Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Kali Linux CTF Blueprints
Kali Linux CTF Blueprints

Kali Linux CTF Blueprints: Build, test, and customize your own Capture the Flag challenges across multiple platforms designed to be attacked with Kali Linux

eBook
R$49.99 R$178.99
Paperback
R$222.99
Subscription
Free Trial
Renews at R$50p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Kali Linux CTF Blueprints

Chapter 2. Linux Environments

After dealing with the restrictive (and to be fair, good practice-orientated) Microsoft, Linux should be a little ray of sunshine for all you vulnerability replicators out there. Linux embraces the idea that old doesn't necessarily mean bad, even when it sort of does. It is very useful for security researchers to have access to older binaries to play with and recreate the attacks of yore; after all, as someone more sensible than me pointed out, "those who ignore the past are doomed to repeat it." So, in this chapter, we'll hunt down all the older binaries, get them up and running in an organized format, and let our testers wreak havoc. In this chapter, we will specifically focus on the following topics:

  • The fundamental differences between managing Linux and Microsoft
  • In-depth setup of a vulnerable SMB service
  • In-depth setup of a vulnerable LAMP server
  • In-depth setup of a vulnerable operating system
  • In-depth setup of a vulnerable Telnet...

Differences between Linux and Microsoft

Short of saying Linux is better in every shape and form, there isn't much I can say. I couldn't really get away with that, but for our purposes, it's largely true. The equipment present on Linux systems is by and large open source and freely available. Paid versions aren't required so much to create representative vulnerabilities. So, what I'm saying is, it's cheap. Linux developers also regularly provide older versions from their websites for development and compatibility purposes—a fact I will reference about a dozen times throughout this book. It's just fantastic. The software is also (largely) more easily customized and configured for nefarious purposes due to the dominance of scripting languages and limited software Digital Rights Management (DRM) that goes on. In short, Linux provides the perfect platform for the creation of vulnerable machines. Despite this, it is important to involve Microsoft machines...

Scenario 1 – learn Samba and other dance forms

Server Message Block (SMB) or Samba is the file-sharing utility of Linux and older Windows systems. The clubs are the big wooden kind. It works by exposing folders to the network for authenticated (or not, as the case may be) users. There are a number of good practices here that are frequently ignored, which makes it a prime target for testers.

Among the plethora of terrible Samba mistakes are:

  • Weak passwords
  • Enabled guest accounts
  • Exposing sensitive folders
  • Running out-of-date versions of Samba
  • Allowing writeable directories

And if you find all five of these in one setup, you should check to see if the owner of the installation is still breathing, because really?

Setup

Most Linux installations will come with a version of Samba or at least the directory structure installed. However, to be sure, do the dance:

apt-get update
apt-get upgrade

The preceding commands update your repositories with new signatures and then upgrade your software to match...

Scenario 2 – turning on a LAMP

Linux, Apache, MySQL, and PHP (LAMP) is the bread and butter of web development. It's where most people start, and sometimes, where they stay. There are a lot of live Apache sites out there, and often in internal networks you see test sites or simple solutions thrown together on an Apache install.

LAMP is currently what's missing from the UK school curriculum, and as of this writing, what's missing from schools around the world. These four skills take the Internet from being a mystical land of magic into a collection of examples of how not to do things. If you want to keep the mystery alive, don't read anything about LAMP, history, or math. In fact, stay indoors with your eyes closed.

We're going to create a basic login page for our testers to break using Cross-platform Apache, MySQL, PHP, and Perl (XAMPP). It's going to be quick and dirty like a good martini. I'll give some code that's vulnerable to everything...

Scenario 3 – destructible distros

Like a man's wardrobe once he's past the age of 30, Linux boxes can often be neglected and rarely updated. Continuing the simile, Linux distros can also end up containing a variety of things that would have been long removed if only they were known about. In this example, Simple Network Management Protocol (SNMP) is equivalent to that polka dot shirt you thought was a good idea that time you were drunk on Carnaby Street; Secure Shell version 1 (SSHv1) is the Bermuda shorts from a long-forgotten holiday; and File Transfer Protocol (FTP) is that tie—you know the one I mean. (If you, the reader, are a lady, the Bermuda shorts are a lime green bikini and the tie is still a tie. It's just that bad.)

We're going to locate and run an older distro of Linux on a VM, set it up with a basic exploit, and use exploits against the earlier Linux kernels to get to the root. This one is pretty straightforward, but is a useful addition to...

Scenario 4 – tearing it up with Telnet

I have a special place in my heart for Telnet. For a (short) while I was blissfully unaware of Putty or Netcat, so Telnet was my go-to socketing tool. Now I've moved on to writing my own tools, I realize how awful Telnet really is (but in a sort of cute way).

Telnet still gets used for a variety of machines (including Cisco routers) by default, so it's good to learn of its existence and vulnerabilities. We will set up a Telnet server, and I'll give you the code for a simple client that you can customize to fit a variety of scenarios.

Setup

We're going to use an established solution to set up the Telnet functionality for us in Python. This solution is called Miniboa and can be found at https://code.google.com/p/miniboa/. What's great about Miniboa is that it does all the hard work for you, and as long as you can read/write Python (which you can or you'd have stopped reading by now), then it's pretty darn simple...

Flag placement and design

Linux is a different kettle of fish to Windows when it comes to sensitive files and good flag placement. The following are a good set of locations to keep flags:

  • /etc/
  • /home/supersecretsecretuser/
  • /opt/share/flag/
  • /etc/passwd or /etc/shadow (if you're feeling cruel)
  • /etc/hosts (will allow the attackers to identify known hosts)

Exploitation guides

The following are exploitation guides for the scenarios created in this chapter. These are guidelines, and there are more ways to exploit the vulnerabilities.

Scenario 1 – smashing Samba

The brief provided for this exploitation guide is assumed to be: Find the key file in a shared location on the network. Perform the following steps for this scenario:

  1. First of all, we run NMAP to do host discovery against the network. If we run NMAP with the A parameter, it will actually connect to and profile any open file-sharing platforms. I'm not going to bore you with yet another NMAP output.
  2. We should see that there are SMB shares open to guests. Let's go and have a look by using the SMB client, smbclient <ip address>/<sharename>; so, in this case, it's smbclient //192.168.0.6/squirtle. The following screenshot shows the contents of the key file:
    Scenario 1 – smashing Samba
  3. Right, so there's our key file. You can see that I can't read it on the system, which means it...

Differences between Linux and Microsoft


Short of saying Linux is better in every shape and form, there isn't much I can say. I couldn't really get away with that, but for our purposes, it's largely true. The equipment present on Linux systems is by and large open source and freely available. Paid versions aren't required so much to create representative vulnerabilities. So, what I'm saying is, it's cheap. Linux developers also regularly provide older versions from their websites for development and compatibility purposes—a fact I will reference about a dozen times throughout this book. It's just fantastic. The software is also (largely) more easily customized and configured for nefarious purposes due to the dominance of scripting languages and limited software Digital Rights Management (DRM) that goes on. In short, Linux provides the perfect platform for the creation of vulnerable machines. Despite this, it is important to involve Microsoft machines in order to create accurate depictions...

Left arrow icon Right arrow icon

Description

Taking a highly practical approach and a playful tone, Kali Linux CTF Blueprints provides step-by-step guides to setting up vulnerabilities, in-depth guidance to exploiting them, and a variety of advice and ideas to build and customising your own challenges. If you are a penetration testing team leader or individual who wishes to challenge yourself or your friends in the creation of penetration testing assault courses, this is the book for you. The book assumes a basic level of penetration skills and familiarity with the Kali Linux operating system.

What you will learn

  • Set up vulnerable services for both Windows and Linux
  • Create dummy accounts for social engineering manipulation
  • Set up Heartbleed replication for vulnerable SSL servers
  • Develop fullsize labs to challenge current and potential testers
  • Construct scenarios that can be applied to Capture the Flag style challenges
  • Add physical components to your scenarios and fire USB missile launchers at your opponents
  • Challenge your own projects with a bestpractice exploit guide to each scenario

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jul 24, 2014
Length: 190 pages
Edition : 1st
Language : English
ISBN-13 : 9781783985999
Category :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Jul 24, 2014
Length: 190 pages
Edition : 1st
Language : English
ISBN-13 : 9781783985999
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
R$50 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
R$500 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just R$25 each
Feature tick icon Exclusive print discounts
R$800 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just R$25 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total R$ 880.97
KALI LINUX NETWORK SCANNING COOKBOOK
R$317.99
Kali Linux CTF Blueprints
R$222.99
Mastering Kali Linux for Advanced Penetration Testing
R$339.99
Total R$ 880.97 Stars icon
Banner background image

Table of Contents

8 Chapters
1. Microsoft Environments Chevron down icon Chevron up icon
2. Linux Environments Chevron down icon Chevron up icon
3. Wireless and Mobile Chevron down icon Chevron up icon
4. Social Engineering Chevron down icon Chevron up icon
5. Cryptographic Projects Chevron down icon Chevron up icon
6. Red Teaming Chevron down icon Chevron up icon
A. Appendix Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5
(6 Ratings)
5 star 50%
4 star 50%
3 star 0%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




C. C Chin Apr 10, 2017
Full star icon Full star icon Full star icon Full star icon Full star icon 5
getting into cyber
Amazon Verified review Amazon
Kris Dec 16, 2015
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Great product great seller !!!
Amazon Verified review Amazon
S M Aug 13, 2014
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Really good book if you want to set up a pen test training course or learn by doing it yourself.
Amazon Verified review Amazon
Jack Miller Aug 25, 2014
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
The Kali Linux CTF Blueprints book written by Cameron Buchanan who is a penetration tester by trade – so he knows what he’s talking about. So, what is this book about? It covers ‘Capture the Flag’ style challenges. It has 6 chapters covering:‘Microsoft Environments’ – create a vulnerable servers and desktop PC and covers the most prevalent vulnerabilities.‘Linux Environments’ – focused on generating generic vulnerabilities in Linux Environments‘Wireless and Mobile’ – contains projects targeting WIfI enabled devices such as Tablets and Smartphones.‘Social Engineering’ – Scenarios including XSS Attackable pages and unmask online personas.‘Cryptographic Projects’ such as encryption, deciphering and replication of the well-known Heartbleed attack.‘Red teaming’ – two full scale vulnerable deployments designed to test areas covered in previous chapters.It covers a lot of things that you won’t find in your beginners guides to Kali Linux which brings me onto my next point; who is the book for? The author states that it is for ‘individuals who are aware of the concepts of penetration testing with some practice in one or more types of tests’ which I think is perfectly fair as I myself am not a ‘veteran’ with Kali Linux, more a novice who has played around with it and has lots more to learn. So take that into consideration where looking at this book. It’s more of a ‘follow’ on book after you’ve done some basic tests in Kali and feel you are ready to move on.As for the actual chapters that contain the tutorials they are very well laid out and easy to read and understand. The author has left screenshots in his chapters so that you can easily see what he is doing. He has also included ‘command boxes’ so that you can easily distinguish commands from actual description so you know what you need to enter.Chapters contain scenarios which the author has designed himself so you don’t need to worry about this book been short because it’s only 6 Chapters as they are filled with Scenarios.In conclusion I think that this is a great purchase for anyone who has played around with Kali and eager to learn. But the author defiantly meant it when he said it was for more experienced persons. So take my advice and buy this book if you want to move on in your pen testing hobby/trade.Written by Jackk over at JackkTutorials.com - Watch. Learn. Create
Amazon Verified review Amazon
Ethan C Sep 21, 2016
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
It's a good book, especially considering there aren't really many like it out there and I like the humor/writing style as well as the layout.However, it definitely assumes you know a decent amount about infosec and system administration to get through it and it will not hold your hand through every step. I know the author can't cover it all but for those of you going through it here are some helpful tips I wish were in the book that I have come across so far:- Use Windows Server 2008 R2. 2012 and 2016 will not work with some facets of the Windows build.- It is best to update the OS to get some of the services running correctly (easily).- The URL in the book for ColdFusion appears to be for an UPDATE to 9.1, not the installer for 9.1 (which I can't seem to find) so I had to go with 9.2.- For SQL 2005 Express, make sure the processors are at a power of 2. It took me 3 days to figure out why I couldn't install SQL 2005 Express and it was because I had allocated 3 processors for my VM (same will go for physical builds with 5, 7, or 9 processors; it won't work).- SQL 2005 Express will not allow you to make the password for the sa user "sa" as the book instructs.I will continue to update this list as I go through the book in hopes to help others who are struggling a bit with the configuration of these machines.Cheers and happy hacking,-Ethan
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.