“BattleShip” CTF Challenger For TryHackMe
Hello folks, Today I am going to share with you my new CTF attack box, known as “BattleShip” from TryHackMe.
First of all, we need to prepare the environment for the attack box. We need to install the Ubuntu 18.04 server version image for my CTF box because the Ubuntu desktop version cannot be deployed to the TryHackMe room. This server image file will be approximately 1 GB. Latest ubuntu version 20.04 not bad but 18.04 good as I think because both are same but this version size large.
After downloaded image file we want to download virtual box like oracle virtual box. Remember this, do not use the VMware virtual box to deploy the server because it has some different format extension issues. It is the best thing you download the oracle virtual box.
After that, you can install the Ubuntu server version using VirtualBox and continue the virtual box configurations. Note: Your box’s network adapter must be the same network adapter because it is easy to ssh.
There are popular snap in server environments. user john and password john123
Then we talk about how to create try hack me room one by one. First of all you want to try hack me account and you go to develop section and click the manage rooms. Now you can create a new room. if you have already created rooms shows the manage room option. then we can customize the room if we want.
Now server is ready…
I want to LAMP server because I want host my vulnerable web site to ubuntu server. LAMP means Linux, Apache, MySQL, PHP (LAMP).
How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 18.04
Step 1 — Installing Apache and Updating the Firewall
sudo apt updatesudo apt install apache2Adjust the Firewall to Allow Web Traffic
sudo ufw app listsudo ufw app info "Apache Full"sudo ufw allow "Apache Full"You can do a spot check right away to verify that everything went as planned by visiting your server’s public IP address in your web browser.
http://your_server_ipStep 2 — Installing MySQL
sudo apt install mysql-serversudo mysql_secure_installationsudo mysql
mysql> exitStep 3 — Installing PHP
sudo apt install php libapache2-mod-php php-mysqlsudo systemctl restart apache2
then I want to create a ssh session from my linux machine to my Ubuntu server machine. The first time I tried to connect to the server, I got an error message. It is
└─# ssh root@192.168.8.102
ssh: connect to host 192.168.8.102 port 22: Network is unreachable
Then I did try solve this problem.
- First check
openssh-serverinstalled in that system. - check the status of ssh service, make ssh service start.
sudo service ssh status
sudo service ssh start3. Check whether port 22 in that system is blocked by iptables. Just allow port in iptables and then check.
sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPTElse change port number of ssh from 22 to 2222 by editing
vi /etc/ssh/sshd_config
/etc/init.d/ssh restart.After that I solved the problem. Important thing is configure the firewall because we want to open the port and close the port. You can do that by using below code.
apt install ufwUFW (uncomplicated firewall) is a firewall configuration tool that runs on top of iptables, included by default within Ubuntu distributions. It provides a streamlined interface for configuring common firewall use cases via the command line.
To check if ufw is enabled, run: $sudo ufw status: inactive
Output status is inactive. If you got a Status: inactive message when running ufw status, it means the firewall is not yet enabled on the system. You’ll need to run a command to enable it.
How to find vulnerable web site ?
if we want to check whether we can attack the sql injection first of all we need to find vulnerable web site. how to find vulnerable web site?
we can add single quote ending the url and after display below error mostly we can give the sql injection attack.
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/users/p/pasha369/domains/esjindex.org/search.php on line 370For my CTF players I did create a vulnerable web site. It is known as “Battleship”. I used that HTML, CSS, Java script, PHP and MYSQL for my vulnerable website. A image of the created website is shown below.
According to the Battleship I have been create the tasks for my CTF players.
when I create my CTF box my virtual box’s ubuntu server was crash. I decided to get EC2 instance from AWS. After that I learn the AWS cloud computing platform then I created EC2 instance for ubuntu server version. It was great experience for my life. Below is a summary of that.
when I create the AWS EC2 instance I did allow the ssh protocol for remote login. Since I use windows, I needed a putty software for that and I got puttyGen software because I want to private key. you can use a native Linux environment to connect to your Linux EC2 instances instead of using PuTTY or PuTTYgen. The Linux environment makes it easier to connect to your Linux instances because it comes with a native SSH client that you can use to connect to your Linux instances and change the permissions of the .pem key file.
What is FileZilla client software ?
FileZilla is a utility for transferring files to or from a remote computer by a standard method known as FTP (File Transfer Protocol). I need to this software transfer local files from my computer to ubuntu server.
We need to install an openSSH server for sharing our CTF-related files and resources. you can select the option using press space bar and install the openSSH.
What is the OpenSSH server ?
OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
Battleship | A Comprehensive Walkthrough
TASK 1- INTRODUCTION
The Navy’s Fighter Weapons School, also known as Battleship, has gone computerized as part of the training for unmanned military pilots. The person in charge of this operation is Captain John. Since the program’s inception, the enemy has been using cyber weapons to attempt and destroy it.
In order to determine whether the Battleship can withstand a cyberattack, you are employed as a penetration tester. Should you accept, your task will be to hack into the Battleship’s computer system and identify any/all weaknesses.
Congratulations!
You have to some theoretical questions for check your penetration knowledge as a “Pentester”.
Answer the questions below
Q1 — Vector that injects malicious code into a vulnerable web application. It does not direct target the application itself. What is the common Attack mention above?
Answer — cross site scripting
Q2 — Vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. What is the common Attack mention above?
Answer — SQL injection
Q3 — This malware type that negates normal authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware.
Answer — backdoor
Q4 — Deploy the machine.
Answer — no need
TASK 2- Beginner as a student officer
The first step of a penetration test is gathering as much as information about the target.
This Your target IP address : 3.17.19.155
Answer the questions below
Q1 — How many ports are open?
Answer — 3
TASK 3- Up to lieutenant
Moving on…
Look how things are built! Try to find some Sensitive Military Information hidden in plain-sight.
Answer the questions below
Q1 — What is the “Sensitive Military Information”?
Answer — FLAG{Caesar_cipher_is_vulnerable }
TASK 4- up to lieutenants commander
Answer the questions below
Q1 — What is the Secret key of Image ?
Answer — FLAG{steganography_is_a_SECretKey}
Q2 — Where is it located ?
Answer –New Britain
Q3 — what is the profile Date Time ?
Answer — 2017:07:07 13:22:32
Q4 — What is the image profile ID ?
Answer — cala9582257f104d389913d51ea1582
TASK 5- up to commander
You must to do directory brute force attack for this site.
Answer the questions below
Q1 — Someone is hiding in a text file. Who is it?
Answer — FLAG{THIS_IS_A_FLAG}
TASK 6- up to captain
Vector that injects malicious code into a vulnerable web application. It does not direct target the application itself.
Answer the questions below
Q1- What is the vulnerability?
Answer — cross scripting
Q2 — What is the flag?
Answer — FLAG=W00oowww_YOU_Got_Cookie_ValUE
TASK 7- up to Rear admiral
Answer the questions below
Q1 -What is the sensitive flag?
Answer — FLAG{GOODLUCK_FIRST_FLAG_ACHIVED}
Q2 — What is the name of the Database?
Answer — users
Q3 — What is the Captain’s account password ?
Answer -1032dht4324tre5432res3245gfd
Technologies Used.
• Hosted on Amazon Web service EC2 Instance Ubuntu server 18.04
• Client Machine — Linux
• Backend Database — MYSQL
• Backend Framework — PHP
• Frontend development — HTML, CSS, JS
• Web challenges — SQLmap, XSS, Gobuster
• Steganography — Steghide, StegCracker, stegsnow , exifttool
• Port forwarding — SSH, Nmap
• Open-source intelligence — Google
Challenges
-when implementing web exploitations at times due to coding issues , the exploitation was not done properly
-Finding the necessary tools was very hard
-Environment was unfamiliar
-When creating the box the implantation was hard
-When finding a topic I didn’t know how to manage the topic
-Finding myself in a place where I couldn’t export the OBA
-Finding my way through try hack me was hard
-How open VPN works , how hard it was to connect it to the tryhackme
- server problems
-hosting problems
References
[1]Cloud Computing Services — Amazon Web Services (AWS). (n.d.). Amazon Web Services, Inc. https://aws.amazon.com/
[2]What is SQL Injection? Tutorial & Examples | Web Security Academy. (n.d.). https://portswigger.net/web-security/sql-injection
[3] Jevtic, G. (2022, November 21). How to Scan & Find All Open Ports with Nmap. Knowledge Base by phoenixNAP. https://phoenixnap.com/kb/nmap-scan-open-ports
[4]Drake, M., & Heidi, E. (2021, July 15). How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 18.04. DigitalOcean Community. https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-ubuntu-18-04
