Linux

The code for all setups is available on my GitHub here. Docker crash course What is docker? Docker is an open platform for developing, shipping, and running applications. Docker enables you to separate your applications from your infrastructure so you can deliver software quickly. With Docker, you can manage your infrastructure in the same ways you manage your applications. By taking advantage of Docker’s methodologies for shipping, testing, and deploying code, you can significantly reduce the delay between writing code and running it in production. ...

Note: this was converted from LaTeX to Markdown using ChatGPT 4.1. The original PDF can be found here along with the bibliography. Ethical hacking of a CTF-VM Laboratory protocol Exercise 7: Ethical hacking of a CTF-VM Figure: Grouplogo Subject: ITSI Class: 3AHITN Name: Stefan Fürst, Justin Tremurici Group Name/Number: todo/12 Supervisor: SPAC, ZIVK Exercise dates: 17-19.1.2025 Submission date: 20.1.2025 Table of Contents Task definition Summary Complete network topology of the exercise Exercise Execution Setting up the virtual machines Reconnaissance: Scanning the Network Reconnaissance: Exploring the websites Weaponization: Evaluating the needed tools Exploitation: Using Hydra to break HTTP basic authentication Exploitation: Using Hydra to brute force SSH login Exploring the system Listing all the files Investigating the listening service Investigating the process flag Further investigating the webserver Investigating secret_flag.txt Exploring the new user Finding the history flag It should be over now, right? Privilege escalation on Linux Using a smart enumeration tool Trying a kernel level exploit Trying to get privileges using Metasploit and Meterpreter Getting root access through editing the GRUB boot options Obtaining the final flag References Task definition This task is based on a Capture the Flag (CTF) challenge, where multiple flags are hidden across an environment and can be found either through exploits or by navigating the system. Two virtual machines are provided: an Ubuntu server, which hosts the flags, and a Kali Linux machine for offensive actions. Both machines operate in a Host-only network, meaning they can communicate with each other but not with the external internet or other devices. ...

Note: this was converted from LaTeX to Markdown using ChatGPT 4.1. The original PDF can be found here along with the bibliography. Exercise 6: GNU/Linux - Securing active components Laboratory protocol Exercise 6: GNU/Linux - Securing active components Figure: Grouplogo Subject: ITSI Class: 3AHITN Name: Stefan Fürst, Marcel Raichle Group Name/Number: Team 7/7 Supervisor: SPAC, ZIVK Exercise dates: 6.12.2024, 13.12.2024, 20.12.2024, 3.1.2025, 4.1.2025, 5.1.2025 Submission date: 4.1.2025 Table of Contents Task definition Task 0 - Preparation Task 1 – Installing a Web Server Task 2 – Securing with Basic Authentication Task 3 – Encrypting with HTTPS Bonus Task – Local DNS Setup (Optional) Summary Complete network topology of the exercise Exercise Execution Preparation Testing the SSH connectivity Changes to the Docker setup Installing an active component Setting up PHP-FPM with Nginx Securing Nginx with Basic Authentication Creating a Password File Configuring the authentication in Nginx and testing it Configuring HTTPS with Self-Signed Certificates Adding a Domain References Task definition Task 0 - Preparation Ensure your server from Exercises 4 and 5 is configured with SSH. Verify that you can connect to the server via SSH using a client with a GUI. ...