Browse Source

Merge remote-tracking branch 'refs/remotes/origin/master'

pull/788/head
Augusto 4 years ago
parent
commit
48908fc725
  1. 12
      docs/modular-steps-management.md
  2. 4
      docs/server-installation.md
  3. 3
      sh/debian/ubuntu/configure.sh
  4. 2
      sh/debian/ubuntu/system/etc/gdm3/PostLogin/Default
  5. 1
      sh/debian/ubuntu/system/usr/local/bin/reset_home
  6. 48
      subjects/add-vm/README.md
  7. 17
      subjects/add-vm/audit/README.md
  8. 70
      subjects/connect/README.md
  9. 15
      subjects/connect/audit/README.md
  10. 12
      subjects/linux/audit/README.md
  11. 27
      subjects/login/audit/README.md
  12. 29
      subjects/remote/README.md
  13. 21
      subjects/remote/audit/README.md
  14. 58
      subjects/scan/README.md
  15. 13
      subjects/scan/audit/README.md
  16. BIN
      subjects/scan/scan1.png
  17. BIN
      subjects/scan/scan2.png
  18. 10
      subjects/sys/README.md
  19. 2
      subjects/who-are-you/README.md

12
docs/modular-steps-management.md

@ -69,12 +69,12 @@ In the step object you have created, 2 attributes must be filled:
- `onChange` prop are ignored as the event is handled by the app.
- For `switch` and `checkbox` input types, the default value has to be set as a boolean property named **value**.
- More information for each inputs is available in the design documentation:
- [textInput documentation](https://[[DOMAIN]]/docs/Components/FormInputs/TextInput) - used for inputs type 'text', 'tel', and 'date'
- [textArea documentation](https://[[DOMAIN]]/docs/Components/FormInputs/TextArea)
- [select documentation](https://[[DOMAIN]]/docs/Components/FormControls/Select)
- [radio button documentation](https://[[DOMAIN]]/docs/Components/FormControls/Radio)
- [switch documentation](https://[[DOMAIN]]/docs/Components/FormControls/Switch)
- [checkbox documentation](https://[[DOMAIN]]/docs/Components/FormControls/Checkbox)
- [textInput documentation](<https://((DOMAIN))/docs/Components/FormInputs/TextInput>) - used for inputs type 'text', 'tel', and 'date'
- [textArea documentation](<https://((DOMAIN))/docs/Components/FormInputs/TextArea>)
- [select documentation](<https://((DOMAIN))/docs/Components/FormControls/Select>)
- [radio button documentation](<https://((DOMAIN))/docs/Components/FormControls/Radio>)
- [switch documentation](<https://((DOMAIN))/docs/Components/FormControls/Switch>)
- [checkbox documentation](<https://((DOMAIN))/docs/Components/FormControls/Checkbox>)
### Examples

4
docs/server-installation.md

@ -6,8 +6,8 @@ One domain and one subdomain must point to the IP address of a [dedicated server
| FQDN | Record type | Address |
| -------------- | ----------- | ------- |
| [[DOMAIN]] | A | X.X.X.X |
| git.[[DOMAIN]] | A | X.X.X.X |
| ((DOMAIN)) | A | X.X.X.X |
| git.((DOMAIN)) | A | X.X.X.X |
## Network configuration

3
sh/debian/ubuntu/configure.sh diff.vendored

@ -477,7 +477,8 @@ if ! test -v PERSISTENT; then
EOF
# Remove user abilities
gpasswd -d student sudo
sed -i 's/^%admin/# &/' /etc/sudoers
sed -i 's/^%sudo/# &/' /etc/sudoers
gpasswd -d student lpadmin
gpasswd -d student sambashare

2
sh/debian/ubuntu/system/etc/gdm3/PostLogin/Default diff.vendored

@ -29,7 +29,7 @@ if test -e /dev/disk/by-partlabel/01-home; then
mount -o noatime /dev/disk/by-partlabel/01-home /mnt
else
# Fails if no local partition is found
test -e /dev/disk/by-partlabel/01-tmp-home || exit 1
test -e /dev/disk/by-partlabel/01-tmp-home
# We don't care about data consistency since the partition is temporary so disable journaling
/sbin/mke2fs -t ext4 -O ^has_journal -F /dev/disk/by-partlabel/01-tmp-home

1
sh/debian/ubuntu/system/usr/local/bin/reset_home diff.vendored

@ -21,5 +21,4 @@ loginctl terminate-user student
sleep 0.1
umount /home/student/.cache /home/student /mnt
umount /dev/disk/by-partlabel/01-home ||:
/usr/sbin/wipefs -a /dev/disk/by-partlabel/01-tmp-home

48
subjects/add-vm/README.md

@ -0,0 +1,48 @@
## add-vm
### Add a virtual machine
We provide virtual machines you need to download & add to VirtualBox.
Each VM will contain a system in a certain state that you will need to use in order to crack the sysadmin exercises. Their names start with "01\_" in order to avoid conflict with your VM names.
You can download these VM here :
https://assets.01-edu.org/sys
For this exercise you need to download the archive : [01_add-vm.tar.gz](https://assets.01-edu.org/sys/01_add-vm.tar.gz).
Extract it in the folder `VirtualBox VMs` which is located in your [home directory](https://en.wikipedia.org/wiki/Home_directory).
In VirtualBox :
- Select on the menu bar : <u>M</u>achine → <u>A</u>dd
- Open the file `01_add-vm.vbox`
The VM should appear on the list under the name "01_add-vm".
### Snapshots
A snapshot is a state of a system at a given time, just like a version or a copy.
Let's imagine that you want to modify a text or a drawing, that you make a copy before, keeping the original... This is a snapshot.
Software that makes extensive use of this feature :
- Git (a commit is a snapshot)
- Windows System Restore (a restore point is a snapshot)
- macOS Time Machine (each backup is a snapshot)
- Linux LVM (Logical Volume Manager)
- Filesystems : Btrfs, ZFS
- Hypervisors like the one you are currently using : VirtualBox
**We recommend that this be the first thing you do after importing a VM.**
This way you can break it, go in the wrong direction or want to try another way and at any time you can go back to the original state.
If you forgot to do so and want to make a fresh start, you can always delete the VM (all files) and add it again in VirtualBox.
### Check
Since all VMs are based on this one, check that it is working properly by starting and stopping it gracefully (`poweroff` or ACPI shutdown).
The password is a single space.

17
subjects/add-vm/audit/README.md

@ -0,0 +1,17 @@
#### Functional
##### Ask the auditee to start VirtualBox.
###### Is VirtualBox correctly installed on the auditee's machine?
##### Ask the auditee to show you the VM `01_add-vm`.
###### Does the VM appears correctly on the list under the name `01_add-vm`?
##### Ask the auditee to make a "snapshot".
###### Was the auditee able to make a "snapshot" of the VM?
##### Ask the auditee to start and stop the VM. (reminder the password is a single space)
###### Was the auditee able to start and stop the VM?

70
subjects/connect/README.md

@ -0,0 +1,70 @@
## connect
To communicate over a network, a computer must have an IP address.
The computer can choose its own IP address (static) or can ask a DHCP server to assign one (dynamic).
Generally, clients (smartphones, laptops, etc...) rely on DHCP servers to have a dynamic IP address and servers have a static IP address.
For this project you will need to add these 3 VM :
- [01_connect_box](https://assets.01-edu.org/sys/01_connect_box.tar.gz)
- [01_connect_machine1](https://assets.01-edu.org/sys/01_connect_machine1.tar.gz)
- [01_connect_machine2](https://assets.01-edu.org/sys/01_connect_machine2.tar.gz)
The VM are configured like this :
```
N E T W O R K S C O M P U T E R S
_______________________________ ________________________
.-----------------------------.
| Internet |
'-----------------------------'
^
|
v
.-----------------------------.
| VirtualBox NAT |
| |
| DHCP server | .----------------------.
| DNS server | | box |
| | | |
| (10.0.2.2) NIC |<--->| enp0s8 (10.0.2.15) |
| | | ^ |
'-----------------------------' | | |
.-----------------------------. | | |
| VirtualBox Internal Network | | | DHCP server |
| | | v |
| |<----->| enp0s3 (192.168.0.1) |
| | | | |
| | | '----------------------'
| | | .----------------------.
| | | | machine1 |
| | | | |
| |<----->| enp0s3 (192.168.0.2) |
| | | | |
| | | '----------------------'
| | | .----------------------.
| | | | machine2 |
| | | | |
| |<----->| enp0s3 (192.168.0.2) |
| | | |
'-----------------------------' '----------------------'
```
You will only have control over "machine2". This computer have Internet access through the "box".
Start the 3 VM and test on machine2 the connectivity quality with this command :
```
timeout --signal SIGINT 1m ping google.com
```
After one minute the result shows the percentage of lost packets. It should be quite high (above 10%).
machine1 and machine2 have the same IP address, which leads to connectivity problems.
Find how to :
- change the IP address to avoid the conflict
- make the IP address dynamic (attributed by the box DHCP server)

15
subjects/connect/audit/README.md

@ -0,0 +1,15 @@
#### Functional
###### Is VirtualBox installed?
###### Are the 3 VMs, 01_connect_box, 01_connect_machine1, and 01_connect_machine2 properly added to VirtualBox?
#### General
##### Ask the auditee to start the 3 VMs in Virtual Box. Ask him to change the IP address of machine2.
###### Ask the auditee this command `timeout --signal SIGINT 1m ping google.com`. Is the number of lost packets close to 0%?
##### Ask the auditee make the IP address dynamic and explain the process.
###### Ask the auditee this command `timeout --signal SIGINT 1m ping google.com`. Is the number of lost packets still close to 0%?

12
subjects/linux/audit/README.md

@ -1,7 +1,13 @@
#### Functional
###### Is VirtualBox correctly installed ?
##### Ask the auditee to start VirtualBox.
###### Does the virtual machine boot Debian properly (in less than 2 minutes) ?
###### Is VirtualBox correctly installed on the auditee's machine?
###### After the boot is complete, does the system react to the ACPI Shutdown and does the virtual machine stop ?
##### Ask the auditee to show you his VM with a version of debian already installed.
###### Does the virtual machine boot Debian properly (in less than 2 minutes)?
##### After the boot is completed, ask the auditee to shutdown his VM with the ACPI Shutdown.
###### Does the system react to the ACPI Shutdown and does the virtual machine stop?

27
subjects/login/audit/README.md

@ -0,0 +1,27 @@
#### Functional
##### Ask the auditee to start VirtualBox.
###### Is VirtualBox correctly installed on the auditee's machine?
#### General
##### Ask the auditee to login as a user in one terminal.
###### Has the password been correctly changed to "michelle"?
##### Ask the auditee to login as a superuser (root) in another terminal.
###### Has the password been correctly changed to "michelle"?
##### Ask the auditee to execute a command to show you the inode of a file. (The inode is a number)
###### Has the auditee correctly shown you (and if necessary explained) the inode of a file?
##### Ask the auditee to execute a command to show you the current user ID (it is also a number).
###### Has the auditee correctly shown you (and if necessary explained) the id a the user?
##### Ask the auditee to execute a command to show you the PID (another number) of a program (like bash for example).
###### Has the auditee correctly shown you (and if necessary explained) the PID a program?

29
subjects/remote/README.md

@ -0,0 +1,29 @@
## remote
### Connect
To type commands in a distant shell, you can use your peripherals (keyboard, monitor) or [SSH](<https://en.wikipedia.org/wiki/SSH_(Secure_Shell)>).
It is more comfortable to use SSH because you can use your usual terminal, with the right keymap, theme, etc.
Do to this exercise you will need to add this VM :
- [01_remote](https://assets.01-edu.org/sys/01_remote.tar.gz)
Because the VM is behind the VirtualBox NAT router you can't access it directly. Unless you add a port forwarding rule in the VM settings that maps a host port to a guest port. Host refers to your machine and guest to the VM.
Host & guest IP addresses don't need to be specified, guest port needs to be 22 because that's SSH default listening port.
Then connect to it via SSH (this is the only way since consoles are disabled) :
```
ssh -p HOST_PORT root@localhost
```
### Configure
It is recommended to change the default SSH port (22) to prevent bots from trying to connect to it.
Since we are pretending that the guest VM is a server, change the SSH service port and make sure the port forwarding of the Virtual NAT network still works !
In addition, you will need to allow the new port in the firewall `ufw`.

21
subjects/remote/audit/README.md

@ -0,0 +1,21 @@
#### Functional
###### Is VirtualBox installed?
###### Is the VM, 01_remote, added to VirtualBox?
#### General
##### The auditeee is supposed to set a port forwarding rule in the VM settings that maps the host port to a guest port.
##### Ask the auditee to show you that rule in the settings or to set it up if it is not done yet.
##### Ask the auditee to connect to the VM via SSH thru the host port.
###### Did the auditee manage to connect via SSH with either this command: `ssh -p22 root@localhost` or `ssh -pANOTHER_PORT root@localhost`?
##### If the auditee connected thru port 22, ask the auditee to change the port of the Guest VM.
##### Ask the auditee to connect to the VM via SSH thru the new chosen host port.
###### Did the auditee manage to connect via SSH with this command `ssh -pANOTHER_PORT root@localhost`?

58
subjects/scan/README.md

@ -0,0 +1,58 @@
## scan
![scan1](scan1.png)
> You're going to do like Trinity in the movie _The Matrix Reloaded_. Except that you're not going to turn off the electricity in a city, and you probably don't wear as much leather, but that's okay.
---
By design and by default, most network entities have a high discoverability.
Whatever your motivations for exploring a network (hacking, curiosity...), you generally proceed in this order :
1. Scan a network to find hosts
2. Scan a host to get information (hardware, OS & exposed services)
`1.` can be done by analyzing the link layer of Internet protocols, in particular `ARP` in order to gather MAC addresses (the identifier of a network interface, such as Wi-Fi or Ethernet cards).
`2.` is usually performed by analyzing the network and transport layers, in particular the `IP` & `TCP` protocols with the `nmap` tool.
For the context, when you open a website, here are the protocols involved, from the highest to lowest level (the protocols at the top depend on those at the bottom):
- `HTTP`: application layer (website data) - messages
- `TLS`: application layer ("lock" sign) - secure connection
- `TCP`: transport layer (port number) - reliable connection
- `IP`: network layer (IP address) - global communication
- `ARP`: link layer (MAC address) - local communication
For this challenge, you will focus on `IP`, `ARP` & `TCP`, and therefore on IP/MAC addresses and ports.
You will need to add these 2 VM :
- [01_scan_RRF-CONTROL](https://assets.01-edu.org/sys/01_scan_RRF-CONTROL.tar.gz)
- [01_scan_laptop](https://assets.01-edu.org/sys/01_scan_laptop.tar.gz)
You will only have control over "laptop". A port forwarding is set on 10122 so you can connect through SSH.
Your mission, should you choose to accept it, is to scan the network interface `enp0s8` and find a way in the server, you will know you have succeeded when you see :
```
RRF-CONTROL> █
```
Because the VirtualBox Internal Network is very slow (10 Mbps, Ethernet is usually 1000 Mbps), expect long scan times :
- ARP scanning takes up to 5 minutes
- port scanning takes up to half an one hour with the option `-T4` (even more without).
May the Fourth be with you.
---
---
![scan2](scan2.png)
> Another depiction of the `nmap` tool: in _Ocean's 8_, Rihanna uses [Kali Linux](https://www.kali.org) to steal a valuable diamond.
>
> Same strategy, different styles

13
subjects/scan/audit/README.md

@ -0,0 +1,13 @@
#### Functional
###### Is VirtualBox installed?
###### Are the 2 VMs, 01_scan_RRF-CONTROL and 01_scan_laptop, properly added to VirtualBox?
#### General
##### Ask the auditee, from the VM laptop, to get into the other VM. As a reminder the port forwarding is set to 10122.
##### (Allow some time for the hacking to take place)
###### Did the auditee manage to get `RRF-control` appearing on the laptop VM (did the auditee manage to get thru)?

BIN
subjects/scan/scan1.png

diff.bin_not_shown

After

Width:  |  Height:  |  Size: 74 KiB

BIN
subjects/scan/scan2.png

diff.bin_not_shown

After

Width:  |  Height:  |  Size: 95 KiB

10
subjects/sys/README.md

@ -10,11 +10,11 @@
| ------------- | ------------------------------------------------------------------------------------------------------------------ | ---------------------- | --------------- |
| `linux` | Introduction and VirtualBox installation/basic usage. | OS, virtualization | subject + audit |
| `login` | Connect to console (using different virtual terminals), basic commands and usage of the console. | OS | subject |
| `update-vm` | Fetch, update and use our training virtual machine (introduction to snapshots and cloning). | virtualization | script |
| `connect` | Fix a conflict of IP address, configure DHCP & static IP address. | OS, network | |
| `remote` | Remotely connect to a pseudo-terminal (configure firewall, change SSH port and listening address). | OS, network, security | WIP |
| `upgrade` | Free disk space (caches, logs & temporary files) to upgrade the OS. | OS | |
| `scan` | Discover machines and services (scan ARP, `nmap`), brute-force portals. | OS, network, security | WIP |
| `add-vm` | Download and add our training virtual machines (introduction to snapshots). | virtualization | VM, subject |
| `connect` | Fix a conflict of IP address, configure DHCP & static IP address. | OS, network | VM, subject |
| `remote` | Remotely connect to a pseudo-terminal (configure firewall, change SSH port and listening address). | OS, network, security | VM, subject |
| `scan` | Discover machines and services (scan ARP, `nmap`), brute-force portals. | OS, network, security | VM, subject |
| `upgrade` | Free disk space (caches, logs & temporary files) to upgrade the OS. | OS | WIP |
| `reboot` | Learn how to recognize a blocked system and reboot it (hard reset, magic SysRq key). | OS | |
| `ram` | Fix a program being OOM (enlarge swap and system memory, compare performance). | OS, virtualization | |
| `benchmark` | Learn how to benchmark a program | OS, disk | WIP |

2
subjects/who-are-you/README.md

@ -8,6 +8,6 @@ The only thought that comes to your mind is a tag that says: `subject Id: 70`"
Create the file `who-are-you.sh` which will remind you who you are by showing your name only.
- Where to look : https://[[DOMAIN]]/assets/superhero/all.json
- Where to look : [all.json](https://[[DOMAIN]]/assets/superhero/all.json)
- What to use : `curl` and `jq`

Loading…
Cancel
Save