New HTS Challenge -- Network Scanning

[ZzBonezZ]

Seems like a legit series of challenges to me. Challenge 1 could be scanning a range of IP addresses for a host with a certain domain name. It could be as complex as Challenge 10 having to scan 1 IP address FROM another IP address with IP and mac spoofing. Or even scanning a range of IP addresses to find a certain host running SSHv1 or Port 23 open.... etc.


If everyone thinks this would be a good addition to HTS, maybe I can devote a little more time into my idea!!

[Goatboy]

Gonna play Devil's Advocate here.

Whose boxes would we scan? How would we get results back using IP/MAC spoofing? How would the results be confirmed?

It sounds like it could be fun for a while, but scanning is one of those things that's pretty easy to figure out. If we could somehow simulate a large corporate network and include Firewall/IDS/IPS evasion, VLANS, and other realistic challenges, it might work. But simply scanning seems a little flat.

[tremor77]

Agreed - However maybe we could setup a honeypot with some easter eggs to be found... a few subdomains right here on hackthissite.org (64.32.24.200) - leave open a few backdoors to nowhere and make it like... a scavenger hunt - the end user has to find like 10 different things.. and make some type of crypto-phrase out of the info they gather, decipher that..... which they can then put into the GO button to beat the challenge.

[thetan]

Honey pots FTW: http://seclists.org/fulldisclosure/2010/Nov/228

[ZzBonezZ]

My bad, work thought they were gonna be slick and implement OpenDNS filtering the same day they piled me with a shit load of stuff to do.

Yeah, I was hoping we could do like some subdomains off of hackthissite.org as well as few hosts a I know of that the owners encourage the public to scan. For instance Fyodor has a host up on his domain named scanme.nmap.org just for playing with nmap. I'm sure there is more hosts in wild just like this one that people encourage scanning of. Plus port scanning is not a crime nor is it intrusive however it does depend on how far people take the mission which could definitely be a liability issue that I highly doubt anyone wants to get involved with.

I'll see what I can do to find some more hosts like scanme.nmap.org and post back here shortly.

[Goatboy]

Plus port scanning is not a crime nor is it intrusive

Not necessarily true. There are some loopholes in the legal system that allow pretty much anything to be illegal one way or another. If you scan a network, you might be targeted for wasting bandwidth.

[tremor77]

I always use the 'oops my bad' clause... I'm sorry officer I thought I was scanning my personal web server.. I must have copy and pasted the wrong IP address. The only problem with my original thought using HTS with subdomains is that, HTS probably already has it's fair share of skiddies pounding away at it with brute and DDoS.. add in sanctioned activity as part of a challenge and you could grind this puppy to a halt.

[ZzBonezZ]

Check this out:
hxxp://www.sans.org/security-resources/ ... _legal.php

We just need some German IPs to scan lol. How hard can it be?

And after searching... I think scanme.nmap.org is the only site actually promoting to be scanned lol. I did find this one kind of interesting site though.

hxxp://scanme.ntobjectives.com/