This is my second CTF exercise that I have developed. It is rated as ‘Hard’.
Cyber criminals have taken over the energy grid across Europe. As a member of the security service, you’re tasked with breaking into their server, gaining root access, and preventing them from launching their malware before it’s too late.
We know from previous intelligence that this group sometimes use weak passwords. We recommend you look at this attack vector first – make sure you configure your tools properly. We do not have time to waste.
Unfortunately, the criminals have started a 3 hour clock. Can you get to their server in time before their malware is deployed and they destroy the evidence on their server?
The types of vulnerability/techniques used in this CTF can be seen below (they are intentionally hidden by default):
This exercise is designed to be completed in one sitting. Shutting down the virtual machine will not pause the timer. After the timer has finished, the CTF machine will be shut down and you will be unable to boot it. Please keep a local backup of the CTF prior to starting, in case you wish to attempt a second time.
If you are to succeed, I strongly recommend reading these points:
- Keep a local backup before starting in case you run out of time
- You will need a basic understanding of the GPG tool and how it works
- Configure your tools so they work at the maximum/hardest level possible. Make sure you are looping around the correct thing, if you know what I mean
- Getting the initial shell is possibly the longest part.
- There are four flags in total. Each flag file will guide you to the next area
This virtual machine has been tested in VirtualBox only. I cannot guarantee it will work on VMWare, but it should be okay.
You can download the CTF here. I look forward to your feedback.
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEbBiicuM2ITDGGcOJPvHWS2kZ5UMFAl7NXQsACgkQPvHWS2kZ 5UOzdg//es42hIqFbXL01ASUK6Rg0hU5hKQYBNYn+CshF+HbbuAVE4lWACd1PygR /rxKEuxnb74jvLtEn1S1orDSxu7ePKGEtxmLChX1AlTMWsODvBbDXvdtlE62iDRM ZwKsDs87dSpLHQazP+lV0jqot02GmLVPyeg2STKyfuyeQZ8KgKQUJHe/K0GRd0Z4 XaLuy1oRM6ujDk+GZv1Yjg8oP4Uzv+Tn0IMpfc8/1BHMIYZOnVEll3ukOFcnDYHW YcYvQwI9T8frMXLBhWqWbjFU4VCD3OAzL+F7TsQi5KZ6SuGtzRr4flhncHNYwcMU yuQonELGMdNuXBj6Dud6G9Drh2FrGyod1CZhPw/IWDzxBSM/K34MVNmBqUcEEt+4 +bqovZ8MQ2pbOQW4IVclejPwz07+VWWIf5OrhW2z80bOSKASY0y7+z068xmO0IcS ///zxkN53/iA6nNxB0I+QZWn+AaslaWL1vknekhLLY9hBm1qus1WCHNizUUvmgBF vyDCC4BbHgwnDqlGs8f8sREdsFr+uJrL905H/TL4Xv3H1MtKUXKQbcmUWOFpDRMm rH1qEehstgA2Eo4tBk+dfVbYnS+9aDnXw1v13bsdkNLZI38H6XZK2ecRsfj/TG3Z ZaQKClq+RjU9MG5RaFUwTQp95A8uILtmk+q7NEk61fAgzPLnPKQ= =pRuz -----END PGP SIGNATURE-----
|Version Number||Description of Changes||Date of Change|
|1.1||Stability release – changed some network settings to make this work correctly in non-VirtualBox setups||26/05/2020|