Skip to content

Face to Face Session 2

Welcome to the second Face to Face Lab session.

This week we will:

  • Look at some basic web vulnerability's
  • Get Kali Linux running on the University Machines.

Task 1 Hack in the Box

This week we are going to have an introduction to web vulnerabilities. Like last week, the Idea here is to get you back up to speed with some of the basic protocols and concepts that you should already be aware of.

Don't worry, if you haven't done anything like this before. All of the challenges can be solved using nothing more than a Web Browser. Later in the course we will be looking at these topics, (and web hacking in general) in much more depth.

Accessing the Challenges outside of the University

You can access the challenges outside of the university, using the same Web Address

More interesting levels

The folloing levels are password protected (to stop random internet people playing)

  • Mi Casa
  • FratHouse

username is app password is swordfish

You will need a "Victim" for Frathouse

The Task

You Task this week is to try to break into as many of the Web Houses as possible. Most of the tasks can be completed using nothing by a web browser (although for one its certainly easier to write some code.)

This is a Capture the Flag Challenge. After completing each level (and if you look closely) you will get a magic word. Keep a note of these, I hope to get a flag server up later.

Task 2 (Tuesday): Getting a Kali VM

For the rest of the year we will also want a Linux Virtual Machine

We are going to use Kali Linux, which is a OS designed for pen-testing and security analysis. We will also install Docker, which we will use in later Lab tasks

Virtual Box, VMWare

The Uni uses Virtual Box, I prefer to use VMWare (don't ask) If you are setting this up on our own machines you can use whatever virtualisation platform you want. (VMWare, Virtual Box, WSL, Hyper V) Ask if you need help

You can see instructions for getting a Free, Legitimate copy of VMWare Pro (Windows / Mac / Linux) below

Getting your own copy of VMWare

You can get a free copy of VMWare Pro / Fusion etc from the university at On the Hub

You can find it under "Productivity"

Getting a copy of Kali

You can download a copy of Kali from https://www.kali.org/downloads/

Option 1: Installing on Virtual Box

Important

I haven't had a student to test instructions with. I will be updating the martials on Mondays session, when I see where your storage space is etc.

https://www.kali.org/docs/virtualization/install-virtualbox-guest-vm/

Option 2: Installing on VMWare

https://www.kali.org/docs/virtualization/install-vmware-workstation-player-kali-guest-vm/

Getting Docker Installed

https://www.kali.org/docs/containers/installing-docker-on-kali/

We are going to grab a Local Version of the Linux trainer to see if Docker is working correctly

Using a terminal window

#Download the Image
$docker pull cueh/nixtrainer

#Start it up
$docker run --rm --name nixtrainer cueh/nixtrainer

Open a separate terminal window and try to SSH in

ssh level0@127.0.0.1

Other Tasks

You can also:

Back to top