_________      .__         .__  __   _______          __   
 /   _____/_____ |  |   ____ |__|/  |_ \      \   _____/  |_ 
 \_____  \\____ \|  |  /  _ \|  \   __\/   |   \_/ __ \   __\
 /        \  |_> >  |_(  <_> )  ||  | /    |    \  ___/|  |  
/_______  /   __/|____/\____/|__||__| \____|__  /\___  >__|  
        \/|__|                                \/     \/      

 

Overview

Defense Point Security presents SploitNet: a multi-stage hacking puzzle for cyber security professionals to challenge themselves and each other.

SploitNet is a series of downloadable Virtual Machines (VM) designed to simulate a real-world attack scenario, where an attacker would have to compromise multiple systems to access the desired target. Designed by senior DPS security talent, SploitNet was created to teach hands-on penetration testing skills to computer security professionals who have an introductory to intermediate level of penetration testing experience.

Highlights:

  • A series of three exploitable Virtual Machines (VM)
  • Simulates a real-world attack scenario
  • Attackers must compromise multiple systems to access target data
  • Attacker will have to use the access obtained from the previous VM to compromise the next VM
  • Created to teach hands-on penetration testing skills to computer security professionals
  • Beginner to Intermediate level of experience

These VMs were created by some awesome people in DPS's Fellows program. Feel free to hit us up @defpointsec on twitter if you have comments and/or questions. DPS hopes you enjoy hacking these VM's as much as we have enjoyed creating them!

Who will be the first person in your organization to follow the breadcrumbs to victory?

Similar to the original SploitNet, the end goal of SploitNet 2 is to obtain access to the first (.200) VM and use it to pivot to the second and final (.201) VM. While there are only two VM's in this iteration of SploitNet, don't assume that this challenge will be simple. You will need to gain access to root on both of these VM's. To prove that you've completed the challenge, you'll need to obtain the MD5 hashes within the two files placed on each of the VM's.

  • - Exploit .200
  • -- Exploit .201
  • --- Collect key files from .200 & .201

Downloads

Credits

  • Jason Ashbaugh
  • Jonathan Cooper (bigc00p)
  • David Dalling
  • Jake Groth (@gphreakx)
  • Jeff Ferrell (@jeffxf)
  • Billy Meyers (@_hAxel)
  • Jonathan Naugle (SecDood)
  • Brad Poulton
  • Gabriel Pulgar (crackbard)
  • Duane Waddle

Change Log

  1. 01/25/2016 v0.1 - Initial release

At its most basic level, the goal of SploitNet is to obtain access to the first (.100) VM and use it to pivot to the second (.101) VM and from there to the third and final (.102) VM. However, to prove that you have fully exploited the VMs you need to collect some information to substantiate that claim. The first VM (.100) is optional, though the second (.101) and third (.102) VMs are mandatory. On each of the VMs there are files with secret keys that will prove that you exploited the VMs. On the first (.100) VM, there are 2 -- one for a non-privileged user and one for root -- these are optional. The second (.101) VM also has 2, one for a non-privileged user and one for root -- these are mandatory. The same is true for the third (.102) VM in that there are also 2 secret key files. The format of the secret key files are <userid>_secret_key_file_<IP of the VM>.txt and they live in the home directory for each user on each VM. As you exploit the VMs, you need to copy the contents of these files (optional on the first (.100) VM) and email them to the DPS fellows to prove that you successfully exploited each of the boxes. This will entitle you to the official DPS SploitNet t-shirt with the badge on the sleeve, which proves to other DPS'rs and the world that you exploited all of the VMs. Good luck! Hack the world!

  • - Exploit .100
  • -- Exploit .101
  • --- Exploit .102
  • ---- Collect Intelligence from .102

Downloads

Credits

  • Chad Clary
  • Gabriel Pulgar (crackbard)
  • Jonathan Naugle (SecDood)
  • Billy Meyers (@_hAxel)
  • Jonathan Cooper (bigc00p)
  • Bryce Kunz (@i2tbee)
  • Jake Groth (@gphreakx)
  • VMs tweaked by Bryce Kunz, VP of Computer Network Exploitation (CNE) @ DPS

Change Log

  1. 09/21/2013 v0.1 - Includes several bug fixes discovered at DPS's September 2013 HackDay

Q

Should I select that "I moved it" or "I copied it"?

I moved it

A

You should select "I moved it". If you select "I copied it" the network adapter will get assigned a new MAC address, then when the endpoint starts up it will create a new network adapter (e.g. eth3). The static IP address assignment will not be set to the new network adapter and you will most likely not be able to communicate with the VM over the network.

Q

What is the subnet for the SploitNet VMs?

A

10.0.250.0