Differences
This shows you the differences between two versions of the page.
|
isc:labs:01 [2024/10/06 18:44] alexandru.mircea98 |
isc:labs:01 [2024/10/07 08:29] (current) |
||
|---|---|---|---|
| Line 7: | Line 7: | ||
| * Introduction to Python scripting | * Introduction to Python scripting | ||
| * Introduction to basic security-related tools | * Introduction to basic security-related tools | ||
| + | | ||
| + | ===== Useful Tools ===== | ||
| + | * man | ||
| + | * find | ||
| + | * base64 | ||
| + | * hexedit | ||
| + | * Binwalk | ||
| + | * john, zip2john | ||
| + | * xxd | ||
| + | * gzip, bzip2, tar | ||
| ===== Preparation ===== | ===== Preparation ===== | ||
| - | You may use the UPB's [[https://cloud.grid.pub.ro|OpenStack cloud to instantiate a Virtual Machine]] to be used for this lab! | + | You may use the UPB's OpenStack cloud to spawn a Virtual Machine to be used for this lab! |
| - | [[:isc:info:virtualmachine|Read these instructions if you wanna know how!]]. | + | [[:isc:info:virtualmachine|Read this guide]]. |
| - | + | ||
| - | + | ||
| - | <hidden> | + | |
| - | - Log in with your LDAP credentials | + | |
| - | - Create a RSA key pair on //fep.grid.pub.ro// (ssh LDAP-USERNAME@fep.grid.pub.ro; ssh-keygen -t rsa -b 4096 -C "your_email@example.com") | + | |
| - | - Make sure you have the public key configured on openstack in Project -> Compute -> Key Pairs | + | |
| - | * Passphrase authentication will be disabled on the SSH server | + | |
| - | * The key that you provide will be automatically registered in //.ssh/authorized_keys// | + | |
| - | - Create a new Instance with the following parameters: | + | |
| - | * Flavor: m1.small | + | |
| - | * Instance Boot Source: Boot from image | + | |
| - | * Source (Image): ISC 2022 | + | |
| - | * Network: vlan9 | + | |
| - | * Key Pair: the one you just added | + | |
| - | * **NOTE:** if you have //only one// key pair configured, it will be chosen by default; otherwise, make sure you don't skip this step | + | |
| - | - From the fep console (ssh) login into the newly created VM (ssh student@VM-IP) | + | |
| - | + | ||
| - | </hidden> | + | |
| {{page>:isc:rec&nofooter&noeditbutton}} | {{page>:isc:rec&nofooter&noeditbutton}} | ||
| - | Download the {{:isc:labs:isc-01.zip|task archive}} for this section. Each exercise will have a corresponding folder. | + | Download the {{:isc:labs:isc-lab01.zip|task archive}} for this section. Each exercise will have a corresponding folder. |
| ===== Python Warmup ===== | ===== Python Warmup ===== | ||
| Line 75: | Line 67: | ||
| * **Hint:** hexdump, man | * **Hint:** hexdump, man | ||
| + | ==== 09 [bonus]. Web Fuzzer ==== | ||
| + | * Start this task by opening a specific docker container on your VM: <code bash> | ||
| + | docker run -d -p 8080:80 ghcr.io/cs-pub-ro/isc-lab-intro-web | ||
| + | </code> | ||
| + | * You can now access a webserver on local port 8080 (try it with ''curl localhost:8080''). Your task is to retrieve the hidden flag by trying all web paths inside the given wordlist (write your own fuzzer in Python, check the lab archive for resources!). | ||
| + | * //Hint//: use the [[https://requests.readthedocs.io/en/latest/|Python requests]] library to issue web requests! Check their HTTP status code to know when you successfully found an existing web file ;) | ||
| ===== Feedback ===== | ===== Feedback ===== | ||
| {{page>:isc:lab-feedback&nofooter&noeditbutton}} | {{page>:isc:lab-feedback&nofooter&noeditbutton}} | ||
| + | |||
