore one of the major threats in computer security: software vulnerabilities. It's a critical topic in the field of cybersecurity, as understanding how attackers exploit weaknesses in software systems is essential for both defensive and offensive security measures. The lab will cover various aspects, starting with an introduction to software vulnerabilities and the causes behind them, moving on to explore different types of payloads, such as bind shells and reverse shells. You will also get hands-on experience with the Metasploit framework, a powerful tool for conducting security assessments and penetration testing.
Throughout this lab, you will gain a deeper understanding of software vulnerabilities, how exploits work, and the techniques attackers use to gain remote access to vulnerable systems. You will learn and apply both remote and local (client-side) exploits. You'll simulate creating and using a malicious PDF document to compromise a system, as well as remotely exploiting a system with known vulnerabilities. This hands-on experience will provide you with valuable insights into the world of cybersecurity and start to learn about the power of the Metasploit framework, a popular hacking and penetration testing tool.
# Lecture
[Slides here](http://z.cliffe.schreuders.org/presentations/slides/DSL_DS_OSPT_Lectures_3_Vulnerabilities.html)
# Reading
[Chapter 8: Using Metasploit. Harper, A. and Harris, S. and Ness, J. and Eagle, C. and Lenkey, G, and Williams, T. (2011), Gray hat hacking : the ethical hacker's handbook, McGraw-Hill. (ISBN: 978-0-07-174256-6) Available online via the library](https://www-dawsonera-com.ezproxy.leedsbeckett.ac.uk/readonline/9780071742566)
</description>
<lab_sheet_url>https://docs.google.com/document/d/11I8xMUXrT5ArJIsAhwGDtQ4RkH4l9CR4C2wh9_wz8xM/edit?usp=sharing</lab_sheet_url>
<type>ctf-lab</type>
<type>lab-sheet</type>
<difficulty>easy</difficulty>
<CyBOK KA="MAT" topic="Attacks and exploitation">
<keyword>EXPLOITATION</keyword>
<keyword>EXPLOITATION FRAMEWORKS</keyword>
</CyBOK>
<CyBOK KA="SOIM" topic="PENETRATION TESTING">
<keyword>PENETRATION TESTING - SOFTWARE TOOLS</keyword>
<keyword>PENETRATION TESTING - ACTIVE PENETRATION</keyword>
</CyBOK>
<system>
<system_name>windows_victim</system_name>
<base platform="windows" distro="7"/>
<input into_datastore="IP_addresses">
<!-- 0 windows desktop -->
<value>172.16.0.2</value>
<!-- 1 linux server -->
<value>172.16.0.3</value>
<!-- 1 kali -->
<value>172.16.0.4</value>
</input>
<utility module_path=".*/parameterised_accounts" platform="windows">
<input into="accounts" into_datastore="accounts">
<generator type="account">
<input into="username">
<generator type="random_sanitised_word">
<input into="wordlist">
<value>mythical_creatures</value>
</input>
</generator>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>true</value>
</input>
<input into="strings_to_leak">
<generator type="random_line_generator">
<input into="linelist">
<value>secrets</value>
</input>
</generator>
</input>
<input into="leaked_filenames">
<value>my_secret.txt</value>
</input>
</generator>
</input>
</utility>
<!-- vulnerable Adobe Reader -->
<vulnerability cve="CVE-2008-2992"/>
<!-- netcat for testing shell connections -->
<utility module_path=".*/win_netcat"/>
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<system>
<system_name>linux_victim_server</system_name>
<base distro="Debian 10" type="desktop"/>
<!-- vulnerable distcc server -->
<vulnerability cve="CVE-2004-2687">
<input into="strings_to_leak">
<generator type="flag_generator" />
</input>
<input into="leaked_filenames">
<value>flag</value>
</input>
</vulnerability>
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
<system>
<system_name>kali</system_name>
<base distro="Kali" name="MSF"/>
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<value>{"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}</value>
</input>
</utility>
<utility module_path=".*/metasploit_framework"/>
<utility module_path=".*/handy_cli_tools"/>
<service module_path=".*/apache"/>
<utility module_path=".*/nmap"/>
<network type="private_network" >
<input into="IP_address">
<datastore access="2">IP_addresses</datastore>
</input>
</network>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
</system>
</scenario>
Reference in New Issue View Git Blame Copy Permalink