Overview Defense Point Security presents SploitNet: a multi-stage hacking puzzle for cyber security professionals to challenge themselves and each other.
SploitNet is a series of downloadable Virtual Machines (VM) designed to simulate a real-world attack scenario, where an attacker would have to compromise multiple systems to access the desired target. Designed by senior DPS security talent, SploitNet was created to teach hands-on penetration testing skills to computer security professionals who have an introductory to intermediate level of penetration testing experience.
A series of three exploitable Virtual Machines (VM) Simulates a real-world attack scenario Attackers must compromise multiple systems to access target data Attacker will have to use the access obtained from the previous VM to compromise the next VM Created to teach hands-on penetration testing skills to computer security professionals Beginner to Intermediate level of experience These VMs were created by some awesome people in DPS's Fellows program. Feel free to hit us up @defpointsec on twitter if you have comments and/or questions. DPS hopes you enjoy hacking these VM's as much as we have enjoyed creating them!
Who will be the first person in your organization to follow the breadcrumbs to victory?
At its most basic level, the goal of SploitNet is to obtain access to the first (.100) VM and use it to pivot to the second (.101) VM and from there to the third and final (.102) VM. However, to prove that you have fully exploited the VMs you need to collect some information to substantiate that claim. The first VM (.100) is optional, though the second (.101) and third (.102) VMs are mandatory. On each of the VMs there are files with secret keys that will prove that you exploited the VMs. On the first (.100) VM, there are 2 -- one for a non-privileged user and one for root -- these are optional. The second (.101) VM also has 2, one for a non-privileged user and one for root -- these are mandatory. The same is true for the third (.102) VM in that there are also 2 secret key files. The format of the secret key files are <userid>_secret_key_file_<IP of the VM>.txt and they live in the home directory for each user on each VM. As you exploit the VMs, you need to copy the contents of these files (optional on the first (.100) VM) and email them to the DPS fellows to prove that you successfully exploited each of the boxes. This will entitle you to the official DPS SploitNet t-shirt with the badge on the sleeve, which proves to other DPS'rs and the world that you exploited all of the VMs. Good luck! Hack the world!