Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
12. Bonus: Capture The Flag
SECRET//NOFORN
Capture The Flag
('toc' missing)
Setup
On the share (\\FS-01\share\NewDeveloperExercises\CaptureTheFlags) there is a VMVirtual Machine titled "New Developer CTFCapture the Flag Windows 8.1 x64". Copy the VMVirtual Machine folder to your local machine. If VMWare asks, you copied it.
Submitting Answers
Text Here
Challenge 1: Survey
For this challenge you will be collecting information about the target machine (CTFCapture the Flag VMVirtual Machine). This is useful for understanding future deployments against a machine. Surveys can reveal many things about a machine or its network. So, to capture this flag you will need to collect the following information about the CTFCapture the Flag VM:
Machine GUID
- User Name
- Computer Name
Installed Applications
Network Card MACApple Operating System Addresses
- List of all mounted volumes
Process List
Now, have your tool then output all of this data (raw) into a file in Desktop\Results\Survey\Survet.txt. Shortly after, you'll have your first flag!
Challenge 2: File Collection
Collect all files that match a certain type from a certain location. Copy the files to a certain location (set event to signal you're done). Files will be validated.
Challenge 3: Encryption and Compression
Encrypt Improve Dummy With The Following Key - (Use Secure Buffer) and output the encrypted file to a certain location
Challenge 4: Payload Deployment
Kick off Dummy Payload using CreateProcess and LoadLibrary on a dll
Challenge 5: System Monitoring & Manipulation
Watch for registry key change, process list, window hooks?
Challenge 6: Persistence
Create Sched Task as user, logoff and logon to get flag
Challenge 7: Data Transfer
Execute Survey from part one, pipe it to me over a known named pipe
Challenge 8: PSPPersonal Security Product (Anti-Virus) Evasion
Known Bad Executable + Src. Known defeats. Verify it passes
Challenge 9: Execution Vectors
Trojan - take winrar and trojan it, validate resources and application startup
Challenge 10: Privilege Escalation
Describe Artillery UACUser Account Control Bypass, Have them write it to execute ImprovedDummy as Administrator.
Finishing Up
As we go on, we remember, all the time we...
SECRET//NOFORN