2023 Network Security Autonomous Region Vocational College Skills Competition and National Vocational College Skills Competition Xinjiang Trial Mission Statement

2023 Autonomous Region Vocational College Skills Competition and National Vocational College Skills Competition Xinjiang Trial Mission Statement

1. Competition time

Total: 360 minutes

• competition stage

competition stage	task stage	competition task	race time	Score
A module	A-1	Login Security Hardening	180 minutes	200 points
	A-2	Local Security Policy Configuration
	A-3	Traffic Integrity Protection
	A-4	event monitoring
	A-5	Service hardening
	A-6	firewall policy
B module	B-1	Hidden Information Exploration		400 points
	B-2	Windows operating system penetration testing
	B-3	Linux Operating System Penetration Testing
	B-4	Data Forensics and Analysis
	B-5	Web security penetration testing
	B-6	Windows operating system penetration testing
phase switch			120 minutes	0
C, D module	C module	CTF Capture the Flag - Attack	180 minutes	200 points
	D module	CTF Capture the Flag - Defense		200 points

3. Contents of the competition task book

(1) Topology map

(2) Infrastructure Setting/Security Hardening for Module A (200 points)

1. Project and task description:

Assume that you are a network security engineer of an enterprise. For the server system of the enterprise, ensure the normal operation of each service according to the task requirements, and through the comprehensive use of login and password policies, traffic integrity protection policies, event monitoring policies, firewall policies and other security Strategies to enhance the network security defense capabilities of the server system.

2. Description:

1. All screenshots require the screenshot interface and font to be clear, and be pasted at the position required by the corresponding topic;

2. File name naming and saving: network security module A-XX (XX is the station number), save in PDF format;

3. Save the file to the U disk and submit.

3. Server environment description

AServer06 (Windows) system: username administrator password P@ssw0rd

AServer07 (Linux) system: user name root password 123456

A-1 : Login Security Hardening (Windows, Linux)

Please set up the server Windows and Linux according to the requirements to improve the security of the server.

1. Password Policy (Windows, Linux)
   1. The password policy must meet the requirements of uppercase and lowercase letters, numbers, and special characters (Windows), and the screenshot of the attribute configuration interface that the password must meet the complexity requirements:
   2. The password policy must satisfy both uppercase and lowercase letters, numbers, and special characters (Linux). Take a screenshot of the corresponding part in the /etc/pam.d/system-auth configuration file:
   3. The minimum password length is no less than 8 characters (Windows), and the screenshot of the attribute configuration interface for the minimum password length is as follows:
   4. The minimum password length should be no less than 8 characters (Linux), and take a screenshot of the corresponding part in the /etc/login.defs configuration file:
2. login policy
   1. Set the account lockout threshold to 6 false lockouts, the lockout time to 1 minute, reset the account lockout counter to 1 minute later (Windows), and take a screenshot of the account lockout policy configuration interface:
   2. Only 5 login failures are allowed within one minute. If more than 5 times, the login account will be locked for 1 minute (Linux). Take a screenshot of the corresponding part of the /etc/pam.d/login configuration file:
3. User Security Management (Windows)
   1. Forbid sending unencrypted passwords to third-party SMB servers, and set a screenshot of the property configuration interface of Microsoft network client: Send unencrypted passwords to third-party SMB servers:
   2. Disable the guest account, prohibit the guest user from accessing the computer or the built-in account of the domain, and set the account: guest account status property configuration interface screenshot:

A-2: Local Security Policy Settings (Windows)

1. Clear the virtual memory paging file when shutting down the system, it will shut down: Screenshot of the property configuration interface of clearing the virtual memory paging file:
2. Prohibit the system from shutting down without logging in, and shut down: Allow the system to shut down without logging in. A screenshot of the property configuration interface:
3. Forbid floppy disk copy and access to all drives and all folders, will restore console: Allow floppy disk copy and access to all drives and all folders property configuration interface screenshot:
4. Forbid displaying the user name of the last login, interactive login: do not display the screenshot of the property configuration interface of the last user name:

A-3: Traffic Integrity Protection (Windows, Linux)

1. Create the www.chinaskills.com site, create a homepage named chinaskills.html in the C:\web folder, and the homepage displays the content "Warmly celebrate the opening of the Jiangxi Vocational College Skills Competition in 2022", and only SSL is allowed and It can only be accessed by domain name (the domain name is www.test.com), and the screenshot of the configuration interface binding the website:
2. In order to prevent the password from being stolen during login or transmission information, only use the certificate to log in to SSH (Linux), and take a screenshot of the corresponding part of the /etc/ssh/sshd_config configuration file: 

A-4: Event Monitoring (Windows)

1. When the maximum size of the application log file reaches 65M, it will be archived, and the event will not be overwritten. Screenshot of the log property-application (type: managed) configuration interface:

A-5: Service Hardening SSH\VSFTPD\IIS (Windows, Linux)

1. SSH service hardening (Linux)
   1. SSH prohibits the root user from remotely logging in, and screenshots of the corresponding part in the /etc/ssh/sshd_config configuration file:
   2. Set up scheduled tasks for the root user. The SSH service is automatically started at 7:50 every morning and shut down at 22:50; the SSH service is restarted every Saturday at 7:30, and the command crontab -l is used to display a screenshot of the result;
   3. Modify the SSH service port to 2222, use the command netstat -anltp | grep sshd to view the SSH service port information, and echo the screenshot of the result;
2. VSFTPD Service Hardening (Linux)
   1. Set the timeout period of the data connection to 2 minutes, and take a screenshot of the corresponding part in the /etc/vsftpd/vsftpd.conf configuration file:
   2. Set the maximum transmission rate for local user access at the site to 1M, and take a screenshot of the corresponding part in the /etc/vsftpd/vsftpd.conf configuration file:
3. IIS Hardening (Windows)
   1. To prevent the file enumeration vulnerability from enumerating the root directory files of the web server, and prohibit the leakage of IIS short file names, take a screenshot of the configuration command:
   2. Turn off the WebDAV function of IIS to enhance the security of the website, and take a screenshot of the alert message:

A-6: Firewall Policy (Linux)

1. Only DNS resolution request packets from the 172.16.0.0/24 LAN segment are allowed to be forwarded. Take a screenshot of the iptables configuration command:
2. Prohibit any machine from pinging this machine, take a screenshot of the iptables configuration command:
3. Prohibit the local machine from pinging any machine, take a screenshot of the iptables configuration command:
4. Disable port 23, take a screenshot of the iptables configuration command:
5. Prohibit forwarding data packets from the host whose MAC address is 29:0E:29:27:65:EF, take a screenshot of the iptables configuration command:
6. In order to defend against IP fragmentation attacks, set the iptables firewall policy to limit the number of IP fragments, only allowing 1000 pieces per second to be processed. Take a screenshot of the iptables configuration command:
7. In order to prevent the SSH service from being violently enumerated, set the iptables firewall policy to only allow hosts in the 172.16.10.0/24 network segment to connect to the machine through SSH. Take a screenshot of the iptables configuration command:

(3) Module B Security Incident Response/Network Security Data Forensics/Application Security (400 points)

B-1: Hidden Information Exploration

Task environment description:

• Server scenario: Server2007
• Server Scenario OS: Unknown (link closed)

1. Access the website in the server scenario Server2007 through the penetration testing platform Kali in the local PC, find the FLAG in the login interface, and submit the FLAG;

1. Access the website in the server scenario Server2007 through the penetration testing platform Kali in the local PC, find the FLAG in the background of the login interface, and submit the FLAG;

1. Access the website in the server scenario Server2007 through the penetration testing platform Kali in the local PC, log in on the login interface, and find FLAG on the successful interface after successful login and submit it;

1. Access the website in the server scenario Server2007 through the penetration testing platform Kali in the local PC, find the moon on the page after successful login, decrypt the information in the moon, and submit the decrypted information as FLAG;

1. Access the website in the server scenario Server2007 through the penetration testing platform Kali in the local PC, find the cross star on the page after successful login, download the content of the page in the cross star, decrypt the downloaded file, and decrypt the decrypted file The content is submitted as FLAG;

1. Access the website in the server scenario Server2007 through the penetration testing platform Kali in the local PC, log in on the login interface, find the link on the page to access the connection and download the file after the login fails, and submit the full name of the hidden file in the file as FLAG;

1. Access the website in the server scenario Server2007 through the penetration testing platform Kali in the local PC, log in on the login interface, find the link on the page to access the connection and download the file after the login fails, and submit the content of the hidden information file in the file as FLAG;

1. Access the website in the server scenario Server2007 through the penetration testing platform Kali in the local PC, find the hidden information in each page, merge each information in order, and submit it as FLAG;

B-2: Windows Operating System Penetration Testing

Task environment description:

• Server scenario: Server2105
• Server scenario operating system: Windows (unknown version) (closed target machine)

1. Use the penetration testing platform Kali in the local PC to perform system service and version scanning penetration testing on the server scenario, and submit the service version information string corresponding to port 445 in the operation display result as the Flag value;
2. Perform a penetration test on the server scenario through the penetration testing platform Kali in the local PC, and submit the DNS information in the network connection information of the scenario as the Flag value (for example: 114.114.114.114);
3. Perform a penetration test on the server scenario through the penetration testing platform Kali in the local PC, and submit the password of the current highest account administrator in the scenario as the Flag value;
4. Use the penetration testing platform Kali in the local PC to conduct a penetration test on the server scenario, and submit the name of the only file with the suffix .docx in the 111 folder on the desktop of the scenario as the Flag value;
5. Use the penetration testing platform Kali in the local PC to conduct a penetration test on the server scenario, and submit the content of the only document with the suffix .docx in the 111 folder on the desktop of the scenario as the Flag value;
6. Penetration test the server scene through the penetration testing platform Kali in the local PC, and submit the English word in the only picture in the 222 folder on the desktop of the scene as the Flag value;

B-3: Linux Operating System Penetration Testing

Task environment description:

• Server scenario: Server2106
• Server scenario operating system: Linux (version unknown) (connection closed)

1. Use the penetration testing platform Kali in the local PC to perform a penetration test on the server scenario, and submit the name of the only file with the suffix .bmp file in the /var/www directory of the scenario as the Flag value;
2. Use the penetration testing platform Kali in the local PC to conduct a penetration test on the server scene, and submit the English words in the only picture file with the suffix .bmp in the /var/www directory of the scene as the Flag value;
3. Use the penetration testing platform Kali in the local PC to perform a penetration test on the server scenario, and submit the name of the only file with the suffix .docx file in the /var/vsftpd directory of the scenario as the Flag value;
4. Use the penetration testing platform Kali in the local PC to perform a penetration test on the server scenario, and submit the content of the only file with the suffix .docx in the /var/vsftpd directory of the scenario as the Flag value;
5. Use the penetration testing platform Kali in the local PC to perform a penetration test on the server scenario, and submit the name of the only file suffixed with .pdf in the scenario/home/guest directory as the Flag value;
6. Use the penetration testing platform Kali in the local PC to perform a penetration test on the server scenario, and submit the content of the only file with the suffix .pdf in the scenario/home/guest directory as the Flag value;
7. Use the penetration testing platform Kali in the local PC to conduct a penetration test on the server scenario, and submit the name of the only file with the suffix .txt in the scenario/root directory as the Flag value;
8. Use the penetration testing platform Kali in the local PC to perform a penetration test on the server scenario, and submit the content of the only file with the suffix .txt in the scenario/root directory as the Flag value.

B-4: Data Forensics and Analysis

Task environment description:

• Server scene: 20221219wire
• Username: Administrator Password: 123456

1. Analyze the Alpha-1.pcapng data packet file under the 20221219wire desktop, and find out the number of the data packet that the malicious user accesses the HTTP service for the first time by analyzing the data packet Alpha-1.pcapng, and use this number as the Flag value submit;

2. Continue to check the data packet file Alpha-1.pcapng, analyze which ports are scanned by malicious users, and submit all port numbers from small to large as Flag values ​​(form: port 1, port 2, port 3..., port n) ;

3. Continue to check the data packet file Alpha-1.pcapng, analyze the password used by the malicious user to log in to the background, and submit the background password as the Flag value;

4. Continue to check the data packet file Alpha-1.pcapng, analyze the password of the one-sentence Trojan horse written by the malicious user, and submit the one-sentence password as the Flag value;

5. Continue to check the data package file Alpha-1.pcapng, analyze what file the malicious user has downloaded, and submit the content of the file as the Flag value.

B-5: Web Security Penetration Testing

Task environment description:

• Server scenario: Server

1. Obtain the version number of Apache and submit it as the Flag value (for example: 5.2.14);

2. Obtain the version number of the Samba server and submit it as the Flag value (for example: 5.0.22);

3. Obtain the kernel version number of the system and submit it as the Flag value (for example: 2.6.18);

4. The image content under the root path of the website is submitted as the Flag value;

5. Find the txt file in the /root directory, and submit the file content as the Flag value.

B-6 : Windows Operating System Penetration Testing

Task environment description:

• Server Scene: Server2124 (closed link)
• Server scenario operating system: Windows (unknown version)

1. Use the penetration testing platform Kali in the local PC to perform system service and version scanning penetration testing on the server scenario Server2124, and submit the service version information corresponding to port 1433 in the operation display results as the Flag value (for example, 3.1.4500);
2. Through the penetration testing platform Kali in the local PC, conduct system service and version scanning penetration testing on the server scenario Server2124, and submit the host fully qualified domain name of the DNS server as the Flag value;
3. Submit the password of the low-privileged (unable to execute command system commands through the database) user of the SQL-Server database in the target server as the Flag value;
4. Submit the password of the user with higher authority in the SQL-Server database in the target server (you can execute system commands through database commands) as the Flag value;
5. Find the file with the suffix .docx in the 266437 folder in the C:\Windows\system32 folder, and submit the document content as the Flag value;

(4) Module C CTF Capture the Flag-Attack

(200 points for this module)

1. Project and task description:

Suppose you are a network security penetration test engineer of an enterprise, responsible for the security protection of certain servers of the enterprise, in order to better find various problems and vulnerabilities that may exist in the enterprise network. You try to use various attack methods to attack specific target drones, so as to understand the latest attack methods and technologies, and understand the mentality of network hackers, so as to improve your defense strategy.

Please log in to the answering platform using the Google browser on the client side according to the information provided in the "Competition Parameter Table".

2. Operating system environment description:

Guest OS: Windows 10/Windows7

Target server operating system: Linux/Windows

3. Vulnerability description:

1. Vulnerabilities in the server may be conventional or system vulnerabilities;

2. There may be a command injection vulnerability in the website on the target machine server. Players are required to find the relevant vulnerability of command injection and use this vulnerability to obtain certain permissions;

3. There may be a file upload vulnerability on the website on the target machine server. Players are required to find the relevant vulnerability in file upload and use this vulnerability to obtain certain permissions;

4. There may be loopholes in the files contained in the website on the target machine server. Players are required to find the relevant loopholes contained in the files and combine them with other loopholes to obtain certain permissions and elevate their rights;

5. The service provided by the operating system may contain a remote code execution vulnerability, requiring the user to find the remote code execution service and use this vulnerability to obtain system permissions;

6. The services provided by the operating system may contain buffer overflow vulnerabilities, requiring users to find services with buffer overflow vulnerabilities and use this vulnerability to obtain system privileges;

7. There may be some system backdoors in the operating system. Players can find the backdoors and use the reserved backdoors to directly obtain system permissions.

4. Matters needing attention:

1. The referee server cannot be attacked. If the attack continues after one warning, the team will be ordered to leave the field;

2. The flag value is the unique identifier of each target machine server, and each target machine server has only one;

3. After hacking into the target machine, the contestants are not allowed to close the port, change the password, restart or shut down the target machine, delete or modify the flag, create unnecessary files and other operations on the target machine;

4. After logging in to the automatic scoring system, submit the flag value of the target machine server and specify the IP address of the target machine server;

5. The arena has target drones with different basic points according to the difficulty. For each target server, the first three teams that get the flag value will add points to the basic points. The total score of each team at this stage is The entry stage score, the specific extra points rules refer to the field scoring standards;

6. There will be no additional time for this session.

(5) Module D CTF Capture the Flag - Defense

(200 points for this module)

1. Project and task description:

Assume that each contestant is a network security engineer of a security company, and is responsible for the penetration testing and security protection of several servers. These servers may have various problems and vulnerabilities. You need to penetration test and secure these servers as soon as possible. Each participating team has its own bastion host server, which cannot be accessed by other teams. The contestants detect the security flaws in their bastion servers through scanning, penetration testing and other means, and carry out targeted reinforcement to improve the security defense performance of the system.

Please log in to the answering platform using the Google browser on the client side according to the information provided in the "Competition Parameter Table".

2. Operating system environment description:

Guest OS: Windows 10/Windows7

Bastion server operating system: Linux/Windows

3. Vulnerability description:

1. Vulnerabilities in the bastion server may be conventional or system vulnerabilities;

2. The website on the bastion server may have a loophole of command injection. Players are required to find the loophole related to command injection and use this loophole to obtain certain permissions;

3. The website on the bastion server may have a file upload vulnerability. Players are required to find the relevant vulnerability of file upload and use this vulnerability to obtain certain permissions;

4. The website on the bastion server may contain loopholes in files. Players are required to find the relevant loopholes contained in the files and combine them with other loopholes to obtain certain permissions and escalate their privileges;

5. The service provided by the operating system may contain a remote code execution vulnerability, requiring the user to find the remote code execution service and use this vulnerability to obtain system permissions;

6. The services provided by the operating system may contain buffer overflow vulnerabilities, requiring users to find services with buffer overflow vulnerabilities and use this vulnerability to obtain system privileges;

7. There may be some system backdoors in the operating system. Players can find the backdoors and use the reserved backdoors to directly obtain system permissions.

4. Matters needing attention:

1. Each player needs to take screenshots of the reinforcement points and the reinforcement process, and make a system defense implementation report by himself. The final score is based on the implementation report;

2. When the system is hardened, it is necessary to ensure the availability of external services provided by the bastion server;

3. Do not attack the referee server. If you continue to attack after a warning, the team will be ordered to leave the field;

4. There will be no additional time for this session.

2. Description:

1. All screenshots require screenshot interface and clear fonts;

2. File name and save: network security module D-XX (XX is the station number), save in PDF format;

3. Save the file to the U disk and submit.