CYBER WARZONE Tomáš Jirsík A BRIEF INTRODUCTION TO THE ATTACK-DEFENSE CTF Masarykova univerzita, Brno Attack ▪ Network exploration tool and security / port scanner ▪ Usage: $ nmap [Options] {target ip} ▪ Example: $ nmap -p- 10.1.33.7 ▪ Useful params: ▪ -p : Only scan specified ports (-p- for all ports) ▪ -T<0-5>: Set timing template (higher means faster scan) Masarykova univerzita, Brno nmap ▪ a very fast network logon cracker for many different services ▪ Usage: $ nmap [Options] {target ip} {target service} ▪ Example: $ hydra -L usernames.txt -P passwords.txt 10.1.33.7 ssh ▪lots of noise (trying every possible username/password combination from given input lists), but lots of times it works Masarykova univerzita, Brno hydra ▪ nc - TCP/IP swiss army knife ▪ Usage: $ nc [options] {ip address} {port(s)} # to connect $ nc -l [options] {port(s)} # to listen on given port ▪ Example: $ nc 10.1.33.7 42 # will connect to host 10.1.33.7 on port 42 $ nc -vl 1337 # starts listening for connections on port 1337 Masarykova univerzita, Brno netcat ▪ sqlmap ▪ sparta ▪ metasploit / armitage ▪ burpsuit ▪ wireshark ▪ and many more… Masarykova univerzita, Brno More tools ▪ Ensure that your users have strong password ▪ Check for unnecessary running services ▪ Check for unnecessary active users ▪ Update OS and software ▪ Fire up Firewall ▪ Strike faster than your enemy Masarykova univerzita, Brno Defense ▪ Enabled root user is a bad idea, use sudo instead ▪ $ sudo passwd -u / -l user # enable / disable user ▪ $ cut -d: -f1 /etc/passwd # list of all users ▪ $ sudo adduser / deluser # add / remove user Masarykova univerzita, Brno User Management ▪ $ sudo ufw status # get current status of firewall ▪ $ sudo ufw enable # enable firewall ▪ $ sudo ufw default deny incoming # deny all incoming traffic ▪ $ sudo ufw allow 22 # allow tcp connections on port 22 ▪ $ sudo ufw reload # reload firewall ▪ $ sudo ufw reset # reset to default rules Masarykova univerzita, Brno Firewall FIGHT YOU HAVE 10 MINUTES TO SECURE YOUR DEFENSE SERVER ANY ATTACK DURING THIS TIME IS STRICTLY FORBIDDEN EVERY 12 MINUTES NEW HINT APPEARS ”Invincibility lies in the defence; the possibility of victory in the attack.” . - Sun Tzu Q&A https://www.vulnhub.com # free CTF games https://news.ycombinator.com # hacker news https://www.wikileaks.org # lots of useful info:) https://crackstation.net # free hash cracker https://apsdehal.in/awesome-ctf/ # info about CTF games