This project involved myself and my Capstone team assisting one of our professors, Devin Paden in developing and deploying targets for students to attack in the SEC335 Ethical Hacking course offered by Champlian College. The goal was to turn the class into one where labs were operated similiarly to a Hack the Box/CTF format in order to facilitate a more relaisitc attack scenario. Alongside this we also would update the vulnerbailities to be more relevant to what can be found in the wild as well as automated the deployment using Ansible to reduce overhead and to allow mass deployment over the SEC335 Vsphere environment.
Capstone Implementation Weekly Reflections
Disclaimer: Only Bree Files are present due to several students in the class knowing I was working on there assignments and thus a decision was made to exclude them from here to stop them from finding them.
Description:
A Cockpit RCE vulnerability, CVE-2018-12613
Cockpit Files:
https://github.com/BigMike-Champ/Capstone/tree/main/files
Service Files:
https://github.com/BigMike-Champ/Capstone/tree/main/cockpit
Fake "target activity" Files:
https://github.com/BigMike-Champ/Capstone/tree/main/storage
Worked on with the Team as an RCE, CVE-2018-12613
DOCS:
https://github.com/BigMike-Champ/Capstone/wiki/Target-1-Documentation
A Pollkit Priv ESC Vulnerability, CVE-2021-3560