Back to Home

Penetration Testing Lab v.9: Nothing Is Impossible / Pentestit Blog

penetration test lab

Penetration Testing Laboratory v.9: nothing is impossible



    On May 20, 2016, the next, ninth penetration testing laboratory Test Lab v.9, which is a virtual company CyBear 32C, engaged in the development of various systems and applications, including information security systems, was launched.

    It took participants 11 days to compromise all elements of the infrastructure. The article considers the details, names of winners, feedback from participants and a link to a partial walkthrough.


    The participant acting as an external intruder needed to search and exploit vulnerabilities, overcoming various protection systems: antiviruses, WAF and Firewall, access control systems, etc. The main difference between Test labs and CTF competitions is a realistic story: the compromise of one node may allow an attack on other network elements to develop.

    Statistics


    To date, the number of registered participants exceeds 9,000. On average, about 40-50 participants were registered in the laboratory per day. The maximum number of simultaneously connected participants is 141. Over 2 weeks of the laboratory's work, a total of 161 tokens were collected.

    Geographical distribution of participants:

    1. Russia - 434
    2. USA - 87
    3. India - 64
    4. Ukraine - 61
    5. Germany - 54
    6. Italy - 48
    7. England - 44
    8. Australia - 33
    9. Israel - 30
    10. Netherlands - 2

    At the moment, participants from 63 countries are passing the laboratory. 12 participants managed to complete the entire laboratory. In 2016, the growth of new participants amounted to 3267 people.

    The average network activity was 30–40 Mbit / s, and the peak load was 230 Mbit / s.

    In the first two weeks, we registered 75.504.503 events. Most attackers use well-known utilities and scanners: the most popular web application vulnerability analysis tools were Acunetix, w3af, and Dirbuster utility scanners. For example, according to the Dirbuster utility, 3,640,044 events were recorded in the logs per week. More than 2 GB of logs were collected per day on the main site (Mainsite).

    Not a single participant was able to bypass the Web Application Firewall; access from a trusted network segment was used to compromise a secure site.

    Vulnerabilities in the laboratory, which were not standard scanners (for example, ssh with non-standard greetings banner and PAM), immediately eliminated a huge percentage of attackers.

    Laboratory creation


    All employees of our company take part in the creation of the laboratory, using their practical experience and the experience of our colleagues. To understand how this happens, we present a short review from Alexander Dmitrenko sinist3r :
    The idea for the task came in the process of building a storage network (SHD, or Storage Area Network, SAN).

    When deploying hardware and disk shelves, the thought arose about potential vulnerabilities and possible vectors.

    And after there were already some rough ideas, a sensational description of hacking team hacking (https://xakep.ru/2016/04/18/hacking-team-hack/) appeared, which helped to finish the task in time. And so it acquired the finished look of a multi-stage task and with a few little things that would definitely make you think.

    When implementing any task, the biggest difficulty is the factor of a large number of participants, and at the same time 50-60 people can somehow interact.

    In addition, the development process always has to take into account possible destructive actions, which in the most negative scenario can lead to complete server inoperability. To preventively deal with such situations, wherever possible we try to reduce the rights of participants, if this is not possible, then we have to use the tasks in the scheduler and periodically reset everything to its original state.

    The task deployment time usually does not take very much time (3-4 days), especially if all the main details were planned at the initial stage. Then the testing period begins under various conditions. At this stage, various minor changes are often made, which are designed to improve stability, protection against destructive and the like.

    It is worth noting that very often in the process of developing tasks there is a peculiar side effect, which lies in the fact that a deeper understanding of the work of a service comes, and sometimes new knowledge is acquired about previously completely unknown features and subtle nuances.

    Also, in the creation of the laboratory some ideas of Bogdan Lukin and Cyril R. (St. Petersburg) were used.

    Members


    Qualifications of participants, tools and methods were quite diverse: some participants hacked another segment of the network for a rather long time, while passing others reminded a certain speedrun - the services of a virtual company were hacked at 2-3 per hour. This is due to both practical experience - among the participants were members of the world's strongest CTF teams, as well as security professionals from around the world, for example, g0tmi1k.

    Feedback from our participants:

    Alehandro Red
    Although I have not yet taken a single token, I leave a positive review. Because The vulnerabilities that are on the first server are very relevant and appeared relatively recently, I would really like to help in the development of the following laboratories in order to be aware of all new vulnerabilities, their exploitation and protection against them.

    Maxim khazov
    Laba, like the previous one, really liked it! I did not find analogues to such a format for conducting CTF, which is close to testing the real network infrastructure.

    This lab was perhaps even more complicated than the previous one. Trying to go through it alone is one of the first is very difficult, so I also had to often communicate with other participants. The greatest respect to those who passed without talking to anyone)

    Of the tasks this time they liked the most: site-test, portal and of course, ssh-test, which all the leaders passed the last. Many tasks required knowledge of certain specific technologies, if it had not been encountered before, it was difficult.

    R0s
    Laba really liked, enjoyed solving tasks. I have not seen anything like it

    Artem Dimitriev
    I really like your laboratories, I look forward to the next.
    Participating, I learned a lot for myself, I got a lot of friends.
    Thank you very much for the work done.

    Mister_Bert0ni (Bogdan Lukin, Information Security Analyst)
    Frankly, I really liked everything. Thank you very much the organizer of the laboratory. Everything is very interesting, vulnerabilities are all relevant. The plot is thought out interestingly. It is also encouraging that our foreign friends are actively participating in the laboratory and TestLab is reaching the world level)) I consider this a very great achievement. It is thanks to the organizers of the lab that people who enjoy their passage will immediately share their impressions among their circles of communication - which explains the sharp increase in the number of participants in the laboratory.

    Sipan Vardanyan , CISO. noyer
    Pentestit v9.0 Lab is something unique.
    I have been working in the field of information security for several years, and in my spare time I often participate in various CTFs: this helps to efficiently absorb new information, explore new attack vectors, and as a rule, methods of neutralizing them, however, vulnerabilities are almost always fake, clearly synthetic .
    Pentestite creates something else - everything is close to the real conditions for conducting an IS audit, which undoubtedly pleases. In each task that the participant encounters during the passage of the laboratory, one can often observe real vulnerabilities that occur in the field.
    Great idea, and just perfect execution!
    Thanks to the organizers and development team.

    Mokhon yuri
    I am an employee of the information security department. At one point, the leadership was given the task of conducting a pentest on the network. But here, as it turned out, practical knowledge was also needed. That's how the pentestit lab was found. I participated in the last three labs. All the tasks were very interesting to me, I knew a lot in theory, and finally I was able to see how this is embodied in practice. Also, with the help of laboratory ones, I learned some tricks and tricks that were used by more experienced players. I wish your company success and prosperity. And if there is an opportunity, I will definitely sign up for courses. Thanks for the lab and indescribable sensations.

    n0z3r0
    I am participating for the second time and honestly, I really like the way the laboratory is organized, how responsive the guys who follow its work are. Equally in quality and organization on the Internet, perhaps there is no such laboratory, basically all are limited to one machine, and then with already-worn images that can be found on Vulnhub. Or they are limited in time by several days, so if you are late, then it means participating, you will not be able to get experience. Here you
    can not only gain experience, but also a lot of emotions. It is very pleasing that the lifetime of the laboratory is enough to leisurely go through it, to work out certain types of attacks, port forwarding, building relays, etc.


    Winners


    1st place Vyacheslav Chernigov
    On behalf of all participants I want to thank the organizers for the laboratory! This is my fifth laboratory. The laboratory seemed a little lighter than the previous one, several tokens were taken on the machine, but there were still moments when it was necessary to look for a solution. I really liked the ssh_test task, it took me about five hours to solve it, but when the result was received, the first thing that came to my mind when they found it, self-esteem will decrease (by the way, you can take it right after entering ssh!). To pass such tasks, administrators need to think like hackers, and hackers think like admins, then there will be harmony.
    We look forward to the next laboratory, thank you all for your
    support and participation. Good luck to all.

    By the way, when I took the last token, the number of participants was exactly 9000!

    2nd place Alexey Stoletny alexeystoletny
    Pentestit's lab as always turned out to be excellent. I am participating for the third time, and I want to sincerely thank the company for organizing the laboratories - each moment there is a separate mention:

    • Interesting and informative tasks that actually reflect modern attack vectors - there are no boring SQL injections on ASP sites and other artifacts of a decade Prescription - each task is a way to find out about the current vulnerability, its exploitation and the solution methodology.
    • Great competitive aspect: to gather with like-minded people and fight on the field of a virtual company - what could be more interesting? And considering that the Pentestit team and the community of participants are active and rapidly developing, it’s even cooler!
    • Speaking about the community, I want to note that a unique audience of interesting people from around the world is going around the laboratories, each of whom is very interesting to meet, discuss common issues and thereby continue to grow.

    I am especially grateful to Pentestit for actively promoting the information security industry as a whole - courses, defcon.ru, informing about modern threats, creating and moderating the community, and, of course, laboratories - all this allowed me personally to learn a lot, get practical experience and get to know pleasant ones and interesting friends and colleagues.

    The laboratory will still be open long enough, so come, register, and you will definitely not regret it.

    3rd place Kirill Firsov , isis - employee of our beloved Habrahabr.
    A well-designed laboratory allows you to exploit different types of vulnerabilities in real conditions.
    Bugs from heartbleed to viruses in Word. Was great! I will take part next time.




    For those who want to try their hand, but do not know where to start, we publish a partial vraytap for passing .

    If you have already tried your hand in the combat conditions of the laboratory, but you have had difficulty completing the tasks, we suggest that you increase your professional level of knowledge. For specialists interested in obtaining high-quality practical training in the field of information security and penetration testing, we have developed Corporate Laboratories , which have found admired responses from system administrators, employees of information security divisions of the largest Russian banks, IT companies and government agencies.

    We thank everyone who took part in Test lab v.9 and are pleased to announce that active preparations are already underway to launch the new Test lab v.10 laboratory from Pentestit!
    We invite sponsors to cooperation!
    Do you want the global IB community to know about your company? Request information about sponsorship packages by mail: [email protected].

    We are waiting for you among the partners and participants! See you!

    Read Next