# Introduction

**AllEndEvent** is a fictive company that was designed for the sole purpose of teaching beginners some core principles of penetration testing in a virtual home lab. It's meant to be a fun challenge but also point out the importance of enumeration. In contrast to many CTF like environments, there is no excessive brute forcing, steganography or a random password protected UDP port. All you get is a couple of virtual machines that have to be investigated thoroughly. Challengers will be required to research exploits, escalate their privileges, move laterally, and pivot to another network.

## Prerequisites

* VirtualBox or KVM
* A VM for attacking the network
* 16 GB RAM
* Curiousity

## Challenge Files

Provided is a virtual environment that can be installed either on VirtualBox or KVM. Included are three linux VMs as well as an external and internal network.

{% embed url="<https://zenodo.org/record/7629681>" %}
Challenge files can be downloaded for VirtualBox or KVM
{% endembed %}

## Setup

{% hint style="info" %}
The setup will be demonstrated with VirtualBox. KVM users will know what to do.
{% endhint %}

1. Download and extract `AllEndEventVBox.zip`
2. Open VirtualBox
3. Select "Tools" and click on "Import"
4. Select `MailAllendevent.ova` from the extracted archive
5. You will be shown an "Appliance settings" window
   * The default settings are the recommended minimum.&#x20;
6. Confirm with "Finish"
7. Repeat steps 3-6 for the other two `.ova` files.
8. Select your attack VM
9. Click on "Settings" and go to "Network"
10. Select "Internal Network" from the dropdown menu for the "Attached to" option
11. Select "external" from the dropdown menu for the "Name" option
12. Though optional, you may want to add internet connection to your attack machine by selecting "NAT" for the second network adapter
13. Start your attack VM and add a static IP for the adapter that has been connected to the "external" network
    1. Open "Advanced Network Configuration"
    2. Select "Wired connection 1" or whatever the corresponding name is
    3. Go to "IPv4 Settings"
    4. From the dropdown menu select "Manual" instead of "DHCP"
    5. Add 10.0.5.10 and 255.255.255.0 for the address and netmask respectively
    6. Save the settings
14. Finally, add the following entries to your `/etc/hosts` in the attack VM
    * `10.0.5.6  mail.allendevent.com`
    * `10.0.5.8  allendevent.com`
15. Create snapshots of all three target VMs
    * The mail server may break during a forceful shutdown and should be reset before every launch

## Goal

Your mission, should you choose to accept it, will entail an external pentest of **AllEndEvent**. There will be no flags throughout the entire network - remember, this is not a CTF. Instead, your final goal is to retrieve a set of sensitive client data.

## Scope

The following targets are in scope for testing:

| IP range     | Description      |
| ------------ | ---------------- |
| 10.0.5.0/24  | external network |
| 10.0.10.0/24 | internal network |

Any system inside the defined scope can be attacked. Modifying credentials and other disruptive techniques to gain access are allowed. However, downtime of services is to be minimised or avoided if possible.&#x20;

You are **NOT** allowed to demonstrate exploitation of DoS attacks.

And lastly, here are some additional rules to save you some time:

* The entire network does NOT require brute force or cracking of any sort. Enumeration is key.
* There is no user or traffic simulation. XSS, Phishing and other attacks requiring user interaction will not be effective.

<mark style="color:green;">**Good luck and have fun.**</mark>

## Disclaimer

This environment is provided "as is" and I do not assume any liability or grant warranty. You are free to use, redistribute and modify the network under [CC BY 4.0](https://creativecommons.org/licenses/by/4.0/). Beware that each software installed on the virtual servers comes with its own license. All source code is accessible with the credentials provided in the description of the download links.

{% hint style="danger" %}
Installing intentionally vulnerable systems poses a security threat. Efforts were made to minimise the potential risk by using "Internal Network" adapters that isolate the VMs from the host. Still, the creator is not responsible for any potential damages.
{% endhint %}

A [writeup](https://ccat.gitbook.io/cyber-sec/allendevent/chapter-i) will follow but I can not guarantee any support or troubleshooting for users in the future. Due to the nature of software, things may break and unintended solutions will inevitably arise. If you find me on the TCM Discord, however, feel free to DM questions or leave feedback anytime.