National Vocational College Skills Competition
Higher Vocational Education Group
Information Security Management and Evaluation
mission statement
module three
Network security penetration, theoretical skills and professionalism
- Game time and precautions
The duration of this stage is 180 minutes, from 9:00 to 12:00.
【Precautions】
(1) Obtain the score by finding the correct flag value, and the uniform format of the flag is as follows:
flag{<flag value>}
This format may be hidden or even obfuscated in some environments. So, be aware of some sensitive information and use tools to find it out.
Note: Some flags may not have a uniform format. If there is such a situation, the flag format will be clearly indicated in the topic description. Please pay attention to the review.
(2) Contestants first need to create a folder named "BGWxx" in the root directory of the USB flash drive (xx is replaced by a specific station number), please fill in the "Information Security Management and Evaluation Contest Answer Sheet - Module 3" answer document, placed in the "BGWxx" folder.
For example: for station 08, you need to create a " B GW08" folder in the root directory of the U disk , and please place the answer document of " Information Security Management and Evaluation Competition Answer Sheet - Module 3 " completed in the third stage in " B GW08" folder .
- Competition Items
This document is the information security management and evaluation project competition - the third stage of the competition questions, including: network security penetration and theoretical skills and professionalism, of which the theoretical skills and professionalism part can be answered online on the platform.
- introduce
The goal of Network Security Penetration is to perform network security penetration testing work in a simulated network environment as a network security professional.
This module requires contestants, as the attacker, to complete the penetration test of the network by using the technologies they have learned in information collection, vulnerability discovery, and vulnerability utilization; and to be able to obtain existing flag values through various information security-related technical analysis.
- Required hardware and software equipment and materials
All test items can be completed by competitors with the equipment and software specified in the infrastructure list.
- Grading scheme
The network security penetration of the test project module is 300 points, and the theoretical skills and professionalism are 100 points.
- Project and Task Description
There are several servers in Group A's network, and each server has different business services. There are certain network security risks in the network. Please complete the penetration test of the specified project through penetration testing techniques such as information collection and vulnerability mining, and obtain the flag value during the test. Please refer to "Appendix A" for network environment reference samples.
The penetration testing techniques used in this module include but are not limited to the following technical fields:
- database attack
- enumeration attack
- privilege escalation attack
- Application-Based Attacks
- OS-based attacks
- reverse analysis
- Cryptoanalysis
- steganalysis
For the IP addresses of all equipment and servers, please check the equipment list provided on site.
- work tasks
- Human Resource Management System (45 points)
task number |
mission details |
Answer |
Score |
task one |
Please conduct a black-box test on the portal, use the vulnerability to find flag1, and submit flag1. flag1 format flag1{<flag value>} |
15 |
|
task two |
Please conduct a black-box test on the portal, use the vulnerability to find flag2, and submit flag2. flag2 format flag2{<flag value>} |
15 |
|
task three |
Please conduct a black-box test on the portal, use the vulnerability to find flag3, and submit flag3. flag3 format flag3{<flag value>} |
15 |
- Mail System (30 points)
task number |
mission details |
Answer |
Score |
task four |
Please conduct a black-box test on the office system, use the vulnerability to find flag1, and submit flag1. flag1 format flag1{<flag value>} |
15 |
|
task five |
Please conduct a black-box test on the office system, use the vulnerability to find flag2, and submit flag2. flag2 format flag2{<flag value>} |
15 |
- FTP server (165 points)
task number |
mission details |
Answer |
Score |
task six |
Please obtain the files in the task6 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>} |
15 |
|
task seven |
Please obtain the files in the task7 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>} |
15 |
|
task eight |
Please obtain the files in the task8 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>} |
20 |
|
task nine |
Please obtain the files under the task9 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>} |
25 |
|
task ten |
Please obtain the files in the task10 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>} |
20 |
|
task eleven |
Please obtain the files under the task11 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>} |
25 |
|
Task twelve |
Please obtain the files in the task12 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>} |
20 |
|
Task Thirteen |
Please obtain the files under the task13 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>} |
25 |
- Application System Server (30 points)
task number |
mission details |
Answer |
Score |
task fourteen |
There is a vulnerability in port 10000 of the application system server. Obtain the files in the task14 directory on the FTP server for analysis. Please use the vulnerability to find the flag and submit it. flag format flag{<flag value>} |
30 |
- Operation and maintenance server (30 points)
task number |
mission details |
Answer |
Score |
Task fifteen |
There is a vulnerability in port 10001 of the operation and maintenance server. Obtain the files in the task15 directory on the FTP server for analysis. Please use the vulnerability to find the flag and submit the flag. flag format flag{<flag value>} |
30 |
Appendix A
Figure 1 Network topology diagram