2024 Guangxi Vocational College Skills Competition Secondary Vocational Group "Network Security" Competition Sample Questions

2024 Guangxi Vocational College Skills Competition

Sample questions for the "Network Security" competition of the secondary vocational school group

Table of contents

Task 1: Login security reinforcement

Task 2 Database reinforcement (Data)

Task 3 Web Security Hardening (Web)

Task 4: Traffic integrity protection (Web, Data)

Task 5 Event Monitoring

Task One Emergency Response

Task 2 Data Analysis

Task 3 Windows operating system penetration testing

Task 4 Linux operating system penetration testing

1. Introduction to competition projects

The "Cybersecurity" competition is divided into four modules: A. Infrastructure setup and security reinforcement; B. Cybersecurity incident response, digital forensics investigation and application security; C. CTF capture the flag - attack; D. CTF capture the flag - defense. The competition schedule and score weights are shown in Table 1.

Table 1 Competition schedule and score weighting

Module number	module name	Competition time (Hour)	total
A	Infrastructure setup and security reinforcement	3	20%
B	Cybersecurity incident response, digital forensics investigation and application security	3	40%
C	CTF Capture the Flag-Attack	3	20%
D	CTF Capture the Flag-Defense	3	20%
total		6	100%

2. Matters needing attention in the competition

1. It is prohibited to carry and use mobile storage devices, calculators, communication tools and reference materials during the competition.

2. Please check whether the listed hardware equipment, software list, and material list are complete according to the competition environment provided by the competition, and whether the computer equipment can be used normally.

3. Please read all tasks in each section before doing anything. There may be some correlation between tasks.

4. During the operation, relevant results need to be saved in a timely manner according to the answer requirements. After the competition, all equipment will remain in operation, and the final evaluation will be based on the final results submitted.

5. After the competition is completed, please keep the competition equipment, software and questions in your seats. It is prohibited to take all items used in the competition (including test papers, etc.) away from the venue.

6. It is prohibited to fill in any marks that are not related to the competition on the submitted materials. If the rules are violated, it will be regarded as 0 points.

Module A Infrastructure setup and security reinforcement

(This module is worth 200 points in total)

1. Project and task description

Assume that you are a network security engineer of an enterprise. For the enterprise's server system, ensure the normal operation of each service according to task requirements, and comprehensively use login and password policies, database security policies, traffic integrity protection strategies, event monitoring strategies, and firewall strategies. and other security strategies to improve the network security defense capabilities of the server system. This module requires screenshots of specific tasks and corresponding text descriptions, written in the form of a word document, saved in PDF format, and using the competition number as the file name.

2. Server environment description

IDS: Intrusion Detection System Server (Snort), operating system is Linux

LOG: Log server (Splunk), operating system is Linux

Web: IIS server, operating system is Windows

Data: database server (Mysql), operating system is Linux

3. Specific tasks

Task 1: Login security reinforcement

1. Password policy (IDS, LOG, Web, Data)

a. The minimum password length is no less than 12 characters;

2. Login strategy (IDS, LOG, Web, Data)

a. When users log in to the system, there should be a "For authorized users only" prompt message;

3. User permission assignment (WEB)

a. Prohibit guest account login and access;

Task 2 Database reinforcement (Data)

1. Run mysqld safely with a normal account, and prohibit mysql from running with administrator account permissions;

2. Delete the default database (test);

Task 3 Web Security Hardening (Web)

1. Delete the default site;

2. Limit the execution permission of the directory, and set the execution permission to none for pictures or upload directories;

Task 4: Traffic integrity protection (Web, Data)

1.HTTP redirects to HTTPS, and only uses the HTTPS protocol to access the website (Web);

2. To prevent password theft, only use certificates to log in to SSH (Data).

Task 5 Event Monitoring

1. Enable audit policy on the web server:

Privilege use successful;

Policy change success/failure;

Process tracking success/failure;

Module B Cybersecurity Incidents, Digital Forensics Investigation and Application Security

(Total 400 points for this module)

1. Project and task description:

Assume that you are a member of a network security technical support team, and a company's server system is attacked by hackers. Your team comes to help the company investigate and track the source of this network attack, analyze the hacker's attack methods, discover system vulnerabilities, and submit the network Security incident response reporting, fixing system vulnerabilities, removing backdoors created by hackers in the system, and helping the system return to normal operation.

2. Server environment description

Operating system: Windows/Linux

3. Specific tasks

Task 1 Emergency response

*Task description: Only the IP address of Server1 can be obtained

1. Hackers have invaded the local server through the network and plugged a Trojan link on the homepage of the Web server. Please find this link and delete it. The third word displayed in the title bar of the first row of the homepage after deleting the link will be as flag submission.

2. A hacker broke into the database server of the local server and added a super user with administrator rights other than admin. Please find this user, delete the user, and submit the user's password as a flag.

3. Hackers have invaded the local server and created multiple super users on the local server. Please delete other super administrator users except Administrator user, enter net user in the command line window, and submit the first word to the right of Administrator as flag. .

4. Hackers have modified the startup content of the server. Please delete unnecessary startup content, open the "Startup" tab of the Task Manager, and submit all the names in the name column as flags. (Submission form: Name 1, Name 2, Name 3)

5. A hacker has stored a Trojan horse program somewhere on the server. Please find this Trojan horse program and remove it. Open the "Processes" tab of the Task Manager and submit the third word in the application name as a flag.

Task 2 Data Analysis

*Task description: Only the IP address of Server2 can be obtained

1. Use Wireshark to view and analyze the capture.pcapng packet file under the Server2 desktop. The telnet server is a router. Find out the privileged password of this router and submit the password as a flag value.

2. Use Wireshark to view and analyze the capture.pcapng data packet file under the Server2 desktop. The FTP server has completed transferring the file, and the number of data connections established by the FTP server will be submitted as the flag value.

3. Use Wireshark to view and analyze the capture.pcapng packet file under the Server2 desktop. The web server address is 192.168.181.250, and submit the version number of the web server software as the flag value.

4. Use Wireshark to view and analyze the capture.pcapng packet file under the Server2 desktop. There are a lot of ICMP messages in this data. There are a large number of abnormal ICMP messages in these messages. Find out all the redirection types. message, and submit the number of message redirections as the flag value.

5. Use Wireshark to view and analyze the capture.pcapng data packet file under the Server2 desktop. There are ssh messages in this data. Since ssh has an encryption function, it is necessary to analyze the algorithms of these encrypted messages and add the third one supported by the ssh server. The key length of an algorithm is submitted as a flag value.

Task 3 Windows operating system penetration testing

*Task description: Only the IP address of Server3 can be obtained

1. Use the local PC penetration testing platform Kali to perform system service and version scanning penetration testing on the server scenario Server3, and submit the service status information corresponding to port 445 in the operation display results as the flag value;

2. Find the network adapter information and submit the preferred DNS server address as the flag value;

3. Find the file with the .docx suffix in the 111 folder on the desktop and submit the document content as the flag value;

4. Find the document in the recycle bin and submit the document content as the flag value;

5. Obtain the password of the system's highest account administrator and submit the password as the flag value.

Task 4 Linux operating system penetration testing

*Task description: Only the IP address of Server4 can be obtained

1. Use the penetration testing platform Kali on the local PC to perform a system service and version scanning penetration test on the server scenario Server4, and submit the service version information string corresponding to port 21 in the operation display result as a flag value;

2. Find the image file in the /var/www directory and submit the file name as the flag value;

3. Find the image file in the /var/www directory and submit the English words in the image as the flag value;

4. Find the txt file in the /home/guest directory and submit the file content as the flag value;

5. Find the txt file in the /root directory and submit the file content as the flag value.

Module C CTF Capture the Flag-Attack

(Total 200 points for this module)

1. Project and task description

Suppose you are a network security penetration testing engineer of a certain company, responsible for the security protection of certain servers of the company, in order to better find various problems and vulnerabilities that may exist in the corporate network. You try to use various attack methods to attack specific targets in order to understand the latest attack methods and technologies, understand the mentality of network hackers, and improve your defense strategies.

Please use Google Chrome on the client to log in to the attack machine based on the information provided in the "Field Parameter Table".

2. Operating system environment description

Guest operating system: Windows 10

Attack machine operating system: Kali Linux 2019 version

Target server operating system: Linux/Windows

3. Vulnerability description

1. Vulnerabilities in the server may be regular vulnerabilities or system vulnerabilities;

2. The website on the target server may have command injection vulnerabilities. Players are required to find command injection-related vulnerabilities and use this vulnerability to obtain certain permissions;

3. The website on the target machine server may have a file upload vulnerability. Players are required to find the relevant vulnerability for file upload and use this vulnerability to obtain certain permissions;

4. There may be file inclusion vulnerabilities in the website on the target server. Players are required to find the relevant vulnerabilities contained in the files and combine them with other vulnerabilities to obtain certain permissions and escalate them;

5. The services provided by the operating system may contain remote code execution vulnerabilities, requiring users to find remote code execution services and use this vulnerability to obtain system permissions;

4. Precautions

1. You cannot attack the referee server. If you continue to attack after a warning, the participating team will be ordered to leave the field;

2. The Flag value is the unique identifier of each target server, and each target server has only one;

3. After hacking into the target machine, players are not allowed to close the port, change the password, restart or shut down the target machine, delete or modify the flag, create unnecessary files, etc.;

4. After logging into the automatic scoring system, submit the Flag value of the target server and specify the IP address of the target server;

5. The competition venue is equipped with target drones with different basic scores according to different difficulties. For each target drone server, the first three teams to obtain Flag values will receive additional points on top of the basic points. The total score of each team at this stage will be calculated. Entering stage points, specific extra point rules refer to the competition scoring standards;

6. No additional time will be allowed in this session.

Module D CTF Capture the Flag-Defense

(Total 200 points for this module)

1. Project and task description

It is assumed that each contestant is a network security engineer of a security company and is responsible for penetration testing and security protection of several servers. These servers may have various problems and vulnerabilities. You need to perform penetration testing and security protection on these servers as soon as possible. Each participating team has its own bastion server, which cannot be accessed by other teams. Contestants use scanning, penetration testing and other means to detect security flaws in their fortress servers and perform targeted reinforcements to improve the security defense performance of the system.

Please use Google Chrome on the client to log in to the fortress server that needs to be reinforced based on the information provided in the "Game Parameter Table".

2. Operating system environment description

Guest operating system: Windows 10

Attack machine operating system: Kali Linux 2019 version

Bastion server operating system: Linux/Windows

3. Vulnerability description

1. Vulnerabilities in the bastion server may be regular vulnerabilities or system vulnerabilities;

2. The website on the bastion server may have command injection vulnerabilities. Players are required to find command injection-related vulnerabilities and use this vulnerability to obtain certain permissions;

3. The website on the bastion server may have file upload vulnerabilities. Players are required to find the relevant file upload vulnerabilities and use this vulnerability to obtain certain permissions;

4. The website on the bastion server may have file inclusion vulnerabilities. Players are required to find the relevant vulnerabilities contained in the files and combine them with other vulnerabilities to obtain certain permissions and escalate them;

4. Precautions

1. Each player needs to take screenshots of reinforcement points and key processes, and make their own system defense implementation report. The final score will be based on the system defense implementation report.

2. When strengthening the system, it is necessary to ensure the availability of external services provided by the bastion server;

3. You cannot attack the referee server. If you continue to attack after a warning, the participating team will be ordered to leave the field;

4. No additional time will be allowed in this session.