Sie sind auf Seite 1von 3

Penetration test workshop – CENEC Campus

General instructions for the Penetration test.

USE ONLY IP addresses provided for you. (IP.txt) 10.0.0.X

During the workshop you have to explore the machine and discover useful information, look for valuable
data etc. At the same time you may record them for scoring in the given format. Some examples of useful
information that can be used for scoring are as follows, (BUT NOT limited to only to those)

1. Find IP Address , Machines names, OS type and the version , Services, open ports, MAC Addresses
and Vulnerabilities you found in the host

2. Commands used to gather information and command output/results

3. Screenshots to prove your activities, captures etc.

4. Access credentials for targets

5. IP addresses and host/domain names of targets you.

6. Contents of password files (The full content of the file, not just the hash value)

7. Cracked passwords

8. Contents of useful files (Notes for the admins, design documents, scripts with passwords, etc...)

9. Database table names

10. Database contents

11. Information leakage details

12. Other services of accessing the target. Ex: FTP, Telnet, SSH etc

13. Content of any Authentication keys or files

GENERAL INSTRUCTIONS FOR THE PENETRATION TEST KUSHANTHA GUNAWARDANA


Things that you should DO

1. USE ONLY the IP addresses provided. Using other IP addresses may result in deduction of marks.

2. Be simple, think simple, be calm

3. Information gathered through web sites, FTP Accounts, SSH, Telnet, documents etc. will give you
some hints, so grab them and move forward.

4. Initial attack IP range is 10.0.0.X and you may proceed to identify live hosts, other network
segments etc.

Things you should NOT DO

1. Do not change IP addresses of any machine during the competition

2. Do not change startup programs files

3. Do not attack your own IP range that is 10.0.0.X range

4. There may be Honey Pots in the network BE CAREFUL. This may eat up your competition time also
may lose some points you already obtained

5. No DOS/DDOS

6. No Hardening

7. No File Deletion / Keep the integrity

You do not need to delete any lines in that file, just add you own line to that file. You should also ensure
that your entire Index number or name is on the same line in the file. Invalid or corrupted hash values will
not be processed for scoring.

GENERAL INSTRUCTIONS FOR THE PENETRATION TEST KUSHANTHA GUNAWARDANA


Points Scheme
1. Network map – IP Address / machines names / OS / Services/ports / MAC – 1pt each

2. Web site Defacement – 10pts each

3. Host the flag (create txt file with your index number in the root) – 30pts

4. Escalating the Account – 40pt

5. Create a File or folder in the root – 30pts

6. Add user – 30pts each

7. Remote access - FTP / Telnet etc. – 20 pts. each.

8. Crack password – Admin – 40pts

9. Crack password – non-Admin – 20pts

10. Change the wall paper – 30 pts.

GENERAL INSTRUCTIONS FOR THE PENETRATION TEST KUSHANTHA GUNAWARDANA

Das könnte Ihnen auch gefallen