Download
Introduction
Kali Linux CTF Blueprints is a six chapter book where each chapter details a different kind of Capture the Flag style challenges. Each chapter will deal with a number of basic setups while suggesting a variety of different alternatives to allow reuse of fundamental concepts. The book is designed to allow individuals to create their own challenging environments to push their colleagues, friends, and own skills to the next level of testing prowess
What this book covers
Chapter 1, Microsoft Environments, contains instructions to create vulnerable servers and desktops, covers the most prevalent vulnerabilities, and contains suggestions on more complicated scenarios for advanced users of Microsoft environments.
Chapter 2, Linux Environments, similar to the first chapter, is focused on generating generic vulnerabilities in Linux environments, providing the basic concepts of CTF creation along with suggestions for more advanced setups.
Chapter 3, Wireless and Mobile, contains projects targeting Wi-Fi-enabled devices, including a section specifically targeting portable devices such as tablets and smartphones.
Chapter 4, Social Engineering, contains scenarios ranging from the creation of XSS attackable pages to unmask online personas through social media and e-mail accounts.
Chapter 5, Cryptographic Projects, contains attacks against encryption deployments such as flawed encryption, deciphering encoded text, and replication of the well-known Heartbleed attack.
Chapter 6, Red Teaming, contains two full-scale vulnerable deployments designed to test all areas covered in the previous chapters, mimicking corporate environments encountered across the world.
Appendix, covers references to various books for further reading, blogs, competitions, conferences, and so on.
What you need for this book
The requirements for individual projects are detailed in their setup sections; however, it is assumed that you have the following:
• A copy of Kali Linux
• At least one machine or virtual machine that can be set up as a target
Who this book is for
Kali Linux CTF Blueprints is aimed at individuals who are aware of the concepts of penetration testing, ideally with some practice with one or more types of tests. It is also suitable for testers with years of experience who want to explore a new field or educate their colleagues. The assumption will be that these projects are being created to be completed by other penetration testers and will contain exploitation guides to each project. If you are setting these challenges for yourself, try and exploit them without reading the exploitation methods first. The suggested methods are just that; there are many ways to climb a tree.
Reading guide
Each chapter of this book is split into four major sections:
• Opening discussion, theory, and general setup
• All the processes to set up the challenges
• All the processes to exploit the challenges
• A closing summary and discussion
A warning
This book is based around the creation of vulnerable machines that are to be exploited in controlled environments. The methods contained for exploitation are of industry standard and are therefore well known. Please follow the ensuing rules:
• Do not host any vulnerable software on Internet-facing machines; you will get pregnant and you will die.
• Do not use a computer that is used for daily usage as a target. Exploitation can permanently damage machines and personal files can be lost. Your parents/spouse/children will not forgive you easily if you lose their cherished documents.
• Do not use personal passwords or credentials on test devices. Even without being the target, they can be inadvertently exposed to testers and used for mischievous or malicious purposes.
