From ChekMate Security Group

Contents 1 War Games 1.1 Network Design 1.2 Server Configuration 1.3 Training Sessions 1.3.1 Training Session 1 1.3.2 Training Session 2 1.3.3 Training Session 3 1.3.4 Training Session 4 1.3.5 Training Session 5 1.3.6 Training Session 6 1.4 Additional Resources

War Games

I have been working on a new hands on training session for ChekMate. I want the session to provide a practical learning experience about computer security. As it is important to know the basics about how a hacker breaks into a computer, members should be given opportunities to attack a system to learn about the different techniques and tool sets.

Class Size: 20 members (plus 2-4 mentors)

Class is divided into two groups. The Alpha Team and the Omega Team.

Each training session will have the same network infrastructure and server configuration. Each network (Omega/Alpha) will be identical in design. Example:

Network Design

Server Configuration

• Two servers are required for these training sessions: AlphaServer and OmegaServer.
• Each server will be running VMWare Server and have at least two instances of VMWare Guest OSes.
• The Host OS will be running as the primary firewall and connect to three networks: External, DMZ and Internal.
• The DMZ network will have an IP address translated to the External network.
• The Internal network will not have a one to one translation.

Training Sessions

Training Session 1

The first training session will be an introduction to attacking a network.

• Objectives
  • Determine the active hosts in the network. Determine each host's OS and the services/applications that are remotely accessible. Special prize will be assigned to those who can evade the IDS Server.
  • Get interactive access to the web server host by exploiting a web-based vulnerability. You must be able to log into the host as a user account other than root.
  • Get root privileges on the web server host.
  • Determine the hosts that are located in the internal network. Determine each host's OS and the services/applications that are remotely accessible. Special prize will be assigned to those who can evade the IDS Server.
  • Access the MySQL database on host SQL and obtain the content of the table Employees
  • Get interactive access to the MySQL server host. You have to be able to login with an account other than root.
  • Get root access to the MySQL Server
  • Modify the table Employees, changing the account number of each employee to an account number of your choosing.
  • Access the Payroll Database and modify the appropriate table to have all employee paycheques to be sent to your ficticious account number.

Training Session 2

Will be a continuation of the Training Session 1. Lessons Learned from session 1 are meant to be applied to this training session.

• Objectives
  • Determine the active hosts in the network. Determine each host's OS and the services/applications that are remotely accessible. Special prize will be assigned to those who can evade the IDS Server.
  • Get interactive access to the web server host by exploiting a web-based vulnerability. You must be able to log into the host as a user account other than root.
  • Get root privileges on the web server host.
  • Determine the hosts that are located in the internal network. Determine each host's OS and the services/applications that are remotely accessible. Special prize will be assigned to those who can evade the IDS Server.
  • Access the MySQL database on host SQL and obtain the content of the table Employees
  • Get interactive access to the MySQL server host. You have to be able to login with an account other than root.
  • Get root access to the MySQL Server
  • Modify the table Employees, changing the account number of each employee to an account number of your choosing.
  • Access the Payroll Database and modify the appropriate table to have all employee paycheques to be sent to your ficticious account number.

Training Session 3

The first hour of the class will be used to protect your team's server environment. The rest of the class will be used to attack the other teams network.

• Objectives
  • Implement additional controls to the environment to limit the exposure of the operating system/services.
  • Determine the active hosts in the network. Determine each host's OS and the services/applications that are remotely accessible. Special prize will be assigned to those who can evade the IDS Server.
  • Get interactive access to the web server host by exploiting a web-based vulnerability. You must be able to log into the host as a user account other than root.
  • Get root privileges on the web server host.
  • Determine the hosts that are located in the internal network. Determine each host's OS and the services/applications that are remotely accessible. Special prize will be assigned to those who can evade the IDS Server.
  • Access the MySQL database on host SQL and obtain the content of the table Employees
  • Get interactive access to the MySQL server host. You have to be able to login with an account other than root.
  • Get root access to the MySQL Server
  • Modify the table Employees, changing the account number of each employee to an account number of your choosing.
  • Access the Payroll Database and modify the appropriate table to have all employee paycheques to be sent to your ficticious account number.

Training Session 4

Will be a continuation of the Training Session 3. Lessons Learned from session 3 are meant to be applied to this training session.

• Objectives
  • Implement additional controls to the environment to limit the exposure of the operating system/services.
  • Determine the active hosts in the network. Determine each host's OS and the services/applications that are remotely accessible. Special prize will be assigned to those who can evade the IDS Server.
  • Get interactive access to the web server host by exploiting a web-based vulnerability. You must be able to log into the host as a user account other than root.
  • Get root privileges on the web server host.
  • Determine the hosts that are located in the internal network. Determine each host's OS and the services/applications that are remotely accessible. Special prize will be assigned to those who can evade the IDS Server.
  • Access the MySQL database on host SQL and obtain the content of the table Employees
  • Get interactive access to the MySQL server host. You have to be able to login with an account other than root.
  • Get root access to the MySQL Server
  • Modify the table Employees, changing the account number of each employee to an account number of your choosing.
  • Access the Payroll Database and modify the appropriate table to have all employee paycheques to be sent to your ficticious account number.

Training Session 5

Each team is split into 2 sub groups. First 30 minutes of the class will be used to protect your team's server environment. For the rest of the class, one sub-group will be monitoring the network for intrusion attempts and the other will be attacking the opposing network - switching roles half way through the time period.

• Objectives
  • Implement additional controls to the environment to limit the exposure of the operating system/services.
  • Establish network awareness of the team's network and have IDS tools to discover incidents.
  • Determine the active hosts in the network. Determine each host's OS and the services/applications that are remotely accessible. Special prize will be assigned to those who can evade the IDS Server.
  • Get interactive access to the web server host by exploiting a web-based vulnerability. You must be able to log into the host as a user account other than root.
  • Get root privileges on the web server host.
  • Determine the hosts that are located in the internal network. Determine each host's OS and the services/applications that are remotely accessible. Special prize will be assigned to those who can evade the IDS Server.
  • Access the MySQL database on host SQL and obtain the content of the table Employees
  • Get interactive access to the MySQL server host. You have to be able to login with an account other than root.
  • Get root access to the MySQL Server
  • Modify the table Employees, changing the account number of each employee to an account number of your choosing.
  • Access the Payroll Database and modify the appropriate table to have all employee paycheques to be sent to your ficticious account number.

Training Session 6

Will be a continuation of the Training Session 5. Lessons Learned from session 3 are meant to be applied to this training session.

• Objectives
  • Implement additional controls to the environment to limit the exposure of the operating system/services.
  • Establish network awareness of the team's network and have IDS tools to discover incidents.
  • Servers can be patched with the latest version of software.
  • Determine the active hosts in the network. Determine each host's OS and the services/applications that are remotely accessible. Special prize will be assigned to those who can evade the IDS Server.
  • Get interactive access to the web server host by exploiting a web-based vulnerability. You must be able to log into the host as a user account other than root.
  • Get root privileges on the web server host.
  • Determine the hosts that are located in the internal network. Determine each host's OS and the services/applications that are remotely accessible. Special prize will be assigned to those who can evade the IDS Server.
  • Access the MySQL database on host SQL and obtain the content of the table Employees
  • Get interactive access to the MySQL server host. You have to be able to login with an account other than root.
  • Get root access to the MySQL Server
  • Modify the table Employees, changing the account number of each employee to an account number of your choosing.
  • Access the Payroll Database and modify the appropriate table to have all employee paycheques to be sent to your ficticious account number.

Additional Resources

• Application Security
• Application Monitoring
• Auditing & Assessments
• Exploits
• Finger Printing
• Firewall & Perimeter Protection
• Hacking
• Incident Handling
• Intrusion Detection
• Malicious Code
• Network Monitoring
• Packet Analysis
• Patch Utilities
• Penetration Testing
• Securing Code
• Security Awareness
• Security Management
• Security Monitoring
• Security Tools
• System Administration
• System Monitoring
• Threats/Vulnerabilities
• Vulnerability Management
• Web Security