Introduction

Showcasing a beginner oriented pentesting challenge.

AllEndEvent is a fictive company that was designed for the sole purpose of teaching beginners some core principles of penetration testing in a virtual home lab. It's meant to be a fun challenge but also point out the importance of enumeration. In contrast to many CTF like environments, there is no excessive brute forcing, steganography or a random password protected UDP port. All you get is a couple of virtual machines that have to be investigated thoroughly. Challengers will be required to research exploits, escalate their privileges, move laterally, and pivot to another network.

Prerequisites

• VirtualBox or KVM

• A VM for attacking the network

• 16 GB RAM

• Curiousity

Challenge Files

Provided is a virtual environment that can be installed either on VirtualBox or KVM. Included are three linux VMs as well as an external and internal network.

Simulating an External Penetration Test in a Virtualised EnvironmentZenodo

Challenge files can be downloaded for VirtualBox or KVM

Setup

The setup will be demonstrated with VirtualBox. KVM users will know what to do.

1. Download and extract AllEndEventVBox.zip

2. Open VirtualBox

3. Select "Tools" and click on "Import"

4. Select MailAllendevent.ova from the extracted archive

5. You will be shown an "Appliance settings" window

   • The default settings are the recommended minimum.

6. Confirm with "Finish"

7. Repeat steps 3-6 for the other two .ova files.

8. Select your attack VM

9. Click on "Settings" and go to "Network"

10. Select "Internal Network" from the dropdown menu for the "Attached to" option

11. Select "external" from the dropdown menu for the "Name" option

12. Though optional, you may want to add internet connection to your attack machine by selecting "NAT" for the second network adapter

13. Start your attack VM and add a static IP for the adapter that has been connected to the "external" network

    1. Open "Advanced Network Configuration"

    2. Select "Wired connection 1" or whatever the corresponding name is

    3. Go to "IPv4 Settings"

    4. From the dropdown menu select "Manual" instead of "DHCP"

    5. Add 10.0.5.10 and 255.255.255.0 for the address and netmask respectively

    6. Save the settings

14. Finally, add the following entries to your /etc/hosts in the attack VM

    • 10.0.5.6 mail.allendevent.com

    • 10.0.5.8 allendevent.com

15. Create snapshots of all three target VMs

    • The mail server may break during a forceful shutdown and should be reset before every launch

Goal

Your mission, should you choose to accept it, will entail an external pentest of AllEndEvent. There will be no flags throughout the entire network - remember, this is not a CTF. Instead, your final goal is to retrieve a set of sensitive client data.

Scope

The following targets are in scope for testing:

IP range	Description
10.0.5.0/24	external network
10.0.10.0/24	internal network

Any system inside the defined scope can be attacked. Modifying credentials and other disruptive techniques to gain access are allowed. However, downtime of services is to be minimised or avoided if possible.

You are NOT allowed to demonstrate exploitation of DoS attacks.

And lastly, here are some additional rules to save you some time:

• The entire network does NOT require brute force or cracking of any sort. Enumeration is key.

• There is no user or traffic simulation. XSS, Phishing and other attacks requiring user interaction will not be effective.

Good luck and have fun.

Disclaimer

This environment is provided "as is" and I do not assume any liability or grant warranty. You are free to use, redistribute and modify the network under CC BY 4.0. Beware that each software installed on the virtual servers comes with its own license. All source code is accessible with the credentials provided in the description of the download links.

Installing intentionally vulnerable systems poses a security threat. Efforts were made to minimise the potential risk by using "Internal Network" adapters that isolate the VMs from the host. Still, the creator is not responsible for any potential damages.

A writeup will follow but I can not guarantee any support or troubleshooting for users in the future. Due to the nature of software, things may break and unintended solutions will inevitably arise. If you find me on the TCM Discord, however, feel free to DM questions or leave feedback anytime.