AWD brief introduction and construction of AWD platform

AWD brief introduction and construction of AWD platform

What is AWD

In the competition, each team maintains multiple servers. There are multiple vulnerabilities in the servers. Using vulnerabilities to attack other teams can score points, and repairing vulnerabilities can avoid losing points by other teams.

1. Web servers are generally allocated, and there is a flag (usually in the root directory) somewhere in the server (mostly Linux)
2. A traffic analysis virtual machine may be provided, which can download traffic files for data analysis
3. The flag is refreshed every certain practice under the setting of the sponsor
4. Each team usually has its own initial score
5. Once the flag is taken away by other teams, the team will deduct certain points
6. The deducted points are divided equally by the team that obtains the flag
7. The organizer will check the service of each team. The flag score of this round will be deducted from the server downtime, and the deducted score will be divided equally by the team with normal service check
8. Generally, each team will give a user with low permission and non root permission

Description of AWD common competition rules

Attack with defense, in short, you are both a hacker and a manager.
Competition form: generally, an ssh corresponds to a web service, and then the flag is turned in five minutes. Each team generally has its own initial score. If the flag is taken, it will be taken away. The flag team will be divided equally. The organizer will check the service of each team, but deduct points. The deducted points will be divided equally by the team with normal service check.
Half of the games are mostly WEB games, which may involve intranet security. Most of the attacks and defenses are pre training contents.

preparation in advance

1. Clear division of labor
2. Script tool environment integrity
3. Vulnerability POC/EXP library integrity
4. Security defense WAF and batch script integrity

Required operation

1. Backup site files
2. Modify database default password
3. Modify all weak passwords on the login side of the web page
4. Check whether there is a back door account
5. Close unnecessary ports, such as remote login port
6. Use the command to match one sentence properties
7. Focus on whether a "special" process is running
8. With high permissions, you can set a firewall or prohibit others from modifying this directory

Build AWD platform

1. Replace source
Here, I use kali to build. Just change the source of kali to Alibaba cloud or Tsinghua. I won't introduce it here

Reference article: https://blog.csdn.net/lina_999/article/details/90635959?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522163437049816780265461094%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fall.%2522%257D&request_id=163437049816780265461094&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~all~first_rank_ecpm_v1~rank_v31_ecpm-1-90635959.pc_search_result_cache&utm_term=kali%E6%9B%B4%E6%8D%A2%E6%BA%90&spm=1018.2226.3001.4187

2. Install docker environment
kali has its own docker environment, so there is no need to install it
3. Download game items

git clone https://github.com/zhl2008/awd-platform


It may take more than an hour to finish here. The project is relatively large
4. Enter the project after downloading

cd awd-platform


5. Download Image File

sudo docker pull zhl2008/web_14.04


If the download here is too slow, you need to replace the docker source
6. Change mirror name

sudo docker tag zhl2008/web_14.04 web_14.04

Start the game

1. Enter awd project

cd awd-platform

2. Create team

python batch.py web_yunnan_simple 3


Three teams have been created here. The competition topic is web_yunnan_simple
3. Modify the check.py file (under AWD platform / check_server / directory) according to the competition questions, and find the check class

class check():
    def __init__(self):
        print "checking host: "+host

    def index_check(self):
        res = http('get',host,port,'/','',headers)
        if 'Home' in res:
            return True
        if debug:
            print "[fail!] index_fail"
        return False


    def test_check(self):
        res = http('get',host,port,'/about.php?file=header.php','',headers)
        if 'About' in res:
            return True
        if debug:
            print "[fail!] test_fail"
        return False


    def test_check_2(self):
        headers['Cookie'] = ''
        data = 'key=1'
        res = http('get',host,port,'/services.php',data,headers)
        if 'Services' in res:
            return True
        if debug:
            print "[fail!] test_2_fail"
        return False

4. Modify the flag refresh time, which is also in the check.py file. The default is 120s, 2 minutes

5. After the team is created, you can start the game. Enter the command to start the game

python start.py ./ 3


6. Game topology

web site
team1:192.168.109.128:8801
team2:192.168.109.128:8802
team3:192.168.109.128:8803
ssh connection
team1:192.168.109.128:2201
team2:192.168.109.128:2202
team3:192.168.109.128:2203
The account and password of ssh connection are in pass.txt under the project

7. Visit a web site
Team1 web site

The web sites of other teams are the same as those of team1 team, but the ports are different

score

Run the modified check.py file and start the check server

Real time scores can be seen here

If you think this page is too ugly, you can change it yourself. I use the page made by the boss at night

Scoreboard source download

Link: https://pan.baidu.com/s/1xF9uZpKUZTZt_OOfpoOrOw 
Extraction code: qwer

Copy the scoreboard file to the flag under AWD platform_ Server folder. Pay attention to adjust the permissions of the file score.txt and result.txt to 777, so as to refresh the score.
The index.php file in the scoreboard needs to replace the IP with the IP of its own virtual machine

Simulated team1 attack team2 score
Visit team2 web site

Download found a code execution vulnerability
View files in the root directory

ls /


Find the flag and view the flag content

cat /flag


Submit a flag to add points to your team
The way to add points is to access an address and submit a flag in the form of get
http: / / host IP address: 8080 / flag_ File. PHP? Token = teamx & Flag = xxxx (x is the team number)


It can be seen that team1 added two points and team2 lost two points. However, if the attack is unsuccessful 30 minutes before the start of the game, the first 30 minutes are the preparation stage

end a contest

Enter project directory

sudo python stop_clean.py

Posted by damiantaylor on Sat, 16 Oct 2021 00:45:51 -0700