-Tips
There is some strange network traffic eminating from a logging server used by services within the enterprise...probably worth a look.
-
Download the Capstone2017 ISO here
-
Untar and Add to Virtualbox (untested w/ VMware)
-
Ensure port forwarding is configured as follows
-
Tweak hardware settings if you would like to dedicate more horsepower to the box. The scenario runs fine on 512MB of Ram and a Single core.
-
Startup the box in VirtualBox, wait for a few then curl and get the private key to SSH into the box
curl localhost:2224- Copy the key portion including headers into a file called
capstone_idand thenchmod 0600 capstone_id. Finally you can ssh into the logging servervictim.
STOP Once you are here stop and shutdown the VM. Do not spend time prior to 26 June working on the Capstone. The key will persist between reboots.
A few Tips:
- The hosts you are operating on internal to this VM DO NOT save state. Reccomend prototyping work on another VM or host computer then transfering to the hosts. Scripting is heavily encouraged so you can easily get back to your past location if you crash a box.
- All tools you need to traverse the capstone are on the
victimbox, though there are some pretty common packages that might make it easier. - There isn't one way/order to solve it.
- Don't try to do forensics on the VM's bare drive. All source used to build scenario has been rm'd.
man netstat printing connection information
man lsof listing open files
man ps getting current processes
man who seeing who is logged on
man ls listing directory contects
man grep printing lines matching a pattern
man gdb debugging
man nc swiss army knife
man tcpdump dumps...tcp
man sshfs allows you to mount remote ssh as a filesystem