Update subjects

3 years ago · d96e34e4b6
7 changed files with 208 additions and 5 deletions
--- a/subjects/add-vm/README.md
+++ b/subjects/add-vm/README.md
@ -0,0 +1,46 @@
+## add-vm
+
+### Add a virtual machine
+
+We provide virtual machines you need to download & add to VirtualBox.
+
+Each VM will contain a system in a certain state that you will need to use in order to crack the sysadmin exercises. Their names start with "01\_" in order to avoid conflict with your VM names.
+
+You can download these VM here :
+
+https://assets.01-edu.org/sys
+
+For this exercise you need to download the archive : [01_add-vm.tar.gz](https://assets.01-edu.org/sys/01_add-vm.tar.gz).
+
+Extract it in the folder `VirtualBox VMs` which is located in your [home directory](https://en.wikipedia.org/wiki/Home_directory).
+
+In VirtualBox :
+
+- Select on the menu bar : <u>M</u>achine → <u>A</u>dd
+- Open the file `01_add-vm.vbox`
+
+The VM should appear on the list under the name "01_add-vm".
+
+### Snapshots
+
+A snapshot is a state of a system at a given time, just like a version or a copy.
+
+Let's imagine that you want to modify a text or a drawing, that you make a copy before, keeping the original... This is a snapshot.
+
+Software that makes extensive use of this feature :
+
+- Git (a commit is a snapshot)
+- Windows System Restore (a restore point is a snapshot)
+- macOS Time Machine (each backup is a snapshot)
+- Linux LVM (Logical Volume Manager)
+- Filesystems : Btrfs, ZFS
+- Hypervisors like the one you are currently using : VirtualBox
+
+**We recommend that this be the first thing you do after importing a VM.**
+This way you can break it, go in the wrong direction or want to try another way and at any time you can go back to the original state.
+
+If you forgot to do so and want to make a fresh start, you can always delete the VM (all files) and add it again in VirtualBox.
+
+### Check
+
+Since all VMs are based on this one, check that it is working properly by starting and stopping it gracefully.
--- a/subjects/connect/README.md
+++ b/subjects/connect/README.md
@ -0,0 +1,70 @@
+## connect
+
+To communicate over a network, a computer must have an IP address.
+
+The computer can choose its own IP address (static) or can ask a DHCP server to assign one (dynamic).
+
+Generally, clients (smartphones, laptops, etc...) rely on DHCP servers to have a dynamic IP address and servers have a static IP address.
+
+For this project you will need to add these 3 VM :
+
+- [01_connect_box](https://assets.01-edu.org/sys/01_connect_box.tar.gz)
+- [01_connect_machine1](https://assets.01-edu.org/sys/01_connect_machine1.tar.gz)
+- [01_connect_machine2](https://assets.01-edu.org/sys/01_connect_machine2.tar.gz)
+
+The VM are configured like this :
+
+```
+        N E T W O R K S                C O M P U T E R S
+_______________________________     ________________________
+
+.-----------------------------.
+|          Internet           |
+'-----------------------------'
+               ^
+               |
+               v
+.-----------------------------.
+|        VirtualBox NAT       |
+|                             |
+|         DHCP server         |     .----------------------.
+|          DNS server         |     |         box          |
+|                             |     |                      |
+|              (10.0.2.2) NIC |<--->| enp0s8 (10.0.2.15)   |
+|                             |     |   ^                  |
+'-----------------------------'     |   |                  |
+.-----------------------------.     |   |                  |
+| VirtualBox Internal Network |     |   | DHCP server      |
+|                             |     |   v                  |
+|                           |<----->| enp0s3 (192.168.0.1) |
+|                           | |     |                      |
+|                           | |     '----------------------'
+|                           | |     .----------------------.
+|                           | |     |       machine1       |
+|                           | |     |                      |
+|                           |<----->| enp0s3 (192.168.0.2) |
+|                           | |     |                      |
+|                           | |     '----------------------'
+|                           | |     .----------------------.
+|                           | |     |       machine2       |
+|                           | |     |                      |
+|                           |<----->| enp0s3 (192.168.0.2) |
+|                             |     |                      |
+'-----------------------------'     '----------------------'
+```
+
+You will only have control over "machine2". This computer have Internet access through the "box".
+
+Start the 3 VM and test on machine2 the connectivity quality with this command :
+
+```
+timeout --signal SIGINT 1m ping google.com
+```
+
+After one minute the result shows the percentage of lost packets. It should be quite high (above 10%).
+machine1 and machine2 have the same IP address, which leads to connectivity problems.
+
+Find how to :
+
+- change the IP address to avoid the conflict
+- make the IP address dynamic (attributed by the box DHCP server)
--- a/subjects/remote/README.md
+++ b/subjects/remote/README.md
@ -0,0 +1,29 @@
+## remote
+
+### Connect
+
+To type commands in a distant shell, you can use your peripherals (keyboard, monitor) or [SSH](<https://en.wikipedia.org/wiki/SSH_(Secure_Shell)>).
+
+It is more comfortable to use SSH because you can use your usual terminal, with the right keymap, theme, etc.
+
+Do to this exercise you will need to add this VM :
+
+- [01_remote](https://assets.01-edu.org/sys/01_remote.tar.gz)
+
+Because the VM is behind the VirtualBox NAT router you can't access it directly. Unless you add a port forwarding rule in the VM settings that maps a host port to a guest port. Host refers to your machine and guest to the VM.
+
+Host & guest IP addresses don't need to be specified, guest port needs to be 22 because that's SSH default listening port.
+
+Then connect to it via SSH (this is the only way since consoles are disabled) :
+
+```
+ssh -p HOST_PORT root@localhost
+```
+
+### Configure
+
+It is recommended to change the default SSH port (22) to prevent bots from trying to connect to it.
+
+Since we are pretending that the guest VM is a server, change the SSH service port and make sure the port forwarding of the Virtual NAT network still works !
+
+In addition, you will need to allow the new port in the firewall `ufw`.
--- a/subjects/scan/README.md
+++ b/subjects/scan/README.md
@ -0,0 +1,58 @@
+## scan
+
+![scan1](scan1.png)
+
+> You're going to do like Trinity in the movie _The Matrix Reloaded_. Except that you're not going to turn off the electricity in a city, and you probably don't wear as much leather, but that's okay.
+
+---
+
+By design and by default, most network entities have a high discoverability.
+
+Whatever your motivations for exploring a network (hacking, curiosity...), you generally proceed in this order :
+
+1. Scan a network to find hosts
+2. Scan a host to get information (hardware, OS & exposed services)
+
+`1.` can be done by analyzing the link layer of Internet protocols, in particular `ARP` in order to gather MAC addresses (the identifier of a network interface, such as Wi-Fi or Ethernet cards).
+
+`2.` is usually performed by analyzing the network and transport layers, in particular the `IP` & `TCP` protocols with the `nmap` tool.
+
+For the context, when you open a website, here are the protocols involved, from the highest to lowest level (the protocols at the top depend on those at the bottom):
+
+- `HTTP`: application layer (website data) - messages
+- `TLS`: application layer ("lock" sign) - secure connection
+- `TCP`: transport layer (port number) - reliable connection
+- `IP`: network layer (IP address) - global communication
+- `ARP`: link layer (MAC address) - local communication
+
+For this challenge, you will focus on `IP`, `ARP` & `TCP`, and therefore on IP/MAC addresses and ports.
+
+You will need to add these 2 VM :
+
+- [01_scan_RRF-CONTROL](https://assets.01-edu.org/sys/01_scan_RRF-CONTROL.tar.gz)
+- [01_scan_laptop](https://assets.01-edu.org/sys/01_scan_laptop.tar.gz)
+
+You will only have control over "laptop". A port forwarding is set on 10122 so you can connect through SSH.
+
+Your mission, should you choose to accept it, is to scan the network interface `enp0s8` and find a way in the server, you will know you have succeeded when you see :
+
+```
+RRF-CONTROL> █
+```
+
+Because the VirtualBox Internal Network is very slow (10 Mbps, Ethernet is usually 1000 Mbps), expect long scan times :
+
+- ARP scanning takes up to 5 minutes
+- port scanning takes up to half an one hour with the option `-T4` (even more without).
+
+May the Fourth be with you.
+
+---
+
+---
+
+![scan2](scan2.png)
+
+> Another depiction of the `nmap` tool: in _Ocean's 8_, Rihanna uses [Kali Linux](https://www.kali.org) to steal a valuable diamond.
+>
+> Same strategy, different styles
--- a/subjects/scan/scan1.png
+++ b/subjects/scan/scan1.png
--- a/subjects/scan/scan2.png
+++ b/subjects/scan/scan2.png
--- a/subjects/sys/README.md
+++ b/subjects/sys/README.md
@ -10,11 +10,11 @@
 | ------------- | ------------------------------------------------------------------------------------------------------------------ | ---------------------- | --------------- |
 | `linux`       | Introduction and VirtualBox installation/basic usage.                                                              | OS, virtualization     | subject + audit |
 | `login`       | Connect to console (using different virtual terminals), basic commands and usage of the console.                   | OS                     | subject         |
-| `update-vm`   | Fetch, update and use our training virtual machine (introduction to snapshots and cloning).                        | virtualization         | script          |
-| `connect`     | Fix a conflict of IP address, configure DHCP & static IP address.                                                  | OS, network            |                 |
-| `remote`      | Remotely connect to a pseudo-terminal (configure firewall, change SSH port and listening address).                 | OS, network, security  | WIP             |
-| `upgrade`     | Free disk space (caches, logs & temporary files) to upgrade the OS.                                                | OS                     |                 |
-| `scan`        | Discover machines and services (scan ARP, `nmap`), brute-force portals.                                            | OS, network, security  | WIP             |
+| `add-vm`      | Download and add our training virtual machines (introduction to snapshots).                                        | virtualization         | VM, subject     |
+| `connect`     | Fix a conflict of IP address, configure DHCP & static IP address.                                                  | OS, network            | VM, subject     |
+| `remote`      | Remotely connect to a pseudo-terminal (configure firewall, change SSH port and listening address).                 | OS, network, security  | VM, subject     |
+| `scan`        | Discover machines and services (scan ARP, `nmap`), brute-force portals.                                            | OS, network, security  | VM, subject     |
+| `upgrade`     | Free disk space (caches, logs & temporary files) to upgrade the OS.                                                | OS                     | WIP             |
 | `reboot`      | Learn how to recognize a blocked system and reboot it (hard reset, magic SysRq key).                               | OS                     |                 |
 | `ram`         | Fix a program being OOM (enlarge swap and system memory, compare performance).                                     | OS, virtualization     |                 |
 | `benchmark`   | Learn how to benchmark a program                                                                                   | OS, disk               | WIP             |