|
|
|
|
#### General
|
|
|
|
|
|
|
|
|
|
##### Check the Repo content
|
|
|
|
|
|
|
|
|
|
Files that must be inside your repository:
|
|
|
|
|
|
|
|
|
|
- a README.md file, Which explains all the steps you went through in order to reach root access.
|
|
|
|
|
|
|
|
|
|
###### Does the required files present?
|
|
|
|
|
|
|
|
|
|
##### Evaluate the student's submission
|
|
|
|
|
|
|
|
|
|
###### Is the student able to explain clearly what Privilege Escalation means?
|
|
|
|
|
|
|
|
|
|
##### Set up the virtual machine
|
|
|
|
|
|
|
|
|
|
Get [01-Local1.ova](https://assets.01-edu.org/cybersecurity/local/01-Local.ova).
|
|
|
|
|
For machine using Apple Silicon or equivalent get [01-Local1.utm.zip](https://assets.01-edu.org/cybersecurity/local/01-Local1.utm.zip).
|
|
|
|
|
|
|
|
|
|
SHA1 for `01-Local1.ova`: f3422f3364fd38e8183740f8f57fa951d3f6e0bf
|
|
|
|
|
SHA1 for `01-Local1.utm.zip`: d4a40ca50044778ddc01a57ac16382e4140000e0
|
|
|
|
|
|
|
|
|
|
> If it's already downloaded in the student machine, please check the SHA1 running the following command
|
|
|
|
|
|
|
|
|
|
```console
|
|
|
|
|
$ sha1sum <filename>
|
|
|
|
|
<SHA1>
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
###### Is the SHA1 the expected one?
|
|
|
|
|
|
|
|
|
|
##### Ask the student to get the IP address.
|
|
|
|
|
|
|
|
|
|
###### Can the student explain all the steps?
|
|
|
|
|
|
|
|
|
|
##### Ask the student to become root.
|
|
|
|
|
|
|
|
|
|
> The modification in GRUB or in the VM to get the root access is forbidden!
|
|
|
|
|
|
|
|
|
|
###### Can the student explain all the steps?
|
|
|
|
|
|
|
|
|
|
##### Ask the student to show the flag.
|
|
|
|
|
|
|
|
|
|
###### Can the student explain all the steps?
|
|
|
|
|
|
|
|
|
|
##### Ask the student to explain clearly each exploit and how we can fix it!
|
|
|
|
|
|
|
|
|
|
###### DOES the student explain clearly what are the steps taken to fix each vulnerability?
|
