Play

Capture the Flag Walkthrough – DerpnStink

DeRPnStiNK is a boot2root Ubuntu-based virtual machine. This walkthrough is rated as
beginner to intermediate. You aim to remotely attack the VM and locate all four flags, eventually taking you to full root access. Use a strict hacking methodology and enumerate everything!

Mr. Derp and Uncle Stinky are two system administrators starting their own company, DerpNStink. Instead of hiring qualified professionals to build up their IT landscape, they decided to hack together their system, which is almost ready to go live.

This is a boot2root Ubuntu-based virtual machine. It was tested on VMware Fusion and VMware Workstation12 using DHCP settings for its network interface. It was designed to model some of the earlier machines I encountered during my OSCP labs, with a few minor curveballs but nothing too fancy. Stick to your classic hacking methodology and enumerate all the things!

Your goal is to remotely attack the VM and find all 4 flags, eventually leading you to full root access.

Hardware Requirements

• Installation of VirtualBox
• One virtual install of Kali Linux
• One virtual install of the Basic Pentesting OVA file.
• Ensure the network adapter for both machines is set to either bridged or NAT.
• This VM will not boot until you enter the settings and disable the USB controller.

Why take this Course?

If you’ve taken the ethical hacking courses, you’ve been introduced to the tools and the methodology used by pentesters and ethical hackers.  Prof. K’s Ethical Hacking – Capture the Flag Walkthrough series brings it all together, showing students how to perform an actual pentest and gain root access. But, more importantly, students learn how to build the hacker’s methodology into their mindset.

Prof. K’s Ethical Hacking – Capture the Flag Walkthrough series is designed to introduce students to skills similar to what pentesters and hackers use in real-life situations. In addition, this course will provide a greater understanding of how vulnerabilities are discovered and exploited.

Although all hackers use no specific step-by-step methodology, a typical hacking process comprises the following steps:

1. Footprinting – the passive method of gaining information about the target system before performing the attack.
2. Scanning – the process of taking information obtained from the footprinting phase to target the attack more precisely. Some methods used in this phase are port scans, ping sweeps, operating systems detection, observation of facilities used by the target, etc.
3. Enumeration – the process of extracting more detailed information about the information obtained during the scanning phase to determine its usefulness. Some methods used in this step are user accounts enumeration, SNMP enumeration, UNIX/Linux enumeration, LDAP enumeration, NTP enumeration, SMTP enumeration, DNS enumeration, etc.
4. System hacking is planning and executing the attack based on the information obtained in the previous phases. In this phase, the attacker performs the hacking process using hacking tools.
5. Escalation of privilege – obtaining privileges granted to higher privileged accounts than the attacker broke into initially. This step aims to move from a low-level account (such as a guest account) to an administrator.
6. Covering tracks – the process of removing any evidence of the attacker’s presence in a system. For example, the attacker purges log files and removes other evidence the system owner needs to determine that an attack occurred.
7. Planting backdoors – securing unauthorized remote access to a computer so the attacker can access the system later without being detected. Backdoors are computer programs that give attackers remote access to a targeted computer system. Entry-level Walkthroughs for Capture the Flag exercises that will help strengthen your pentesting skills.

Students step through each of the Capture the Flags (CTF) walkthroughs using a step-by-step lab file and video tutorial. Students follow the steps taken by a pentester or ethical hacker to enumerate a target and gain root access. Additionally, each CTF reinforces the steps of the hacking methodology used by pentesters and hackers.

Students who have completed Prof. K’s  Ethical Hacking Courses can now practice what they have learned in Prof. K’s Ethical Hacking – Capture the Flag Walkthrough series of exercises. You’ve seen the tools and heard all the war stories. Now, learn ethical hacking as you’ve always wanted to.