Welcome back, for today's session we will have a walk-through on the myHouse CTF from vulnhub.org.
This will be a three part series:
- CTF setup and installation
- Recon and exploitation
- Post exploitation and network pivoting
I have decided to break it up into the three sections because I realized that the setup and installation section is not properly documented and might cause a few issues to the people who are trying to set it up for the first time.
myHouse is one of the first CTFs that tries to go beyond the ordinaries of a single web based CTF challenge, instead it uses docker containers to build a real-world network setup of a particular corporate network. This not only helps the participant in gaining knowledge of web application security assessment but also on leveraging the access gained to further compromise internal systems a technique known as pivoting.
Setup and installation
I request for comments if anyone got this working in a different way.
On initial boot after importing the vmdk VM hard disk file, we see the following:
We are in a position to observe that the VM tries to reach the internet but fails, and it also throws an error of docker missing when it runs the /home/bob/setup/buildDockerNet.sh. It is evident that the machine will not work.
So let's solve this issue.
We first boot into recovery mode: boot the image, hold down shift button while it is powering on, then select advanced options
Drop into root shell.
Now let's inspect the bash script that we had seen earlier during boot.
The script attempts to install docker engine, but from the boot logs, we noticed that the installation was unsuccessful.
Next, it attempts to import the docker exported data.
From the script we realize that the files are removed after they get extracted, this means that even if we are able to solve the network issue and docker engine installation, we don't have the files to work with.
So my solution plan was:
re-import the vmdk into Virtual Box -—> recovery -—> change root password -—> backup the docker files -—> boot -—> get IP address through DHCP -—> restore docker files -—> run the buildDockerNet.sh script/reboot
So delete the VM from VirtualBox and set it up again.
Don't let the VM boot, and head straight to recovery and into root shell, then execute the following commands
~# passwd //change root password
~# cp -r /home/bob/setup/ /opt/ //backup docker files for the setup
Press CTRL + D and resume the boot.
Boot the device and login as root then check all the network interfaces and bring the enp0s3 up.
The final command assigns the VM an IP address using DHCP.
We now have internet access
We recover the previously backed up files and run the setup bash script.
The bash script will install docker and automatically start the containers.
You might need to change the VM network configuration to bridged from NAT
Reboot the VM and login and all the containers will now be automatically setup, login using the root password and bring up the enp0s3 interface, and run dhclient to assign it an IP address.
Scan the IP address of the VM for open ports and running services to confirm successful setup.
Now that we have the CTF setup and ready, in the upcoming post, we'll see how we leverage different techniques in order to gain access to web applications and later see how to leverage this access to pwn deeper into the network.
That's it for now.