Computer Hacking Lab

I am an IT major, and I am currently in Windows 7 Administration. At the end of the semester (two weeks from now) we have a "fun" lab that is all about hacking.

Over the course of the semester, we have built Windows Server 2012 (I am using R2 Datacenter) Virtual Machines that function as a DHCP Server, DNS Server, and Web server. All of the students VM's are going to be connected on the same network (separate from the campus network of course, and without Internet access), and we are going to try and hack each other. The word "Hack" was left completely undefined, and my teacher has made it clear that short of destruction of hardware, anything goes.

We are allowed to bring our own hardware with us, as well as use our VM and the computer that contains it. I have two old Dell G755's I can bring, an older Asus laptop, and a Thinkpad laptop.

So I have some hardware, now I just need ideas and know-how. So my question is, what can I do with what I have that will be effective and relatively simple to learn? The definition of hacking is so vague, it really opens it up to anything. So go crazy, any ideas are welcome.

As a side note, I've used Ubuntu on my Thinkpad for more than a year, so I am decently familiar with Linux and the command line, so I think Kali Linux is definitely an option. I have been tossing around the idea of installing Kali on one or both of those desktops I mentioned.

So I'm open to anything, and I would love to wreak some (controlled and ethical-ish) havoc. Thanks in advance.

3 Likes

Can you get access to the domain controller VM? If you can reboot it into recovery mode you will likely be able to reset the domain admin password, after that you own the network :-)

EDIT: This is the kind of thing I mean, about a simple a hack there is, assuming you have physical access. http://vthoughtsofit.blogspot.co.uk/2013/03/reset-your-domain-administrator.html#.VkzRteLsvuh

Key logger, you can make them in multiple languages and create them on a USB key. The amount of data you can mine from a key logger is very useful. You could try a bit of social engineering and see where that gets you.

You could also try your hand at Kali Linux (Which you mentioned) and learn some the tools used there.
Wireshark.

Heck you could try logging in with the most commonly used passwords. Believe me or not but I gained access to someone else machine doing that during a class. If they walk away without locking the computer, all I can say is have fun.

It really depends on how well your fellow classmates care for their machines, that will make the task easy or difficult. All I can say is best of luck and let us know how it turns out.

So a few things:

Physical Access is a lose. Build a cage or something to allow someone plugging usb devices in etc. (rubbyducky)
You need a router to boundry yourself from the rest of the network.

Its so open its hard to think about everything both those two i would start there.

Also is the main focus to prevent them from hacking your systems or to hack someones system?

Just take everyones' hard drives. Physically take them. You then own them and all the data on them (unless someone was smart enough to encrypt them). Bring a sata-usb adapter and have at all that sweet data.

Everyone underestimates the power of physical intrusion...

2 Likes

Are there any sources you would suggest for more info about keyloggers? I am trying to learn more about how our lab computers work. Basically, any student can log in and use them. They just have to use their University assigned username and the password they set. So I thought that perhaps that means when you log in, you are sending the password hash across the network to be verified. Therefore, perhaps using something to grab the hashes and then using Cain and Abel or a linux equivalent to crack the passwords? I would do that over the next two weeks, and then use just a brute force attack or rainbow tables to crack them. You mentioned Wireshark, which is interesting because the lab computers have that installed already. Thoughts??

Haha this made me laugh. Not a bad idea. Does anyone know if password hashes are stored in the hard drive somewhere or in the storage on the motherboard? I don't have bios access without the admin password (which I'm trying to get). OH something I forgot to mention, is the lab computers are "frozen". Whenever the computer is turned off, anything that was written to the hard drive is deleted, and the computer is returned to its original state. So most people store there vm's on external hard drives or network storage.

well if any of them use mac osx 10.10.5 and below you can use root pipe to gain access to root on their machines. ;)

I feel like the odds of this are a bit poor. Plus there are only two Mac users in the class of 30 people, and they don't use their personal computers for labs.

Wow, that is one fun school you must go to. So ashame we still are stuck with windows 98 boxes....... yes... I said windows 98.......

Anyway, I would try to bruteforce the passwords, if they are your average computer user and not super tech-savvy it shouldn't take to long haha!

1 Like

Windows 98? For the VMs? There are a ton of vulnerabilities for the Windows 98 OS!

I made my own in VB 5 (A few years ago) and Python (Maybe a year or so ago) there are a ton of guides online how to create one and even email the typed text to you.

I would definitely go the Kali route. the new version that came out a couple months ago has all the tools you could ever need.

something fun you could do when you manage to gain access to some other's systems, enslave them and make a mini botnet, then ddos the other VMs.

Bring one machine with pfSense so you can hide your own hardware behind that, if you get hacked first there's a good chance someone can prevent you from exploiting your own target. Bring another machine with Kali to go on the offensive with, if you need any nifty hardware that can help you do some fun shit ... http://hakshop.myshopify.com/ Check out some silly stuff like the LAN Turtle.

You might be able to hook it on the network cable before anyone really notices that you did it, and then you have an SSH directly into the connection and everyone has to pass through your hardware.

Oh and use kneaded eraser to block off unused ports on your hardware to prevent physical access to them as well.

@justin417, the folks in this class are mainly IT majors, so they are at least a bit better than your average computer user. Any specifics about the brute force attack on the passwords, like favorite tools or methods?

@Raate, I think I will use your idea. So one desktop as a router with pfsense (hopefully I'll be able to temporarily borrow another network card from the lab), and one with Kali. In regards to the LAN Turtle, I unfortunately have approximately $3 to my name right now, so buying stuff is off the table. School bills. :D

@nathanwithers, any specific resources for the botnet idea? I rather like that idea...

I made a physical lab here with a couple rapsberry pi's. get 2-3 raspberry pi hook them up to your router and set them with different roles and then try to attack them with that Kali linux you are running in your VM or right on bare metal if you have an extra drive (I don't partition drives).

building on this, kali linux has made a distro for raspberry pis.

1 Like

I have yet to try that, mainly because I prefer to use pi's as the nodes I am trying to attack not as a penbox or something of that effect.

If anything goes, look into getting a copy of Kon-boot, if you have direct hardware access, you can bypassed user login with it.

At least a spare NIC is cheap - I have not messed with this topic in a long time due to my current job for a software company. It is frowned upon if I try to access stuff that I'm not supposed to (and logged, and checked, and HR gets involved etc). It is awesome to have the opportunity to gain this experience 'legally' and it sounds like something very interesting.

Having that extra protection between you and the other participants will be a good thing for sure :)

Please post back on how it goes, it sounds great :)