dunkirk.sh / ncae-tools
this repo has no description
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

chore: init

Kieran Klukas eb889560

+1719
+172
00-mini-hack-overview.md
··· 1 + # Mini-Hack Quick Start Guide 2 + 3 + ## Network Topology 4 + 5 + ``` 6 + External Network (172.20.0.0/16) 7 + ├── Kali External: 172.20.2 8 + ├── Router External: 172.20.<team>.1 9 + └── Scoring Server: 172.20.1 10 + 11 + Internal Network (192.168.<team>.0/24) 12 + ├── Router Internal: 192.168.<team>.1 13 + ├── Ubuntu Web Server: 192.168.<team>.2 14 + └── Kali Internal: 192.168.<team>.100 15 + ``` 16 + 17 + **Your team number** is randomly assigned on each deployment (e.g., 213, 195, etc.) 18 + 19 + ## Objectives (Turn Lights Green) 20 + 21 + 1. ✅ Router online - responds to ping on external IP 22 + 2. ✅ Web server accessible - HTTP traffic routes through router to internal server 23 + 3. ✅ Service running - Apache returns content from internal web server 24 + 25 + ## Step-by-Step Checklist 26 + 27 + ### 1. Find Your Team Number 28 + 29 + **On Kali External**: 30 + ```bash 31 + ip addr show # Look for 172.20.X 32 + # If you see 172.20.2, your team number is 2 33 + # Check scoreboard at http://172.20.1 for confirmation 34 + ``` 35 + 36 + ### 2. Configure Router 37 + 38 + **Login to MikroTik** (via ProxMox console or SSH): 39 + ```bash 40 + # Default login 41 + admin 42 + <press Enter for blank password> 43 + 44 + # Set a password when prompted 45 + <choose password> 46 + ``` 47 + 48 + **Assign IP addresses**: 49 + ```bash 50 + # External interface 51 + /ip address add address=172.20.<team>.1/16 interface=ether3 52 + 53 + # Internal interface 54 + /ip address add address=192.168.<team>.1/24 interface=ether4 55 + 56 + # Verify 57 + /ip address print 58 + ``` 59 + 60 + **Or use Web GUI**: `http://172.20.<team>.1:8080` 61 + - Login: `admin` / `<your password>` 62 + - Go to **Quick Set** 63 + - Enter external IP: `172.20.<team>.1/16` 64 + - Enter internal IP: `192.168.<team>.1/24` 65 + - ✅ **Check "Enable NAT"** (required!) 66 + - Click **Apply Configuration** 67 + 68 + ### 3. Configure Ubuntu Web Server 69 + 70 + **Assign static IP**: 71 + ```bash 72 + sudo nano /etc/netplan/01-network-manager-all.yaml 73 + ``` 74 + 75 + ```yaml 76 + network: 77 + version: 2 78 + ethernets: 79 + ens18: 80 + addresses: 81 + - 192.168.<team>.2/24 82 + routes: 83 + - to: default 84 + via: 192.168.<team>.1 85 + ``` 86 + 87 + ```bash 88 + sudo netplan apply 89 + ip addr show # Verify IP 90 + ping 192.168.<team>.1 # Test router connectivity 91 + ``` 92 + 93 + **Start Apache**: 94 + ```bash 95 + sudo systemctl restart apache2 96 + sudo systemctl status apache2 # Should show "active (running)" 97 + ``` 98 + 99 + **Test locally**: 100 + ```bash 101 + curl http://192.168.<team>.2 # Should return HTML 102 + ``` 103 + 104 + ### 4. Configure Port Forwarding (Router) 105 + 106 + **Web GUI Method** (recommended): 107 + ``` 108 + http://172.20.<team>.1:8080 109 + ``` 110 + 111 + 1. Go to **Quick Set** → **Port Mapping** 112 + 2. Click **New** 113 + - Name: `www-tcp` 114 + - Protocol: `TCP` 115 + - Port: `80` 116 + - Forward To: `192.168.<team>.2` 117 + - Port: `80` 118 + 3. Click **OK** 119 + 4. Repeat for UDP: 120 + - Name: `www-udp` 121 + - Protocol: `UDP` 122 + - Port: `80` 123 + - Forward To: `192.168.<team>.2` 124 + - Port: `80` 125 + 126 + ### 5. Test From External Network 127 + 128 + **On Kali External**: 129 + ```bash 130 + ping 172.20.<team>.1 # Router should respond 131 + curl http://172.20.<team>.1 # Should show web content from internal server 132 + ``` 133 + 134 + **Check scoreboard**: `http://172.20.1` 135 + 136 + All lights should be green! 137 + 138 + ## Quick Troubleshooting 139 + 140 + | Problem | Check | 141 + |---------|-------| 142 + | Router not pingable | Verify IP on ether3: `/ip address print` | 143 + | Web not accessible | 1. Is Apache running? 2. Did you enable NAT? 3. Port forwarding rules exist? | 144 + | Internal server can't reach router | Check internal IP on ether4, verify gateway in netplan | 145 + | Lights still red | Wait 30 seconds for scoring refresh, check exact IPs match topology | 146 + 147 + ## Configuration Files Reference 148 + 149 + **Router**: Web GUI at `http://172.20.<team>.1:8080` or CLI via console 150 + 151 + **Ubuntu Web Server**: 152 + - Network: `/etc/netplan/01-network-manager-all.yaml` 153 + - Apache: `sudo systemctl restart apache2` 154 + - Website content: `/var/www/html/` 155 + 156 + **Kali Machines**: For testing only, no configuration needed 157 + 158 + ## Common Mistakes 159 + 160 + ❌ Forgot to enable NAT on router 161 + ❌ Port forwarding only has TCP rule (need UDP too) 162 + ❌ Wrong team number in IP addresses 163 + ❌ Apache not started on Ubuntu 164 + ❌ Netplan syntax error (YAML is whitespace-sensitive) 165 + ❌ Router interface names wrong (check with `interface print`) 166 + 167 + ## Time-Saving Tips 168 + 169 + 1. Use **web GUI for router** - faster than CLI for NAT/port forwarding 170 + 2. Copy/paste team number once you know it - avoid typos 171 + 3. Test each step before moving on (ping, curl, status checks) 172 + 4. If stuck, verify each light's requirement on scoreboard
+59
01-services-overview.md
··· 1 + # Linux Services - General Approach 2 + 3 + ## Service Configuration Checklist 4 + 5 + When encountering any new service: 6 + 7 + 1. **Understand what it does** - Don't rush into clicking buttons. Read documentation first. Even 5 minutes of research saves time later. 8 + 9 + 2. **Locate configuration files** - Services usually have config files in `/etc`. Files can be singular or multiple across different locations (main config + user-specific). 10 + 11 + 3. **Backup before changes** - Always copy config files before modifying: 12 + ```bash 13 + sudo cp /etc/service/config /etc/service/config.bak 14 + ``` 15 + 16 + 4. **Restart after changes** - Most services require restart for changes to take effect: 17 + ```bash 18 + sudo systemctl restart <service-name> 19 + ``` 20 + Don't restart the entire computer - restart just the service. 21 + 22 + 5. **Check service status** - Verify if service is running: 23 + ```bash 24 + systemctl status <service-name> 25 + ``` 26 + 27 + 6. **Dependencies matter** - Some services rely on others. Changing one may require restarting dependent services. 28 + 29 + ## Service Management Commands 30 + 31 + Check service status (no sudo needed): 32 + ```bash 33 + systemctl status <service-name> 34 + ``` 35 + 36 + Start a service: 37 + ```bash 38 + sudo systemctl start <service-name> 39 + ``` 40 + 41 + Stop a service: 42 + ```bash 43 + sudo systemctl stop <service-name> 44 + ``` 45 + 46 + Restart a service: 47 + ```bash 48 + sudo systemctl restart <service-name> 49 + ``` 50 + 51 + Enable service to start on boot: 52 + ```bash 53 + sudo systemctl enable <service-name> 54 + ``` 55 + 56 + Check if service is enabled: 57 + ```bash 58 + systemctl is-enabled <service-name> 59 + ```
+78
02-apache-web-service.md
··· 1 + # Apache Web Service 2 + 3 + ## Service Name 4 + - `apache2` (Ubuntu/Debian) 5 + - `httpd` (CentOS/RHEL) 6 + 7 + ## Check Service Status 8 + ```bash 9 + systemctl status apache2 # Ubuntu 10 + systemctl status httpd # CentOS 11 + ``` 12 + 13 + ## Configuration Locations 14 + 15 + Main config: `/etc/apache2/` (Ubuntu) or `/etc/httpd/` (CentOS) 16 + 17 + Key files: 18 + - `/etc/apache2/apache2.conf` - Main configuration 19 + - `/etc/apache2/sites-available/` - Available site configs 20 + - `/etc/apache2/sites-enabled/` - Active site configs (usually symlinks) 21 + 22 + ## Default Site Configuration 23 + 24 + File: `/etc/apache2/sites-available/000-default.conf` 25 + 26 + Key directives: 27 + ```apache 28 + <VirtualHost *:80> 29 + DocumentRoot /var/www/html 30 + # ... other settings 31 + </VirtualHost> 32 + ``` 33 + 34 + - **Listen port**: Default is `*:80` (any IP, port 80) 35 + - **DocumentRoot**: `/var/www/html` - where website files live 36 + 37 + ## Website File Location 38 + 39 + Website files go in: `/var/www/html` 40 + 41 + Default file: `index.html` (or `index.php`) 42 + 43 + The web server automatically serves `index.html` when you visit the root URL. 44 + 45 + ## Start/Restart Service 46 + 47 + ```bash 48 + sudo systemctl start apache2 49 + sudo systemctl restart apache2 50 + ``` 51 + 52 + ## Creating Website Content 53 + 54 + Make directories: 55 + ```bash 56 + sudo mkdir /var/www/html/newfolder 57 + ``` 58 + 59 + Create files: 60 + ```bash 61 + sudo touch /var/www/html/newfile.html 62 + ``` 63 + 64 + **Permission Requirements**: Web server needs read permissions to serve files. 65 + 66 + ## Security Considerations 67 + 68 + - Don't put sensitive files (like `/etc/shadow`) in `/var/www/html` 69 + - Check permissions - files need to be readable by web server 70 + - Backup config files before making changes 71 + - The website displays actual files from the server's filesystem 72 + 73 + ## Common Issues 74 + 75 + 1. **Service not starting**: Check config file syntax 76 + 2. **Can't access website**: Verify service is running, check IP/port 77 + 3. **404 errors**: Check DocumentRoot path and file permissions 78 + 4. **Permission denied**: Files need world-readable permissions for web server access
+164
03-ssh-service.md
··· 1 + # SSH Service 2 + 3 + ## Service Name 4 + - `ssh` or `sshd` (works on most distributions) 5 + 6 + ## Check Service Status 7 + ```bash 8 + systemctl status ssh 9 + systemctl status sshd # Also works 10 + ``` 11 + 12 + ## Configuration Location 13 + 14 + Main directory: `/etc/ssh/` 15 + 16 + Key files: 17 + - `/etc/ssh/sshd_config` - Server configuration (most important) 18 + - `/etc/ssh/ssh_config` - Client configuration 19 + - `/etc/ssh/ssh_host_*_key` - Server private keys (multiple algorithms) 20 + - `/etc/ssh/ssh_host_*_key.pub` - Server public keys 21 + 22 + ## Important sshd_config Options 23 + 24 + ```bash 25 + Port 22 # Default SSH port 26 + ListenAddress 0.0.0.0 # Listen on all IPs (or specify one) 27 + PermitRootLogin prohibit-password # Or "yes" or "no" 28 + ``` 29 + 30 + ### Port 31 + Default is 22. Can change to non-standard port for security. 32 + 33 + ### ListenAddress 34 + - `0.0.0.0` = listen on all IP addresses 35 + - Or specify a single IP to restrict access 36 + 37 + ### PermitRootLogin 38 + - `no` - root cannot SSH in at all 39 + - `yes` - root can SSH in with password 40 + - `prohibit-password` - root must use key authentication 41 + 42 + ## Connecting to SSH Server 43 + 44 + Basic syntax: 45 + ```bash 46 + ssh username@ip_address 47 + ssh username@hostname.com 48 + ``` 49 + 50 + Example: 51 + ```bash 52 + ssh sandbox@192.168.1.100 53 + ``` 54 + 55 + First connection prompts to accept server's fingerprint (say yes). 56 + 57 + ## Host Keys (Server-Side) 58 + 59 + SSH server has multiple key pairs in `/etc/ssh/`: 60 + - RSA keys: `ssh_host_rsa_key` and `ssh_host_rsa_key.pub` 61 + - ECDSA keys: `ssh_host_ecdsa_key` and `ssh_host_ecdsa_key.pub` 62 + - ED25519 keys: `ssh_host_ed25519_key` and `ssh_host_ed25519_key.pub` 63 + 64 + These are **asymmetric key pairs**: 65 + - Private key stays on server (read-only to root) 66 + - Public key shared with clients 67 + - Data encrypted with one key only decrypts with the other 68 + 69 + ## Regenerating Host Keys 70 + 71 + If keys are compromised (or cloned VMs have identical keys): 72 + 73 + ```bash 74 + sudo ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key 75 + ``` 76 + 77 + Options: 78 + - `-t ecdsa` - key type (also: rsa, ed25519) 79 + - `-f /path/to/key` - where to save 80 + - Will prompt to overwrite existing key 81 + - Can add passphrase or leave blank 82 + 83 + ## Client-Side Known Hosts 84 + 85 + Location: `~/.ssh/known_hosts` 86 + 87 + Contains public keys of servers you've connected to before. 88 + 89 + If server key changes, you'll get a warning. To fix: 90 + ```bash 91 + # Remove old entry for that IP 92 + ssh-keygen -R 192.168.1.100 93 + 94 + # Or delete the entire file and re-accept connections 95 + rm ~/.ssh/known_hosts 96 + ``` 97 + 98 + ## Passwordless Authentication 99 + 100 + Allows login without password using key pairs. 101 + 102 + **Setup process:** 103 + 104 + 1. Generate key pair on client (or server acting as admin): 105 + ```bash 106 + ssh-keygen -t ecdsa -f ~/id_bob_key 107 + ``` 108 + 109 + 2. Create `.ssh` directory for user: 110 + ```bash 111 + sudo mkdir /home/bob/.ssh 112 + sudo chmod 700 /home/bob/.ssh 113 + sudo chown bob:bob /home/bob/.ssh 114 + ``` 115 + 116 + 3. Copy public key to authorized_keys: 117 + ```bash 118 + sudo cp id_bob_key.pub /home/bob/.ssh/authorized_keys 119 + sudo chmod 644 /home/bob/.ssh/authorized_keys 120 + sudo chown bob:bob /home/bob/.ssh/authorized_keys 121 + ``` 122 + 123 + 4. Transfer private key to client using SCP: 124 + ```bash 125 + scp sandbox@192.168.1.100:/path/to/id_bob_key . 126 + ``` 127 + 128 + 5. Connect using the key: 129 + ```bash 130 + ssh -i id_bob_key bob@192.168.1.100 131 + ``` 132 + 133 + **Critical permissions:** 134 + - `.ssh/` directory: `700` (drwx------) 135 + - `authorized_keys` file: `644` (-rw-r--r--) 136 + - Private keys: `600` (-rw-------) 137 + - Public keys: `644` (-rw-r--r--) 138 + 139 + ## SCP (Secure Copy) 140 + 141 + Copy files over SSH: 142 + 143 + ```bash 144 + # Copy from remote to local 145 + scp user@remote:/path/to/file . 146 + 147 + # Copy from local to remote 148 + scp localfile user@remote:/path/ 149 + 150 + # Use sudo on remote side 151 + sudo scp user@remote:/root/file . 152 + ``` 153 + 154 + ## Exit SSH Session 155 + 156 + ```bash 157 + exit 158 + ``` 159 + 160 + ## Restart After Config Changes 161 + 162 + ```bash 163 + sudo systemctl restart ssh 164 + ```
+137
04-network-configuration.md
··· 1 + # Network Configuration by Distribution 2 + 3 + ## Viewing Current Configuration 4 + 5 + Show IP addresses: 6 + ```bash 7 + ip a 8 + # or 9 + ip addr show 10 + ``` 11 + 12 + Show specific interface: 13 + ```bash 14 + ip a show eth0 15 + ``` 16 + 17 + ## Kali/Debian - /etc/network/interfaces 18 + 19 + **File**: `/etc/network/interfaces` 20 + 21 + Basic static configuration: 22 + ```bash 23 + auto eth0 24 + iface eth0 inet static 25 + address 172.20.118.100 26 + netmask 255.255.255.0 27 + gateway 172.20.118.1 28 + ``` 29 + 30 + **Key components:** 31 + - `auto eth0` - Bring up interface automatically on boot 32 + - `iface eth0 inet static` - Configure static IP (not DHCP) 33 + - `address` - IP address 34 + - `netmask` - Subnet mask 35 + - `gateway` - Default gateway (router) 36 + 37 + **Restart networking:** 38 + ```bash 39 + sudo systemctl restart networking 40 + # or 41 + sudo ifdown eth0 && sudo ifup eth0 42 + ``` 43 + 44 + ## CentOS/RHEL - ifcfg Files 45 + 46 + **Directory**: `/etc/sysconfig/network-scripts/` 47 + 48 + **Files**: One per interface (e.g., `ifcfg-eth0`, `ifcfg-eth1`) 49 + 50 + Example `ifcfg-eth0`: 51 + ```bash 52 + DEVICE=eth0 53 + BOOTPROTO=static 54 + ONBOOT=yes 55 + IPADDR=172.20.118.1 56 + NETMASK=255.255.255.0 57 + GATEWAY=172.20.118.254 58 + ``` 59 + 60 + **Key settings:** 61 + - `DEVICE` - Interface name 62 + - `BOOTPROTO` - `static` or `dhcp` 63 + - `ONBOOT` - `yes` to auto-start on boot 64 + - `IPADDR` - IP address 65 + - `NETMASK` - Subnet mask 66 + - `GATEWAY` - Default gateway 67 + 68 + **Restart networking:** 69 + ```bash 70 + sudo systemctl restart network 71 + # or per-interface: 72 + sudo ifdown eth0 && sudo ifup eth0 73 + ``` 74 + 75 + ## Ubuntu - Netplan (YAML) 76 + 77 + **Directory**: `/etc/netplan/` 78 + 79 + **File**: Usually `01-network-manager-all.yaml` (or similar `.yaml` file) 80 + 81 + **IMPORTANT**: YAML is whitespace-sensitive. Use 2-space indentation consistently. 82 + 83 + Example configuration: 84 + ```yaml 85 + network: 86 + version: 2 87 + renderer: NetworkManager 88 + ethernets: 89 + ens18: 90 + addresses: 91 + - 192.168.195.2/24 92 + gateway4: 192.168.195.1 93 + ``` 94 + 95 + **Key elements:** 96 + - `ethernets:` - Section for ethernet interfaces 97 + - `ens18:` - Interface name (not eth0 on modern Ubuntu) 98 + - `addresses:` - List of IPs (note the dash and `/24` CIDR notation) 99 + - `gateway4:` - Default gateway for IPv4 100 + 101 + **Apply changes:** 102 + ```bash 103 + sudo netplan apply 104 + ``` 105 + 106 + **Test configuration (doesn't persist):** 107 + ```bash 108 + sudo netplan try 109 + ``` 110 + 111 + **CIDR notation:** `/24` equals `255.255.255.0` 112 + 113 + ## Temporary IP Configuration 114 + 115 + Set IP temporarily (lost on reboot): 116 + ```bash 117 + sudo ip addr add 192.168.1.100/24 dev eth0 118 + ``` 119 + 120 + Flush (remove) all IPs from interface: 121 + ```bash 122 + sudo ip addr flush dev eth0 123 + ``` 124 + 125 + ## Common Network Issues 126 + 127 + 1. **Wrong interface name**: Check with `ip a` first 128 + 2. **Typo in config file**: Double-check spelling and syntax 129 + 3. **Forgotten gateway**: Can't reach beyond local network 130 + 4. **Netplan spacing**: YAML requires exact indentation 131 + 5. **Wrong subnet**: Devices must be on same subnet to communicate 132 + 133 + ## Interface Naming 134 + 135 + - **Old style**: `eth0`, `eth1`, `lo` (loopback) 136 + - **New style**: `ens18`, `enp0s3`, etc. (Ubuntu/modern systems) 137 + - Always check actual names with `ip a` before configuring
+210
05-dns-rsync-cron.md
··· 1 + # DNS, Rsync, and Cron Services 2 + 3 + ## DNS Service (BIND) 4 + 5 + ### Service Name 6 + - `named` (most distributions) 7 + 8 + ### Configuration Location 9 + - Ubuntu: `/etc/bind/` 10 + - CentOS: May be in different location 11 + 12 + ### Check Service 13 + ```bash 14 + systemctl status named 15 + ``` 16 + 17 + ### Basic Concept 18 + DNS translates domain names to IP addresses (forward lookup) and IP addresses to domain names (reverse lookup). 19 + 20 + **Forward lookup**: `example.com` → `192.168.1.100` 21 + **Reverse lookup**: `192.168.1.100` → `example.com` 22 + 23 + ### Key Files (Bind) 24 + - `named.conf` - Main configuration 25 + - Zone files - Define DNS records for domains 26 + 27 + **This is a complex service** - requires understanding of: 28 + - Zone files 29 + - DNS record types (A, PTR, CNAME, MX, etc.) 30 + - Forward vs reverse zones 31 + - DNS hierarchy 32 + 33 + --- 34 + 35 + ## Rsync - File Synchronization/Backup 36 + 37 + ### Basic Syntax 38 + ```bash 39 + rsync [options] source destination 40 + ``` 41 + 42 + ### Common Options 43 + ```bash 44 + -a # Archive mode (preserves permissions, timestamps, etc.) 45 + -v # Verbose (show what's being copied) 46 + -z # Compress during transfer 47 + -r # Recursive (copy directories) 48 + -h # Human-readable output 49 + --delete # Delete files in dest that don't exist in source 50 + ``` 51 + 52 + ### Local Backup Example 53 + ```bash 54 + rsync -av /home/user/stuff/ /home/user/backups/ 55 + ``` 56 + 57 + **Note the trailing slash** on source - affects behavior: 58 + - `/source/` - copy contents of source 59 + - `/source` - copy source directory itself 60 + 61 + ### Remote Backup via SSH 62 + ```bash 63 + rsync -avz /local/path/ user@remote:/remote/path/ 64 + ``` 65 + 66 + ### Consistency vs. Accumulation 67 + 68 + **Consistency** (mirror - deletes old files): 69 + ```bash 70 + rsync -av --delete /source/ /backup/ 71 + ``` 72 + 73 + **Accumulation** (keeps all files): 74 + ```bash 75 + rsync -av /source/ /backup/ 76 + ``` 77 + 78 + ### Check Installed 79 + ```bash 80 + rsync --version 81 + # or just run rsync to see options 82 + ``` 83 + 84 + --- 85 + 86 + ## Cron - Task Automation 87 + 88 + ### Service Name 89 + - `cron` (Ubuntu/Debian) 90 + - `crond` (CentOS/RHEL) 91 + 92 + ### Check Service 93 + ```bash 94 + systemctl status cron 95 + systemctl status crond # CentOS 96 + ``` 97 + 98 + ### Edit Crontab 99 + ```bash 100 + crontab -e # Edit current user's crontab 101 + ``` 102 + 103 + First time will ask which editor (nano recommended for beginners). 104 + 105 + ### Crontab Syntax 106 + 107 + Five time fields + command: 108 + ``` 109 + * * * * * command 110 + │ │ │ │ │ 111 + │ │ │ │ └─ Day of week (0-7, 0/7 = Sunday) 112 + │ │ │ └─── Month (1-12) 113 + │ │ └───── Day of month (1-31) 114 + │ └─────── Hour (0-23) 115 + └───────── Minute (0-59) 116 + ``` 117 + 118 + **Asterisk (*) means "every"** 119 + 120 + ### Examples 121 + 122 + Every minute: 123 + ```bash 124 + * * * * * /path/to/command 125 + ``` 126 + 127 + Every 5 minutes: 128 + ```bash 129 + */5 * * * * /path/to/command 130 + ``` 131 + 132 + Every day at 2:30 AM: 133 + ```bash 134 + 30 2 * * * /path/to/command 135 + ``` 136 + 137 + Every Monday at 5:00 PM: 138 + ```bash 139 + 0 17 * * 1 /path/to/command 140 + ``` 141 + 142 + First day of every month at midnight: 143 + ```bash 144 + 0 0 1 * * /path/to/command 145 + ``` 146 + 147 + ### Automated Backup Example 148 + 149 + Run rsync backup every night at 2 AM: 150 + ```bash 151 + 0 2 * * * rsync -av --delete /var/www/html/ /backups/website/ 152 + ``` 153 + 154 + ### Redirect Output 155 + 156 + Send output to file: 157 + ```bash 158 + * * * * * /path/to/command > /path/to/logfile.txt 159 + ``` 160 + 161 + Append to file: 162 + ```bash 163 + * * * * * /path/to/command >> /path/to/logfile.txt 164 + ``` 165 + 166 + Suppress output: 167 + ```bash 168 + * * * * * /path/to/command > /dev/null 2>&1 169 + ``` 170 + 171 + ### View Crontab 172 + ```bash 173 + crontab -l # List current user's crontab 174 + ``` 175 + 176 + ### Remove Crontab 177 + ```bash 178 + crontab -r # Remove current user's crontab 179 + ``` 180 + 181 + ### System-Wide Cron 182 + 183 + User-specific: Managed via `crontab -e` 184 + 185 + System-wide cron directories: 186 + - `/etc/cron.daily/` - Scripts run daily 187 + - `/etc/cron.hourly/` - Scripts run hourly 188 + - `/etc/cron.weekly/` - Scripts run weekly 189 + - `/etc/cron.monthly/` - Scripts run monthly 190 + 191 + Place executable scripts in these directories for automatic execution. 192 + 193 + ### Important Notes 194 + 195 + 1. Cron uses absolute paths - always specify full path to commands 196 + 2. Cron runs in minimal environment - may need to set PATH, etc. 197 + 3. Test commands manually first before adding to cron 198 + 4. Cron jobs run as the user who owns the crontab 199 + 5. `sudo crontab -e` edits root's crontab (for privileged tasks) 200 + 201 + ### Combining Rsync + Cron 202 + 203 + Automated nightly backups: 204 + ```bash 205 + # In crontab -e: 206 + 0 2 * * * rsync -avz /var/www/html/ /backups/website/ 207 + 0 3 * * * rsync -avz /etc/ /backups/configs/ 208 + ``` 209 + 210 + This creates automated, scheduled backups without manual intervention.
+183
06-ufw-firewall.md
··· 1 + # UFW Firewall Configuration 2 + 3 + ## Overview 4 + UFW (Uncomplicated Firewall) sits on top of iptables and provides a more user-friendly interface for managing firewall rules on Ubuntu systems. 5 + 6 + ## Distribution Differences 7 + 8 + | Distribution | Firewall Tool | 9 + |--------------|---------------| 10 + | Ubuntu | UFW (built-in) | 11 + | Kali | iptables (UFW not installed by default) | 12 + | CentOS/RHEL | firewall-cmd (firewalld) | 13 + 14 + ## Basic Commands 15 + 16 + ### Check Status 17 + ```bash 18 + sudo ufw status # Basic status 19 + sudo ufw status verbose # Detailed status with default policies 20 + sudo ufw status numbered # Show rule numbers 21 + ``` 22 + 23 + ### Enable/Disable 24 + ```bash 25 + sudo ufw enable # Turn on firewall (persists after reboot) 26 + sudo ufw disable # Turn off firewall 27 + ``` 28 + 29 + ## Default Policies 30 + When you enable UFW, default behavior is: 31 + - **Incoming**: DENY (block all incoming traffic by default) 32 + - **Outgoing**: ALLOW (allow all outgoing traffic) 33 + - **Routed**: DENY (no routing/forwarding) 34 + 35 + This means services won't be accessible until you explicitly allow them. 36 + 37 + ## Creating Rules 38 + 39 + ### Allow Rules - By Service Name 40 + ```bash 41 + sudo ufw allow ssh # Allow SSH (port 22, IPv4 and IPv6) 42 + sudo ufw allow http # Allow HTTP (port 80) 43 + sudo ufw allow https # Allow HTTPS (port 443) 44 + ``` 45 + 46 + ### Allow Rules - By Port 47 + ```bash 48 + sudo ufw allow 22/tcp # Allow TCP port 22 49 + sudo ufw allow 80/tcp # Allow TCP port 80 50 + sudo ufw allow 53/udp # Allow UDP port 53 (DNS) 51 + ``` 52 + 53 + ### Allow Rules - By IP Address 54 + ```bash 55 + sudo ufw allow from 192.168.1.100 # Allow all traffic from specific IP 56 + sudo ufw allow from 192.168.1.0/24 # Allow from entire subnet 57 + ``` 58 + 59 + ### Deny Rules 60 + ```bash 61 + sudo ufw deny from 192.168.195.0/24 # Block entire subnet 62 + sudo ufw deny 23/tcp # Block telnet 63 + ``` 64 + 65 + ## Rule Processing Order 66 + 67 + **Critical**: UFW processes rules in the order they were added. 68 + 69 + ```bash 70 + # Example 1 - This works (allow processed first) 71 + sudo ufw allow from 192.168.195.100 72 + sudo ufw deny from 192.168.195.0/24 73 + # Result: .100 is allowed, rest of subnet blocked 74 + 75 + # Example 2 - This doesn't work as intended (deny processed first) 76 + sudo ufw deny from 192.168.195.0/24 77 + sudo ufw allow from 192.168.195.100 78 + # Result: .100 is also blocked (caught by first deny rule) 79 + ``` 80 + 81 + ## Deleting Rules 82 + 83 + ### By Rule Number 84 + ```bash 85 + sudo ufw status numbered # See rule numbers 86 + sudo ufw delete 4 # Delete rule #4 87 + ``` 88 + 89 + **Warning**: After deleting a rule, all rules are renumbered. Delete one at a time and re-check numbers. 90 + 91 + ### By Specification 92 + ```bash 93 + sudo ufw delete allow ssh 94 + sudo ufw delete allow from 192.168.1.100 95 + ``` 96 + 97 + ## IPv6 Considerations 98 + 99 + Many UFW commands automatically create both IPv4 and IPv6 rules: 100 + 101 + ```bash 102 + sudo ufw allow ssh 103 + # Creates BOTH: 104 + # - Port 22 (IPv4) 105 + # - Port 22 (IPv6) 106 + ``` 107 + 108 + **Security Tip**: If you're not using IPv6, consider deleting those rules to reduce attack surface: 109 + ```bash 110 + sudo ufw status numbered 111 + sudo ufw delete 4 # Delete the IPv6 rule 112 + ``` 113 + 114 + ## Before/After Rules 115 + 116 + UFW has built-in rules that process **before** and **after** your user-defined rules. These are stored in: 117 + - `/etc/ufw/before.rules` - Processed before user rules 118 + - `/etc/ufw/after.rules` - Processed after user rules 119 + 120 + Example before-rules: 121 + - Allow DHCP client (so you can get an IP) 122 + - Allow established connections 123 + - Allow loopback traffic 124 + 125 + You can edit these files if needed, but typically user rules are sufficient. 126 + 127 + ## Common Service Configurations 128 + 129 + ### SSH Server 130 + ```bash 131 + sudo ufw allow ssh 132 + # or 133 + sudo ufw allow 22/tcp 134 + ``` 135 + 136 + ### Web Server (Apache/Nginx) 137 + ```bash 138 + sudo ufw allow http 139 + sudo ufw allow https 140 + # or 141 + sudo ufw allow 80/tcp 142 + sudo ufw allow 443/tcp 143 + ``` 144 + 145 + ### DNS Server 146 + ```bash 147 + sudo ufw allow 53/tcp 148 + sudo ufw allow 53/udp 149 + ``` 150 + 151 + ## Competition Tips 152 + 153 + 1. **Start by enabling it**: `sudo ufw enable` - even basic defaults improve security 154 + 2. **Allow services incrementally**: Only open ports for services you're actually running 155 + 3. **Check after each change**: `sudo ufw status verbose` 156 + 4. **Don't lock yourself out**: If configuring SSH remotely, make sure you allow SSH before enabling the firewall 157 + 5. **Monitor conflicts**: If a service stops working after enabling UFW, you likely forgot to allow its port 158 + 159 + ## Troubleshooting 160 + 161 + ### Service not accessible after enabling firewall 162 + ```bash 163 + sudo ufw status numbered # Check if port is allowed 164 + sudo ufw allow <port>/tcp # Add the missing rule 165 + ``` 166 + 167 + ### Locked out of SSH 168 + - If you have console access: `sudo ufw allow ssh` then `sudo ufw enable` 169 + - Always add SSH rule before enabling firewall on remote systems 170 + 171 + ### Rule not working as expected 172 + - Check rule order with `sudo ufw status numbered` 173 + - More specific rules should come before general deny rules 174 + - Remember: first match wins 175 + 176 + ## Integration with System Services 177 + 178 + UFW rules persist across reboots once enabled. The firewall starts automatically on boot if you've run `sudo ufw enable`. 179 + 180 + To disable automatic start: 181 + ```bash 182 + sudo ufw disable 183 + ```
+293
07-active-connection-defense.md
··· 1 + # Active Connection Defense 2 + 3 + ## Overview 4 + Monitoring and managing active network connections is critical during competitions. This guide covers tools for identifying who's connected to your system and how to terminate malicious connections. 5 + 6 + ## Core Monitoring Tools 7 + 8 + ### netstat - Network Statistics 9 + 10 + **Most useful form**: 11 + ```bash 12 + sudo netstat -tunap 13 + ``` 14 + 15 + **Breakdown**: 16 + - `-t` = TCP connections 17 + - `-u` = UDP connections 18 + - `-n` = Show numeric ports (22 instead of "ssh") 19 + - `-a` = Show listening and established connections 20 + - `-p` = Show process IDs (requires sudo) 21 + 22 + **Output columns**: 23 + ``` 24 + Proto Local Address Foreign Address State PID/Program 25 + tcp 192.168.195.100:22 192.168.195.2:51736 ESTABLISHED 265408/sshd 26 + ``` 27 + 28 + **Common filters**: 29 + ```bash 30 + netstat -tunap | grep ESTABLISHED # Only active connections 31 + netstat -tunap | grep :22 # Only SSH connections 32 + netstat -tunap | less # Scroll through output 33 + ``` 34 + 35 + ### ss - Socket Statistics 36 + 37 + Modern replacement for netstat. Similar syntax: 38 + 39 + ```bash 40 + ss # Basic output (lots of info) 41 + ss | grep ESTAB # Only established connections 42 + ss -tunap # Same flags as netstat 43 + ``` 44 + 45 + **Advantage**: ss is installed on more modern systems by default. 46 + 47 + ### w - Who is logged in 48 + 49 + ```bash 50 + w 51 + ``` 52 + 53 + **Shows**: 54 + - Username 55 + - From where (IP address or `:0` for local console) 56 + - Login time 57 + - What they're doing 58 + 59 + **Example output**: 60 + ``` 61 + USER FROM WHAT 62 + sandbox :0 -bash 63 + bob 192.168.195.2 -bash 64 + jenny 192.168.195.2 -bash 65 + ``` 66 + 67 + **Key indicator**: 68 + - `:0` = Local console (physically at the machine) 69 + - IP address = Remote connection (SSH, etc.) 70 + 71 + ## Finding Process Information 72 + 73 + ### top - Interactive Process Viewer 74 + 75 + ```bash 76 + top 77 + ``` 78 + 79 + - Shows CPU/memory usage 80 + - Lists running processes 81 + - Press `q` to quit 82 + 83 + ### htop - Enhanced Process Viewer 84 + 85 + ```bash 86 + htop # If installed (not always available) 87 + ``` 88 + 89 + More colorful and interactive than `top`. 90 + 91 + ### ps - Process Status 92 + 93 + ```bash 94 + ps aux # All processes, all users 95 + ps aux | grep ssh # Find SSH processes 96 + ``` 97 + 98 + ## Killing Connections 99 + 100 + ### Kill by Process ID (PID) 101 + 102 + 1. **Find the PID**: 103 + ```bash 104 + sudo netstat -tunap 105 + # Example output shows PID 265465 for jenny's SSH connection 106 + ``` 107 + 108 + 2. **Kill the process**: 109 + ```bash 110 + sudo kill 265465 111 + ``` 112 + 113 + **From the user's perspective**: Connection closes immediately 114 + ``` 115 + Connection to 192.168.195.100 closed by remote host. 116 + ``` 117 + 118 + ### Kill by Username (pkill) 119 + 120 + ```bash 121 + sudo pkill -kill -u jenny # Kill all processes for user jenny 122 + sudo pkill -kill -u bob # Kill all processes for user bob 123 + ``` 124 + 125 + **Warning**: This kills ALL processes for that user, including: 126 + - Active SSH sessions 127 + - Running programs 128 + - Background jobs 129 + 130 + ### Kill Signal Types 131 + 132 + ```bash 133 + sudo kill PID # SIGTERM (graceful shutdown, default) 134 + sudo kill -9 PID # SIGKILL (force kill immediately) 135 + sudo pkill -kill -u user # -kill = SIGKILL 136 + ``` 137 + 138 + ## Competition Workflow 139 + 140 + ### Active Defense Pattern 141 + 142 + 1. **Someone monitors connections**: 143 + ```bash 144 + # Run periodically or in a loop 145 + sudo netstat -tunap 146 + ``` 147 + 148 + 2. **Identify suspicious connections**: 149 + - Unknown IP addresses 150 + - Unexpected users logged in 151 + - Unusual ports 152 + 153 + 3. **Kill immediately**: 154 + ```bash 155 + sudo pkill -kill -u <suspicious_user> 156 + # or 157 + sudo kill <PID> 158 + ``` 159 + 160 + 4. **Someone else hardens the system**: 161 + - Change passwords 162 + - Disable accounts 163 + - Configure firewall 164 + - Close unnecessary services 165 + 166 + ### Example Monitoring Script 167 + 168 + ```bash 169 + #!/bin/bash 170 + # Quick connection checker 171 + while true; do 172 + clear 173 + echo "=== Active SSH Connections ===" 174 + sudo netstat -tunap | grep :22 | grep ESTABLISHED 175 + sleep 5 176 + done 177 + ``` 178 + 179 + ## Common Scenarios 180 + 181 + ### Scenario 1: Unknown SSH Connection 182 + 183 + ```bash 184 + # See who's connected 185 + w 186 + 187 + # Find their process ID 188 + sudo netstat -tunap | grep ESTABLISHED 189 + 190 + # Kill by PID 191 + sudo kill 265465 192 + ``` 193 + 194 + ### Scenario 2: Brute Force Attempts 195 + 196 + ```bash 197 + # See all connection attempts 198 + sudo netstat -tunap | grep :22 199 + 200 + # Check auth logs 201 + sudo tail -f /var/log/auth.log 202 + 203 + # Block the source IP with firewall 204 + sudo ufw deny from <attacker_ip> 205 + ``` 206 + 207 + ### Scenario 3: Multiple Sessions from Same User 208 + 209 + ```bash 210 + # Kill all sessions for a user 211 + sudo pkill -kill -u jenny 212 + 213 + # Disable the account 214 + sudo passwd -l jenny # Lock password 215 + sudo usermod -s /bin/false jenny # Disable shell 216 + ``` 217 + 218 + ## Warnings and Gotchas 219 + 220 + ### Don't Kill Yourself 221 + 222 + ```bash 223 + # BAD - if you're logged in as sandbox: 224 + sudo pkill -kill -u sandbox 225 + # This kills YOUR session too! 226 + ``` 227 + 228 + **Better approach**: Kill by specific PID if you're using the same username. 229 + 230 + ### Don't Kill Teammates 231 + 232 + - Check with team before killing connections 233 + - Look at FROM addresses to identify internal vs external 234 + - Local (`:0`) connections are usually teammates at the console 235 + 236 + ### Shared Accounts 237 + 238 + If red team is using the same account as you: 239 + - Kill by PID (specific to their connection) 240 + - Don't kill by username (you'll disconnect yourself) 241 + 242 + ## Process Information Fields 243 + 244 + **Understanding PID in netstat**: 245 + ```bash 246 + sudo netstat -tunap 247 + ``` 248 + 249 + Output: 250 + ``` 251 + PID/Program name 252 + 265408/sshd: sandbox 253 + 265465/sshd: jenny 254 + ``` 255 + 256 + - PID: Process ID (unique number) 257 + - Program: Which service (sshd, apache2, etc.) 258 + - User context: Which user owns the process 259 + 260 + ## Monitoring vs. Hardening 261 + 262 + **Active monitoring** (short-term): 263 + - Running netstat/ss repeatedly 264 + - Killing suspicious connections as they appear 265 + - Playing "whack-a-mole" 266 + 267 + **Hardening** (long-term): 268 + - Change passwords 269 + - Disable unused accounts 270 + - Configure firewall rules 271 + - Close unnecessary services 272 + - Update vulnerable software 273 + 274 + **Best practice**: Use monitoring to buy time while someone else hardens the system. You can't watch connections for 6 hours straight. 275 + 276 + ## Tool Availability 277 + 278 + | Tool | Typical Availability | 279 + |------|---------------------| 280 + | netstat | Most systems (may need `net-tools` package) | 281 + | ss | Modern systems (usually pre-installed) | 282 + | w | All Unix/Linux systems | 283 + | top | All Unix/Linux systems | 284 + | htop | Optional (install with apt/yum) | 285 + | ps | All Unix/Linux systems | 286 + 287 + **If netstat is missing**: 288 + ```bash 289 + sudo apt install net-tools # Debian/Ubuntu 290 + sudo yum install net-tools # CentOS/RHEL 291 + ``` 292 + 293 + Or just use `ss` instead.
+294
08-mikrotik-router.md
··· 1 + # MikroTik Router Configuration 2 + 3 + ## Overview 4 + Starting 2025, the NCAE competition replaced CentOS routers with MikroTik routers. MikroTik provides both a CLI and web GUI for configuration. 5 + 6 + ## Why MikroTik? 7 + - CentOS is end-of-life 8 + - MikroTik is a commercial router OS used in real networks 9 + - Provides both CLI and web interface 10 + - More intuitive than raw iptables 11 + 12 + ## Access Methods 13 + 14 + ### CLI Access (Console/Terminal) 15 + - Through ProxMox VNC console 16 + - Direct terminal access 17 + - No browser required 18 + 19 + ### Web GUI Access 20 + ``` 21 + http://<router-ip>:8080 22 + ``` 23 + 24 + **Example**: `http://172.20.213.1:8080` (from external side) 25 + 26 + **Port 8080** is the management interface, not the standard web port. 27 + 28 + ## Initial Login 29 + 30 + ### Default Credentials 31 + - **Username**: `admin` 32 + - **Password**: (blank - just press Enter) 33 + 34 + ### First Login 35 + 1. Login with blank password 36 + 2. System will prompt you to set a new password 37 + 3. **IMPORTANT**: Choose a strong password for competition 38 + - For testing/practice: can use something simple like `password` 39 + - For competition: red team will own you with weak passwords 40 + 41 + ### License Prompt 42 + - Will ask if you want to view license 43 + - Can say "no" unless interested 44 + 45 + ## Basic CLI Commands 46 + 47 + ### Check IP Addresses 48 + ```bash 49 + /ip address print 50 + ``` 51 + 52 + Shows all configured IP addresses on all interfaces. 53 + 54 + ### Check Interfaces (Hardware) 55 + ```bash 56 + interface print 57 + ``` 58 + 59 + Shows network adapters: 60 + - `ether3` = First interface (usually external) 61 + - `ether4` = Second interface (usually internal) 62 + - Names may vary depending on hardware/cloning 63 + 64 + ### Assign an IP Address 65 + ```bash 66 + /ip address add address=172.20.213.1/16 interface=ether3 67 + ``` 68 + 69 + **Breakdown**: 70 + - `address=` - IP and subnet mask in CIDR notation 71 + - `interface=` - Which network adapter (ether3, ether4, etc.) 72 + 73 + **Example for internal side**: 74 + ```bash 75 + /ip address add address=192.168.213.1/24 interface=ether4 76 + ``` 77 + 78 + ### Test Connectivity 79 + ```bash 80 + /ping 172.20.2 81 + /ping 192.168.213.2 82 + ``` 83 + 84 + **Keyboard shortcuts**: 85 + - Up/Down arrows = Command history 86 + - Ctrl+C = Stop ping 87 + 88 + ### Check Configuration 89 + Use the print command for any section: 90 + ```bash 91 + /ip address print 92 + /ip route print 93 + /ip firewall nat print 94 + ``` 95 + 96 + ## Web GUI Configuration 97 + 98 + ### Accessing the GUI 99 + 100 + From external network: 101 + ``` 102 + http://172.20.213.1:8080 103 + ``` 104 + 105 + Login: `admin` / `<your-password>` 106 + 107 + ### GUI Navigation 108 + 109 + **Top-right buttons**: 110 + - **Quick Set** - Main configuration page (most common tasks) 111 + - **Advanced** - Detailed/expert settings 112 + - **Terminal** - CLI access from web browser 113 + 114 + **Most tasks can be done from Quick Set.** 115 + 116 + ### Quick Set Configuration 117 + 118 + **Scrolling tips**: 119 + - Mouse wheel only works when cursor is in the CENTER of the page 120 + - If scrolling doesn't work, move mouse to the left side 121 + - Scroll bar appears in the middle column 122 + 123 + #### Internet/External Configuration 124 + 125 + **Gateway** (where traffic goes to reach internet): 126 + ``` 127 + 172.20.1.1 # Or whatever your competition topology specifies 128 + ``` 129 + 130 + **DNS Servers**: 131 + - Click the `+` button to add DNS servers 132 + - Add all DNS servers from your topology document 133 + 134 + #### LAN/Internal Configuration 135 + 136 + Should show your configured internal IP: 137 + ``` 138 + 192.168.213.1/24 139 + ``` 140 + 141 + #### Critical Checkboxes 142 + 143 + ✅ **Bridge LAN Ports** - Check this 144 + - Allows multiple LAN ports to work as one network 145 + 146 + ✅ **Enable NAT** - Check this 147 + - **Network Address Translation** 148 + - Allows internal 192.168.x.x addresses to route through external 172.20.x.x 149 + - **Required for routing to work** 150 + 151 + #### Apply Changes 152 + 153 + Click **Apply Configuration** button at bottom. 154 + 155 + Changes apply immediately - you'll see a "Saved" notification in the bottom-right. 156 + 157 + ### Port Forwarding (Port Mapping) 158 + 159 + **Purpose**: Route external traffic to internal servers 160 + 161 + **Example**: Route external HTTP requests to internal web server 162 + 163 + 1. Click **Port Mapping** (in Quick Set view) 164 + 165 + 2. Click **New** button 166 + 167 + 3. Configure the rule: 168 + 169 + **TCP Rule**: 170 + ``` 171 + Name: www-tcp 172 + Protocol: TCP 173 + Port: 80 174 + Forward To: 192.168.213.2 175 + Port: 80 176 + ``` 177 + 178 + **UDP Rule**: 179 + ``` 180 + Name: www-udp 181 + Protocol: UDP 182 + Port: 80 183 + Forward To: 192.168.213.2 184 + Port: 80 185 + ``` 186 + 187 + 4. Click **OK** to save each rule 188 + 189 + ### Testing Port Forwarding 190 + 191 + From external machine: 192 + ``` 193 + http://172.20.213.1 194 + ``` 195 + 196 + Should display website hosted on 192.168.213.2 (internal server). 197 + 198 + ## Mini-Hack Context 199 + 200 + ### External Network 201 + ``` 202 + Network: 172.20.0.0/16 203 + Router IP: 172.20.213.1 (example team 213) 204 + Kali External: 172.20.2 205 + ``` 206 + 207 + ### Internal Network 208 + ``` 209 + Network: 192.168.213.0/24 (team number in 3rd octet) 210 + Router IP: 192.168.213.1 211 + Web Server: 192.168.213.2 212 + Kali Internal: 192.168.213.100 213 + ``` 214 + 215 + ### Required Configuration 216 + 217 + 1. **Assign external IP**: `172.20.<team>.1/16` to ether3 218 + 2. **Assign internal IP**: `192.168.<team>.1/24` to ether4 219 + 3. **Enable NAT** in Quick Set 220 + 4. **Port forward 80** (TCP & UDP) to internal web server at `.2` 221 + 222 + ## Common Issues 223 + 224 + ### Can't access web GUI 225 + - Verify router IP is correct 226 + - Must use port 8080: `http://<ip>:8080` 227 + - Check you're on the same network as router 228 + 229 + ### Port forwarding not working 230 + - Did you enable NAT? (checkbox in Quick Set) 231 + - Did you create BOTH TCP and UDP rules? 232 + - Verify internal server is actually running the service 233 + - Check internal server IP is correct 234 + 235 + ### Changes not saving 236 + - Look for "Saved" notification bottom-right 237 + - If using Quick Set, click "Apply Configuration" 238 + - Changes are immediate (no reboot needed) 239 + 240 + ## CLI vs Web GUI 241 + 242 + **Use CLI for**: 243 + - Quick IP configuration 244 + - Checking current status 245 + - When GUI is not accessible 246 + 247 + **Use Web GUI for**: 248 + - Port forwarding / NAT rules 249 + - Complex firewall rules 250 + - Overview of configuration 251 + - When you want visual confirmation 252 + 253 + Both methods work and changes sync between them. 254 + 255 + ## Advanced Topics (Beyond Basics) 256 + 257 + **Firewall Rules** - More complex than just port forwarding 258 + - Can create allow/deny rules 259 + - Similar concept to UFW but different syntax 260 + 261 + **DHCP Server** - Assign IPs to internal network automatically 262 + - Not needed for mini-hack (static IPs used) 263 + 264 + **Routing Tables** - Custom routes 265 + - Can add static routes for complex topologies 266 + 267 + **VLANs** - Virtual network segmentation 268 + - Competition may use in advanced scenarios 269 + 270 + These are covered in MikroTik documentation but not required for basic mini-hack completion. 271 + 272 + ## Competition Day Checklist 273 + 274 + 1. ✅ Login and set a **strong** password 275 + 2. ✅ Assign external IP address to ether3 276 + 3. ✅ Assign internal IP address to ether4 277 + 4. ✅ Configure gateway (from topology doc) 278 + 5. ✅ Add DNS servers (from topology doc) 279 + 6. ✅ Enable NAT checkbox 280 + 7. ✅ Create port forwarding rules for required services 281 + 8. ✅ Test connectivity from external network 282 + 283 + ## Resources 284 + 285 + **Official Documentation**: 286 + - [MikroTik Wiki](https://wiki.mikrotik.com/) 287 + - [Getting Started Guide](https://wiki.mikrotik.com/wiki/Manual:First_time_startup) 288 + 289 + **Search Tips**: 290 + - "mikrotik quick set" 291 + - "mikrotik port forwarding" 292 + - "mikrotik NAT configuration" 293 + 294 + Most common tasks are well-documented with examples.
+129
README.md
··· 1 + # Linux Service Configuration Writeups 2 + 3 + Quick reference guides for configuring services in Linux competitions. Assumes basic Linux knowledge (filesystem navigation, systemctl, ssh, etc.). 4 + 5 + ## Writeups 6 + 7 + 0. **[Mini-Hack Quick Start](00-mini-hack-overview.md)** - Complete mini-hack walkthrough checklist 8 + 1. **[Services Overview](01-services-overview.md)** - General approach to any service 9 + 2. **[Apache Web Service](02-apache-web-service.md)** - HTTP/HTTPS server configuration 10 + 3. **[SSH Service](03-ssh-service.md)** - Remote access, keys, security 11 + 4. **[Network Configuration](04-network-configuration.md)** - Static IPs across different distros 12 + 5. **[DNS, Rsync, Cron](05-dns-rsync-cron.md)** - Name resolution and automated backups 13 + 6. **[UFW Firewall](06-ufw-firewall.md)** - Ubuntu firewall configuration 14 + 7. **[Active Connection Defense](07-active-connection-defense.md)** - Monitor and kill malicious connections 15 + 8. **[MikroTik Router](08-mikrotik-router.md)** - Router configuration (2025 competition) 16 + 17 + ## Service-Specific Quick Reference 18 + 19 + ### Apache Service Names 20 + ```bash 21 + apache2 # Ubuntu/Debian/Kali 22 + httpd # CentOS/RHEL 23 + ``` 24 + 25 + ### Network Configuration Files 26 + 27 + | Distribution | Config Location | 28 + |--------------|----------------| 29 + | Kali/Debian | `/etc/network/interfaces` | 30 + | Ubuntu | `/etc/netplan/*.yaml` | 31 + | CentOS/RHEL | `/etc/sysconfig/network-scripts/ifcfg-*` | 32 + 33 + ### SSH Key Permissions 34 + ```bash 35 + chmod 700 ~/.ssh/ 36 + chmod 600 ~/.ssh/id_rsa # Private key 37 + chmod 644 ~/.ssh/id_rsa.pub # Public key 38 + chmod 644 ~/.ssh/authorized_keys 39 + ``` 40 + 41 + Regenerate host keys on cloned VMs: 42 + ```bash 43 + sudo ssh-keygen -A 44 + sudo systemctl restart sshd 45 + ``` 46 + 47 + ### UFW Firewall 48 + ```bash 49 + sudo ufw enable 50 + sudo ufw allow ssh 51 + sudo ufw allow http 52 + sudo ufw allow from 192.168.1.100 # Specific IP 53 + sudo ufw deny from 192.168.1.0/24 # Entire subnet 54 + sudo ufw status numbered # See rule numbers 55 + sudo ufw delete 4 # Delete rule by number 56 + ``` 57 + 58 + ### Active Connection Monitoring 59 + ```bash 60 + sudo netstat -tunap # All connections with PIDs 61 + sudo netstat -tunap | grep ESTABLISHED # Only active 62 + w # Who is logged in 63 + sudo kill <PID> # Kill by process ID 64 + sudo pkill -kill -u username # Kill all user processes 65 + ``` 66 + 67 + ### MikroTik Router 68 + **CLI**: 69 + ```bash 70 + /ip address print 71 + /ip address add address=192.168.1.1/24 interface=ether3 72 + /ping 192.168.1.2 73 + interface print 74 + ``` 75 + 76 + **Web GUI**: `http://<router-ip>:8080` 77 + Default login: `admin` / (blank password) 78 + 79 + ### Rsync + Cron 80 + **Rsync common patterns**: 81 + ```bash 82 + rsync -av source/ dest/ # Basic sync 83 + rsync -av --delete source/ dest/ # Mirror (delete extra files in dest) 84 + rsync -avz local/ user@host:remote/ # Remote backup (z=compress) 85 + rsync -av --exclude='*.log' source/ dest/ # Exclude files 86 + rsync -av source/ dest/ --dry-run # Test without changes 87 + ``` 88 + 89 + **Cron syntax**: `minute hour day month weekday command` 90 + ``` 91 + 0 2 * * * /path/to/backup.sh # Daily at 2 AM 92 + */15 * * * * /path/to/script.sh # Every 15 minutes 93 + 0 */6 * * * rsync -av /data/ /backup/ # Every 6 hours 94 + ``` 95 + 96 + ## Distribution Differences 97 + 98 + | Feature | Ubuntu | Kali | CentOS/RHEL | 99 + |---------|--------|------|-------------| 100 + | Apache service | `apache2` | `apache2` | `httpd` | 101 + | Network config | netplan YAML | interfaces | ifcfg-* scripts | 102 + | Firewall | UFW | iptables | firewall-cmd | 103 + | Cron service | `cron` | `cron` | `crond` | 104 + 105 + **Router (2025)**: All distributions use MikroTik (replaces CentOS router) 106 + 107 + ## Competition Tips 108 + 109 + 1. **Network config varies by distro** - check which one first 110 + 2. **SSH keys**: Regenerate on cloned VMs, fix permissions (700/.ssh, 600/private) 111 + 3. **Enable firewall early** - UFW even with defaults improves security 112 + 4. **Monitor active connections** - assign someone to watch `netstat -tunap` 113 + 5. **Router (2025)**: MikroTik web GUI on port 8080, must enable NAT checkbox 114 + 6. **Port forwarding**: Create both TCP and UDP rules for most services 115 + 7. **Kill by PID not username** if you share accounts with red team 116 + 8. **Backup configs before changes** - especially network configs (can lock yourself out) 117 + 118 + ## Critical Configuration Locations 119 + 120 + | Service | Config File(s) | 121 + |---------|---------------| 122 + | SSH | `/etc/ssh/sshd_config` | 123 + | Apache (Ubuntu) | `/etc/apache2/apache2.conf`, `/etc/apache2/sites-available/` | 124 + | Apache (CentOS) | `/etc/httpd/conf/httpd.conf`, `/etc/httpd/conf.d/` | 125 + | Network (Kali) | `/etc/network/interfaces` | 126 + | Network (Ubuntu) | `/etc/netplan/*.yaml` | 127 + | Network (CentOS) | `/etc/sysconfig/network-scripts/ifcfg-*` | 128 + | DNS resolution | `/etc/resolv.conf` | 129 + | Cron jobs | `crontab -e` (per-user), `/etc/crontab` (system-wide) |