Introduction
Showcasing a beginner oriented pentesting challenge.
Last updated
Showcasing a beginner oriented pentesting challenge.
Last updated
AllEndEvent is a fictive company that was designed for the sole purpose of teaching beginners some core principles of penetration testing in a virtual home lab. It's meant to be a fun challenge but also point out the importance of enumeration. In contrast to many CTF like environments, there is no excessive brute forcing, steganography or a random password protected UDP port. All you get is a couple of virtual machines that have to be investigated thoroughly. Challengers will be required to research exploits, escalate their privileges, move laterally, and pivot to another network.
VirtualBox or KVM
A VM for attacking the network
16 GB RAM
Curiousity
Provided is a virtual environment that can be installed either on VirtualBox or KVM. Included are three linux VMs as well as an external and internal network.
The setup will be demonstrated with VirtualBox. KVM users will know what to do.
Download and extract AllEndEventVBox.zip
Open VirtualBox
Select "Tools" and click on "Import"
Select MailAllendevent.ova
from the extracted archive
You will be shown an "Appliance settings" window
The default settings are the recommended minimum.
Confirm with "Finish"
Repeat steps 3-6 for the other two .ova
files.
Select your attack VM
Click on "Settings" and go to "Network"
Select "Internal Network" from the dropdown menu for the "Attached to" option
Select "external" from the dropdown menu for the "Name" option
Though optional, you may want to add internet connection to your attack machine by selecting "NAT" for the second network adapter
Start your attack VM and add a static IP for the adapter that has been connected to the "external" network
Open "Advanced Network Configuration"
Select "Wired connection 1" or whatever the corresponding name is
Go to "IPv4 Settings"
From the dropdown menu select "Manual" instead of "DHCP"
Add 10.0.5.10 and 255.255.255.0 for the address and netmask respectively
Save the settings
Finally, add the following entries to your /etc/hosts
in the attack VM
10.0.5.6 mail.allendevent.com
10.0.5.8 allendevent.com
Create snapshots of all three target VMs
The mail server may break during a forceful shutdown and should be reset before every launch
Your mission, should you choose to accept it, will entail an external pentest of AllEndEvent. There will be no flags throughout the entire network - remember, this is not a CTF. Instead, your final goal is to retrieve a set of sensitive client data.
The following targets are in scope for testing:
10.0.5.0/24
external network
10.0.10.0/24
internal network
Any system inside the defined scope can be attacked. Modifying credentials and other disruptive techniques to gain access are allowed. However, downtime of services is to be minimised or avoided if possible.
You are NOT allowed to demonstrate exploitation of DoS attacks.
And lastly, here are some additional rules to save you some time:
The entire network does NOT require brute force or cracking of any sort. Enumeration is key.
There is no user or traffic simulation. XSS, Phishing and other attacks requiring user interaction will not be effective.
Good luck and have fun.
This environment is provided "as is" and I do not assume any liability or grant warranty. You are free to use, redistribute and modify the network under CC BY 4.0. Beware that each software installed on the virtual servers comes with its own license. All source code is accessible with the credentials provided in the description of the download links.
Installing intentionally vulnerable systems poses a security threat. Efforts were made to minimise the potential risk by using "Internal Network" adapters that isolate the VMs from the host. Still, the creator is not responsible for any potential damages.
A writeup will follow but I can not guarantee any support or troubleshooting for users in the future. Due to the nature of software, things may break and unintended solutions will inevitably arise. If you find me on the TCM Discord, however, feel free to DM questions or leave feedback anytime.