Categories
Tutorials

Network Connectivity between Kali and CTF machines

I always recommend people run CTF machines in ‘host-only’ mode to ensure they don’t have an internet connection. You may be wondering though how to ensure your Kali machine can have an internet connection, whilst retaining a network connection to the CTF.

If you are using VirtualBox, you can achieve this with two network adapters. Firstly, ensure you have a host network adapter setup. Open the file menu, and visit ‘Host Network Manager…’.

If you can’t see a network adapter in the list, Click ‘Create’. Once created, ensure the DHCP Server tick box is ticked. You may apply your settings and your network adapter is ready to use.

On your CTF virtual machines, you need to ensure the ‘Host-only adapter’ is set under the network settings:

This should be the only network adapter attached to your CTF VM.

Then, on your pen-testing/Kali machine, ensure you have one adapter set to ‘Bridged’, and then a secondary adapter set to ‘Host-only’.

Nearly done – just a few final steps.

By default, Kali doesn’t like having two connected network adapters at the same time. To do this, boot your Kali machine, and edit the /etc/network/interfaces file. In here, you need to statically declare your network interfaces:

As you can see, there are two sets of lines here for your two network adapters.

allow-hotplug eth0
iface eth0 inet dhcp

allow-hotplug eth1
iface eth1 inet dhcp

You may notice the first set is already listed. Just add what is missing and you should be good to go. By the way, your network interfaces may be named slightly different. If you have any issues with these steps, you can verify the names of your network interfaces using the ‘ip addr’ command and adjust these steps accordingly. Once they have been added into the file, either reboot, or run the following command:

ifup eth1

You should now have two live network interfaces on your Kali machine. One with an internet connection, and one that is on the same network as your CTF’s. Use the ‘ip addr’ command to verify your adapters:

Categories
CTF's My CTF's

Credit Card Scammers CTF

This is my first Capture the Flag exercise and covers a number of different techniques.

Download Now

The back story: Scammers are taking advantage of people and various fake shopping websites have been setup, but people are finding their orders never arrive. We have identified one scam website which we believe is harvesting credit card details from victims. Your objective is to take down the scam website by gaining root access, and identify the 3 flags on their server. Our intelligence suggests the scammers are actively reviewing all orders to quickly make use of the credit card information.

The types of vulnerability used in this CTF can be seen below (they are intentionally hidden by default):

You can download the Capture the Flag here. This has been tested using VirtualBox but may work with other virtualisation platforms. DHCP is enabled, and it is recommended you run this in host-only network mode.

Please feel free to leave me feedback in the comments. I am keen to see what people thought about it and how easy/difficult they thought it was.

SHA-256: e840abca18c81bb269a02247a99416b0f63261f3a62d4b17b9436fb3387f70e7
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbBiicuM2ITDGGcOJPvHWS2kZ5UMFAl7NYsAACgkQPvHWS2kZ
5UNxQhAAk134aocO6KkEoe+f+DIQrTdFbG8CxQ/b4PWRrIWvFStPzyLwlFe2Vi/W
oYfJ+i+pgrkh2NXVf5UbwnfvChUPIjnyxa6NhuVM9vfWsxkwvWLJ4DcKYMVhKuK1
bOEyXqL4MXp1TrEUZWUm7R3xxlgcaRAA2cpts0joDImmggcljC7n1oeBYHumasbn
A9YPuBnjBJnST3ii2brhNV0c58YTJLpssN3XFIGSQmFsl9xwXeU/zClrX4WivP0U
9odK/gUvVXGBRzr/BrsxVK65s5/0IYuFkwGBKoDvqCQOr2sZQC6le/PioH8VeQ19
23jYte6fbMDggXzvbXNUx19tMg6tGKXipcXKD5+9Vdp6SL8nbxHo07DhkeuOPFmv
GjAYj1jEYcgVUVNrb9lRmMkow9tkUq67DhPBN8ekwM/PR/1jxAQTG/P9JL+69/lS
aag3U/IpNl334I4oO5TniutUJf06YsHeWqeKO7cq9elVVfC4YPI+VOESS6eiS0DB
Zc7YO6oYomEcL7wA4Io5m+qaEy4SFHUEutw4aurcoXNf8a/95BL5jIAK71JA30Ut
euB/KWB2IxxuafxD38coqjxmlDQPx7fztMHPGUhvvqZiqyjaQtFoPFzKu4BYDeIY
y5INDm1oVetVt1VB5ZHYXT8dS2owGET8WC6DTZCf4g9isTbhlws=
=NDWq
-----END PGP SIGNATURE-----