SE-4940, Fall 2011, Uphoff
The objective of this lab is to perform internal and external penetration tests on the team’s network created in Part 1 and then perform penetration tests against the other team’s networks. The first lab period (Week 9) is an opportunity for the team to run penetration tests against their own network to prepare for Week 10’s lab where the other teams will try to break in to the team’s network. Your team will attempt to defend your network during Week 10’s lab while simultaneously trying to gain access to the other team’s networks.
There are two lab periods for this assignment (weeks 9 and week 10). The following timeline is to be followed during each lab:
Week 9’s lab will involve internal and external penetration testing of the team’s own network. In Week 10’s lab, your team will attempt to penetrate the other team’s networks while simultaneously defending your own network.
For each of the two lab sessions your team is required to have the network gateway system (or router) configured along with the Metasploitable and OWASP VMs. These systems must be operational after the first 10 minutes of class. Teams that do not have an operational network at this time will be penalized.
In lecture we decided on roles and responsibilities for the pen test labs. Each team self-assigned members to Red Teams (pen testers) and Blue Teams (defenders). Roles and tool responsibilities were also assigned. You are free to change these roles and responsibilities after week 9’s exercise but make sure to have a well organized team going in to Week 10.
In Week 9’s lab period you have the opportunity to test and tune your network and its defenses. You are not allowed to make any configuration changes to the network or systems during lab. During lab your goal is to test the system and document your results. After lab your team can tune up any configurations in preparation for Week 10’s lab.
During this lab period you should divide into your assigned Red and Blue teams. The Red team should treat the team network as a target system while the Blue team should try to detect the Red Team’s intrusion attempts.
Protecting your network and successfully gaining access to another team’s network is the primary focus of Week 10’s lab period. Your team will be monitoring your own network, verifying the security of the internal network and attempting to break into the rival group’s network. The ultimate goal of this lab is to compromise one of the rival group’s end hosts and obtain remote access, preferable with administrator privileges.
Your team must keep detailed notes on any interesting network activity detected or generated by the team. This information is to be included in a summarized format in the project report (see below). At a minimum you should include the following information:
The following rules must be followed during the lab period. Failure to follow these rules will result in a grade reduction but may also be ground for a zero grade on this lab along with removal from the network.
Stealing another team’s secrets is one goal of the lab. To do this you must gain entry into the system and then find the rival team’s secret data. You must also document the exploit procedure used to gain entry into the system. This allows the opposing team the opportunity to prove that they were able to successfully detect the intrusion. Lack of documentation on the attacker’s part will result in the results being discarded for grading purposes.
Refer to the documentation from Part 1 for information on how secret data is stored on the target systems.
A successful exploit should allow the intruder to leave behind information. To prove that your team has exploited a system, come up with a secret phrase or keyword that can be used to prove that you exploited a server. The instructor will collect each team’s secret phrase prior to the start of Week 10’s lab.
Here are some suggested ways you could prove that you gained access to a system:
You must document the commands used to launch the injection so that the rival team has a chance to prove that they detected the attack.
For the project report your team should discuss any problems/issues you had during the two-week pen test exercise. Also comment on any problems you had coordinating with the other teams. Include a summary of interesting network activity that you detected or instigated (for example detecting a critical vulnerability, detecting an attack against your server, etc). Each team member’s role and contributions must be clearly described within the report. Lastly you must summarize the penetration testing experience and provide suggestions for future versions of this lab.
Here is a summary of the report contents:
There are two items that must be submitted via Blackboard:
Grading will be based on the extent to which the team met the requirements of the report and success or failure during the Pen Test. The report is worth a maximum of 80 points. Your success during the Week 10 pen test will determine the remaining 20 points on the scale below. The maximum score is 100 points. All items below must be accompanied by supportive documentation (where applicable).