AWD brief introduction and construction of AWD platform
What is AWD
In the competition, each team maintains multiple servers. There are multiple vulnerabilities in the servers. Using vulnerabilities to attack other teams can score points, and repairing vulnerabilities can avoid losing points by other teams.
1. Web servers are generally allocated, and there is a flag (usually in the root directory) somewhere in the server (mostly Linux)
2. A traffic analysis virtual machine may be provided, which can download traffic files for data analysis
3. The flag is refreshed every certain practice under the setting of the sponsor
4. Each team usually has its own initial score
5. Once the flag is taken away by other teams, the team will deduct certain points
6. The deducted points are divided equally by the team that obtains the flag
7. The organizer will check the service of each team. The flag score of this round will be deducted from the server downtime, and the deducted score will be divided equally by the team with normal service check
8. Generally, each team will give a user with low permission and non root permission
Description of AWD common competition rules
Attack with defense, in short, you are both a hacker and a manager.
Competition form: generally, an ssh corresponds to a web service, and then the flag is turned in five minutes. Each team generally has its own initial score. If the flag is taken, it will be taken away. The flag team will be divided equally. The organizer will check the service of each team, but deduct points. The deducted points will be divided equally by the team with normal service check.
Half of the games are mostly WEB games, which may involve intranet security. Most of the attacks and defenses are pre training contents.
preparation in advance
1. Clear division of labor
2. Script tool environment integrity
3. Vulnerability POC/EXP library integrity
4. Security defense WAF and batch script integrity
Required operation
1. Backup site files
2. Modify database default password
3. Modify all weak passwords on the login side of the web page
4. Check whether there is a back door account
5. Close unnecessary ports, such as remote login port
6. Use the command to match one sentence properties
7. Focus on whether a "special" process is running
8. With high permissions, you can set a firewall or prohibit others from modifying this directory
Build AWD platform
1. Replace source
Here, I use kali to build. Just change the source of kali to Alibaba cloud or Tsinghua. I won't introduce it here
Reference article: https://blog.csdn.net/lina_999/article/details/90635959?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522163437049816780265461094%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fall.%2522%257D&request_id=163437049816780265461094&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~all~first_rank_ecpm_v1~rank_v31_ecpm-1-90635959.pc_search_result_cache&utm_term=kali%E6%9B%B4%E6%8D%A2%E6%BA%90&spm=1018.2226.3001.4187
2. Install docker environment
kali has its own docker environment, so there is no need to install it
3. Download game items
git clone https://github.com/zhl2008/awd-platform
It may take more than an hour to finish here. The project is relatively large
4. Enter the project after downloading
cd awd-platform
5. Download Image File
sudo docker pull zhl2008/web_14.04
If the download here is too slow, you need to replace the docker source
6. Change mirror name
sudo docker tag zhl2008/web_14.04 web_14.04
Start the game
1. Enter awd project
cd awd-platform
2. Create team
python batch.py web_yunnan_simple 3
Three teams have been created here. The competition topic is web_yunnan_simple
3. Modify the check.py file (under AWD platform / check_server / directory) according to the competition questions, and find the check class
class check(): def __init__(self): print "checking host: "+host def index_check(self): res = http('get',host,port,'/','',headers) if 'Home' in res: return True if debug: print "[fail!] index_fail" return False def test_check(self): res = http('get',host,port,'/about.php?file=header.php','',headers) if 'About' in res: return True if debug: print "[fail!] test_fail" return False def test_check_2(self): headers['Cookie'] = '' data = 'key=1' res = http('get',host,port,'/services.php',data,headers) if 'Services' in res: return True if debug: print "[fail!] test_2_fail" return False
4. Modify the flag refresh time, which is also in the check.py file. The default is 120s, 2 minutes
5. After the team is created, you can start the game. Enter the command to start the game
python start.py ./ 3
6. Game topology
web site
team1:192.168.109.128:8801
team2:192.168.109.128:8802
team3:192.168.109.128:8803
ssh connection
team1:192.168.109.128:2201
team2:192.168.109.128:2202
team3:192.168.109.128:2203
The account and password of ssh connection are in pass.txt under the project
7. Visit a web site
Team1 web site
The web sites of other teams are the same as those of team1 team, but the ports are different
score
Run the modified check.py file and start the check server
Real time scores can be seen here
If you think this page is too ugly, you can change it yourself. I use the page made by the boss at night
Scoreboard source download
Link: https://pan.baidu.com/s/1xF9uZpKUZTZt_OOfpoOrOw Extraction code: qwer
Copy the scoreboard file to the flag under AWD platform_ Server folder. Pay attention to adjust the permissions of the file score.txt and result.txt to 777, so as to refresh the score.
The index.php file in the scoreboard needs to replace the IP with the IP of its own virtual machine
Simulated team1 attack team2 score
Visit team2 web site
Download found a code execution vulnerability
View files in the root directory
ls /
Find the flag and view the flag content
cat /flag
Submit a flag to add points to your team
The way to add points is to access an address and submit a flag in the form of get
http: / / host IP address: 8080 / flag_ File. PHP? Token = teamx & Flag = xxxx (x is the team number)
It can be seen that team1 added two points and team2 lost two points. However, if the attack is unsuccessful 30 minutes before the start of the game, the first 30 minutes are the preparation stage
end a contest
Enter project directory
sudo python stop_clean.py