2023 National Vocational College Skills Competition Information Security Management and Assessment Network Security Penetration Task Book

Enterprise 2023-09-03 09:28:23 views: null

National Vocational College Skills Competition

Higher Vocational Education Group

Information Security Management and Evaluation

mission statement

module three

Network security penetration, theoretical skills and professionalism

  • Game time and precautions

The duration of this stage is 180 minutes, from 9:00 to 12:00.

【Precautions】

(1) Obtain the score by finding the correct flag value, and the uniform format of the flag is as follows:

flag{<flag value>}

This format may be hidden or even obfuscated in some environments. So, be aware of some sensitive information and use tools to find it out.

Note: Some flags may not have a uniform format. If there is such a situation, the flag format will be clearly indicated in the topic description. Please pay attention to the review.

(2) Contestants first need to create a folder named "BGWxx" in the root directory of the USB flash drive (xx is replaced by a specific station number), please fill in the "Information Security Management and Evaluation Contest Answer Sheet - Module 3" answer document, placed in the "BGWxx" folder.

For example: for station 08, you need to create a " B GW08" folder in the root directory of the U disk , and please place the answer document of " Information Security Management and Evaluation Competition Answer Sheet - Module 3 " completed in the third stage in " B GW08" folder .

  • Competition Items

This document is the information security management and evaluation project competition - the third stage of the competition questions, including: network security penetration and theoretical skills and professionalism, of which the theoretical skills and professionalism part can be answered online on the platform.

  • introduce

The goal of Network Security Penetration is to perform network security penetration testing work in a simulated network environment as a network security professional.

This module requires contestants, as the attacker, to complete the penetration test of the network by using the technologies they have learned in information collection, vulnerability discovery, and vulnerability utilization; and to be able to obtain existing flag values ​​through various information security-related technical analysis.

  • Required hardware and software equipment and materials

All test items can be completed by competitors with the equipment and software specified in the infrastructure list.

  • Grading scheme

The network security penetration of the test project module is 300 points, and the theoretical skills and professionalism are 100 points.

  • Project and Task Description

There are several servers in Group A's network, and each server has different business services. There are certain network security risks in the network. Please complete the penetration test of the specified project through penetration testing techniques such as information collection and vulnerability mining, and obtain the flag value during the test. Please refer to "Appendix A" for network environment reference samples.

The penetration testing techniques used in this module include but are not limited to the following technical fields:

  1. database attack
  2. enumeration attack
  3. privilege escalation attack
  4. Application-Based Attacks
  5. OS-based attacks
  6. reverse analysis
  7. Cryptoanalysis
  8. steganalysis

For the IP addresses of all equipment and servers, please check the equipment list provided on site.

  • work tasks
  1. Human Resource Management System (45 points)

task number

mission details

Answer

Score

task one

Please conduct a black-box test on the portal, use the vulnerability to find flag1, and submit flag1. flag1 format flag1{<flag value>}

15

task two

Please conduct a black-box test on the portal, use the vulnerability to find flag2, and submit flag2. flag2 format flag2{<flag value>}

15

task three

Please conduct a black-box test on the portal, use the vulnerability to find flag3, and submit flag3. flag3 format flag3{<flag value>}

15
  1. Mail System (30 points)

task number

mission details

Answer

Score

task four

Please conduct a black-box test on the office system, use the vulnerability to find flag1, and submit flag1. flag1 format flag1{<flag value>}

15

task five

Please conduct a black-box test on the office system, use the vulnerability to find flag2, and submit flag2. flag2 format flag2{<flag value>}

15
  1. FTP server (165 points)

task number

mission details

Answer

Score

task six

Please obtain the files in the task6 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>}

15

task seven

Please obtain the files in the task7 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>}

15

task eight

Please obtain the files in the task8 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>}

20

task nine

Please obtain the files under the task9 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>}

25

task ten

Please obtain the files in the task10 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>}

20

task eleven

Please obtain the files under the task11 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>}

25

Task twelve

Please obtain the files in the task12 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>}

20

Task Thirteen

Please obtain the files under the task13 directory on the FTP server for analysis, find out the hidden flags, and submit the flags. flag format flag{<flag value>}

25
  1. Application System Server (30 points)

task number

mission details

Answer

Score

task fourteen

There is a vulnerability in port 10000 of the application system server. Obtain the files in the task14 directory on the FTP server for analysis. Please use the vulnerability to find the flag and submit it. flag format flag{<flag value>}

30
  1. Operation and maintenance server (30 points)

task number

mission details

Answer

Score

Task fifteen

There is a vulnerability in port 10001 of the operation and maintenance server. Obtain the files in the task15 directory on the FTP server for analysis. Please use the vulnerability to find the flag and submit the flag. flag format flag{<flag value>}

30

Appendix A

Figure 1 Network topology diagram

Guess you like

Origin blog.csdn.net/qq_50377269/article/details/132607170
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com