Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Kali Linux CTF Blueprints
Kali Linux CTF Blueprints

Kali Linux CTF Blueprints: Build, test, and customize your own Capture the Flag challenges across multiple platforms designed to be attacked with Kali Linux

Arrow left icon
Profile Icon Cameron Buchanan
Arrow right icon
€18.99 per month
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5 (6 Ratings)
Paperback Jul 2014 190 pages 1st Edition
eBook
€8.99 €23.99
Paperback
€29.99
Subscription
Free Trial
Renews at €18.99p/m
Arrow left icon
Profile Icon Cameron Buchanan
Arrow right icon
€18.99 per month
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5 (6 Ratings)
Paperback Jul 2014 190 pages 1st Edition
eBook
€8.99 €23.99
Paperback
€29.99
Subscription
Free Trial
Renews at €18.99p/m
eBook
€8.99 €23.99
Paperback
€29.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with a Packt Subscription?

Free for first 7 days. €18.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Kali Linux CTF Blueprints

Chapter 2. Linux Environments

After dealing with the restrictive (and to be fair, good practice-orientated) Microsoft, Linux should be a little ray of sunshine for all you vulnerability replicators out there. Linux embraces the idea that old doesn't necessarily mean bad, even when it sort of does. It is very useful for security researchers to have access to older binaries to play with and recreate the attacks of yore; after all, as someone more sensible than me pointed out, "those who ignore the past are doomed to repeat it." So, in this chapter, we'll hunt down all the older binaries, get them up and running in an organized format, and let our testers wreak havoc. In this chapter, we will specifically focus on the following topics:

  • The fundamental differences between managing Linux and Microsoft
  • In-depth setup of a vulnerable SMB service
  • In-depth setup of a vulnerable LAMP server
  • In-depth setup of a vulnerable operating system
  • In-depth setup of a vulnerable Telnet...

Differences between Linux and Microsoft

Short of saying Linux is better in every shape and form, there isn't much I can say. I couldn't really get away with that, but for our purposes, it's largely true. The equipment present on Linux systems is by and large open source and freely available. Paid versions aren't required so much to create representative vulnerabilities. So, what I'm saying is, it's cheap. Linux developers also regularly provide older versions from their websites for development and compatibility purposes—a fact I will reference about a dozen times throughout this book. It's just fantastic. The software is also (largely) more easily customized and configured for nefarious purposes due to the dominance of scripting languages and limited software Digital Rights Management (DRM) that goes on. In short, Linux provides the perfect platform for the creation of vulnerable machines. Despite this, it is important to involve Microsoft machines...

Scenario 1 – learn Samba and other dance forms

Server Message Block (SMB) or Samba is the file-sharing utility of Linux and older Windows systems. The clubs are the big wooden kind. It works by exposing folders to the network for authenticated (or not, as the case may be) users. There are a number of good practices here that are frequently ignored, which makes it a prime target for testers.

Among the plethora of terrible Samba mistakes are:

  • Weak passwords
  • Enabled guest accounts
  • Exposing sensitive folders
  • Running out-of-date versions of Samba
  • Allowing writeable directories

And if you find all five of these in one setup, you should check to see if the owner of the installation is still breathing, because really?

Setup

Most Linux installations will come with a version of Samba or at least the directory structure installed. However, to be sure, do the dance:

apt-get update
apt-get upgrade

The preceding commands update your repositories with new signatures and then upgrade your software to match...

Scenario 2 – turning on a LAMP

Linux, Apache, MySQL, and PHP (LAMP) is the bread and butter of web development. It's where most people start, and sometimes, where they stay. There are a lot of live Apache sites out there, and often in internal networks you see test sites or simple solutions thrown together on an Apache install.

LAMP is currently what's missing from the UK school curriculum, and as of this writing, what's missing from schools around the world. These four skills take the Internet from being a mystical land of magic into a collection of examples of how not to do things. If you want to keep the mystery alive, don't read anything about LAMP, history, or math. In fact, stay indoors with your eyes closed.

We're going to create a basic login page for our testers to break using Cross-platform Apache, MySQL, PHP, and Perl (XAMPP). It's going to be quick and dirty like a good martini. I'll give some code that's vulnerable to everything...

Scenario 3 – destructible distros

Like a man's wardrobe once he's past the age of 30, Linux boxes can often be neglected and rarely updated. Continuing the simile, Linux distros can also end up containing a variety of things that would have been long removed if only they were known about. In this example, Simple Network Management Protocol (SNMP) is equivalent to that polka dot shirt you thought was a good idea that time you were drunk on Carnaby Street; Secure Shell version 1 (SSHv1) is the Bermuda shorts from a long-forgotten holiday; and File Transfer Protocol (FTP) is that tie—you know the one I mean. (If you, the reader, are a lady, the Bermuda shorts are a lime green bikini and the tie is still a tie. It's just that bad.)

We're going to locate and run an older distro of Linux on a VM, set it up with a basic exploit, and use exploits against the earlier Linux kernels to get to the root. This one is pretty straightforward, but is a useful addition to...

Scenario 4 – tearing it up with Telnet

I have a special place in my heart for Telnet. For a (short) while I was blissfully unaware of Putty or Netcat, so Telnet was my go-to socketing tool. Now I've moved on to writing my own tools, I realize how awful Telnet really is (but in a sort of cute way).

Telnet still gets used for a variety of machines (including Cisco routers) by default, so it's good to learn of its existence and vulnerabilities. We will set up a Telnet server, and I'll give you the code for a simple client that you can customize to fit a variety of scenarios.

Setup

We're going to use an established solution to set up the Telnet functionality for us in Python. This solution is called Miniboa and can be found at https://code.google.com/p/miniboa/. What's great about Miniboa is that it does all the hard work for you, and as long as you can read/write Python (which you can or you'd have stopped reading by now), then it's pretty darn simple...

Flag placement and design

Linux is a different kettle of fish to Windows when it comes to sensitive files and good flag placement. The following are a good set of locations to keep flags:

  • /etc/
  • /home/supersecretsecretuser/
  • /opt/share/flag/
  • /etc/passwd or /etc/shadow (if you're feeling cruel)
  • /etc/hosts (will allow the attackers to identify known hosts)

Exploitation guides

The following are exploitation guides for the scenarios created in this chapter. These are guidelines, and there are more ways to exploit the vulnerabilities.

Scenario 1 – smashing Samba

The brief provided for this exploitation guide is assumed to be: Find the key file in a shared location on the network. Perform the following steps for this scenario:

  1. First of all, we run NMAP to do host discovery against the network. If we run NMAP with the A parameter, it will actually connect to and profile any open file-sharing platforms. I'm not going to bore you with yet another NMAP output.
  2. We should see that there are SMB shares open to guests. Let's go and have a look by using the SMB client, smbclient <ip address>/<sharename>; so, in this case, it's smbclient //192.168.0.6/squirtle. The following screenshot shows the contents of the key file:
    Scenario 1 – smashing Samba
  3. Right, so there's our key file. You can see that I can't read it on the system, which means it...

Differences between Linux and Microsoft


Short of saying Linux is better in every shape and form, there isn't much I can say. I couldn't really get away with that, but for our purposes, it's largely true. The equipment present on Linux systems is by and large open source and freely available. Paid versions aren't required so much to create representative vulnerabilities. So, what I'm saying is, it's cheap. Linux developers also regularly provide older versions from their websites for development and compatibility purposes—a fact I will reference about a dozen times throughout this book. It's just fantastic. The software is also (largely) more easily customized and configured for nefarious purposes due to the dominance of scripting languages and limited software Digital Rights Management (DRM) that goes on. In short, Linux provides the perfect platform for the creation of vulnerable machines. Despite this, it is important to involve Microsoft machines in order to create accurate depictions...

Left arrow icon Right arrow icon

Description

Taking a highly practical approach and a playful tone, Kali Linux CTF Blueprints provides step-by-step guides to setting up vulnerabilities, in-depth guidance to exploiting them, and a variety of advice and ideas to build and customising your own challenges. If you are a penetration testing team leader or individual who wishes to challenge yourself or your friends in the creation of penetration testing assault courses, this is the book for you. The book assumes a basic level of penetration skills and familiarity with the Kali Linux operating system.

What you will learn

  • Set up vulnerable services for both Windows and Linux
  • Create dummy accounts for social engineering manipulation
  • Set up Heartbleed replication for vulnerable SSL servers
  • Develop fullsize labs to challenge current and potential testers
  • Construct scenarios that can be applied to Capture the Flag style challenges
  • Add physical components to your scenarios and fire USB missile launchers at your opponents
  • Challenge your own projects with a bestpractice exploit guide to each scenario

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jul 24, 2014
Length: 190 pages
Edition : 1st
Language : English
ISBN-13 : 9781783985982
Category :
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. €18.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Jul 24, 2014
Length: 190 pages
Edition : 1st
Language : English
ISBN-13 : 9781783985982
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 118.97
KALI LINUX NETWORK SCANNING COOKBOOK
€42.99
Kali Linux CTF Blueprints
€29.99
Mastering Kali Linux for Advanced Penetration Testing
€45.99
Total 118.97 Stars icon
Banner background image

Table of Contents

8 Chapters
1. Microsoft Environments Chevron down icon Chevron up icon
2. Linux Environments Chevron down icon Chevron up icon
3. Wireless and Mobile Chevron down icon Chevron up icon
4. Social Engineering Chevron down icon Chevron up icon
5. Cryptographic Projects Chevron down icon Chevron up icon
6. Red Teaming Chevron down icon Chevron up icon
A. Appendix Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.5
(6 Ratings)
5 star 50%
4 star 50%
3 star 0%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




C. C Chin Apr 10, 2017
Full star icon Full star icon Full star icon Full star icon Full star icon 5
getting into cyber
Amazon Verified review Amazon
Kris Dec 16, 2015
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Great product great seller !!!
Amazon Verified review Amazon
S M Aug 13, 2014
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Really good book if you want to set up a pen test training course or learn by doing it yourself.
Amazon Verified review Amazon
Jack Miller Aug 25, 2014
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
The Kali Linux CTF Blueprints book written by Cameron Buchanan who is a penetration tester by trade – so he knows what he’s talking about. So, what is this book about? It covers ‘Capture the Flag’ style challenges. It has 6 chapters covering:‘Microsoft Environments’ – create a vulnerable servers and desktop PC and covers the most prevalent vulnerabilities.‘Linux Environments’ – focused on generating generic vulnerabilities in Linux Environments‘Wireless and Mobile’ – contains projects targeting WIfI enabled devices such as Tablets and Smartphones.‘Social Engineering’ – Scenarios including XSS Attackable pages and unmask online personas.‘Cryptographic Projects’ such as encryption, deciphering and replication of the well-known Heartbleed attack.‘Red teaming’ – two full scale vulnerable deployments designed to test areas covered in previous chapters.It covers a lot of things that you won’t find in your beginners guides to Kali Linux which brings me onto my next point; who is the book for? The author states that it is for ‘individuals who are aware of the concepts of penetration testing with some practice in one or more types of tests’ which I think is perfectly fair as I myself am not a ‘veteran’ with Kali Linux, more a novice who has played around with it and has lots more to learn. So take that into consideration where looking at this book. It’s more of a ‘follow’ on book after you’ve done some basic tests in Kali and feel you are ready to move on.As for the actual chapters that contain the tutorials they are very well laid out and easy to read and understand. The author has left screenshots in his chapters so that you can easily see what he is doing. He has also included ‘command boxes’ so that you can easily distinguish commands from actual description so you know what you need to enter.Chapters contain scenarios which the author has designed himself so you don’t need to worry about this book been short because it’s only 6 Chapters as they are filled with Scenarios.In conclusion I think that this is a great purchase for anyone who has played around with Kali and eager to learn. But the author defiantly meant it when he said it was for more experienced persons. So take my advice and buy this book if you want to move on in your pen testing hobby/trade.Written by Jackk over at JackkTutorials.com - Watch. Learn. Create
Amazon Verified review Amazon
Ethan C Sep 21, 2016
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
It's a good book, especially considering there aren't really many like it out there and I like the humor/writing style as well as the layout.However, it definitely assumes you know a decent amount about infosec and system administration to get through it and it will not hold your hand through every step. I know the author can't cover it all but for those of you going through it here are some helpful tips I wish were in the book that I have come across so far:- Use Windows Server 2008 R2. 2012 and 2016 will not work with some facets of the Windows build.- It is best to update the OS to get some of the services running correctly (easily).- The URL in the book for ColdFusion appears to be for an UPDATE to 9.1, not the installer for 9.1 (which I can't seem to find) so I had to go with 9.2.- For SQL 2005 Express, make sure the processors are at a power of 2. It took me 3 days to figure out why I couldn't install SQL 2005 Express and it was because I had allocated 3 processors for my VM (same will go for physical builds with 5, 7, or 9 processors; it won't work).- SQL 2005 Express will not allow you to make the password for the sa user "sa" as the book instructs.I will continue to update this list as I go through the book in hopes to help others who are struggling a bit with the configuration of these machines.Cheers and happy hacking,-Ethan
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.