Home Creating a hacking challenge
Post
Cancel

Creating a hacking challenge

Posted May 2, 2023 Updated May 6, 2023
A meme about hacking
A meme about hacking
By
5 min read

A few weeks back I was speaking to a rival of mine and fellow blogger (Who runs an inferior blog that can be found at blog.yemm.dev) who had been telling me of his adventures in the world of cyber security and pentesting. Over the course of a year or 2 he’d been learning how to use a variety of pentesting tools, learning the methodology that goes into hacking via hack the box and a number of other similar sites.

One thing lead to another and I offered to create a hacking challenge for him, this blog post mostly covers my journey in setting up this challenge for him. While working on this I noticed how shockingly few people documented making these challenges, the goal of this post is to change that trend.

Planning the Challenge

Before you begin you must first consider what you’re aiming to challenge on, this will help limit the scope of the challenge and allow you to only setup the bare necessities for your challenge. If you’re aiming to test the challengers lateral movement capabilities, it’s useful to consider the topology of the challenge at this point, how many hosts and services do you want your challenger to move between? Or if you’re trying to test skills at creating new novel exploits, what does a successful compromisation of this application/service look like, do you need them to understand the application/service enough to reverse engineer a solution to compromise it?

Knowing your audience also really matters, you need to be sure that the concepts you’re challenging on are appropriate for your target audience. A difficult/fun challenge is one that that does a little bit of everything and really forces the challenger to demonstrate knowledge/skills at a number of hacking concepts. You can also hyper focus on 1 a very small number of concepts, this limits your problem space and can help yu craft a much tighter challenge, which is especially helpful when you are new to doing this.

Once you know what you’re trying to challenge with, it’s much easier to then try mapping this to the reality and to actually get this out of your head and into 0s and 1s in a computer.

When I was creating my challenge I was aiming to test the challengers ability to reverse engineer how an application works, and to then use this knowledge to create a novel exploit for the application which they must then utilise to compromise the host. From there they must then use this initial foothold to find the real target on the network and obtain a flag stored on it. With this in mind I knew I needed to create a web application that had a number of vulnerabilities in it, and that I needed to create a number of hosts on the network that the challenger would need to move between. To further narrow down my idea I came up with a story for the challenge, this helped me to visualise what I was aiming to create and to then start thinking about how I could implement this.

Creating the Story

The story for my challenge is as follows, the challenger is hacker who became disgruntled with a company after they forced his favourite internet cafe into a buy out, only to shut them down and spinning up a new internet cafe in the same location. The challenger decides to get revenge on the company by hacking into their network and revealing the companies shady dealings to the world. The challenger manages to obtain network access (via a weak password on their corporate wifi, the reception Access Point happens to have a signal strong enough to be accesed from one of their internet cafe branches next door) and must find the flag hidden on the network.

This story helps limit the scope of the challenge, as it forces me to realistic a corporate network and fill the network with the types of hosts and services you’d expect to find on a corporate network. And helps me when trying to pick what vulnerabilities would make sense in the environment.

Creating/Finding/Using Interesting Exploits

The next step was to find a number of interesting exploits that the challenger could use to compromise the web application. I decided search through exploit db to find ideas for exploits I could use for my desired platfrom exploit-db, I also searched online for a number of hack the box writeups to find ideas for exploits as well. The number of eager young pentesters with blogs who document their journey on hack the box and similar sites is plentiful, they make a great resource for finding interesting ideas for exploit. Even if you don’t use their exploits, they can be a great source of inspiration for your own exploits for your challenge.

Creating the Network

Creating the Web Application

Generating Dummy Data

Creating the network and the web application was the easy part, the hard part was creating the dummy data that the challenger would need to find the flag. I decided to create a number of different flags, some of these were hidden in files, some were hidden in databases, some were hidden in web applications, some were hidden in file shares, and some were hidden in just normal services. I also created a number of different flags that the challenger could use to move laterally through the network, some of these were flags for windows, some were flags for linux, some were flags for servers, some were flags for workstations, some were flags for domain controllers, and some were flags for just normal hosts.

Hiding the Flag

The Challange

You can find a write up for the challenge at blog.yemm.dev.

examples of internal software an it department might use

  • ticketing system
  • asset management system
  • network monitoring system
  • backup tool
Blogging, Hacking, Powershell, HackTheBox, Challanges
hacking guides
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Trending Tags
guides hacking

-

-

Trending Tags
guides hacking