"content":"Info about accessing the game level was moved to the game level."
"content":"The purpose of this demo is to showcase and test capabilities of the kypo project. It consists of this info level, two game levels, test and assesment."
},{
"title":"Connecting Via Telnet",
"max_score":100,
"level_type":"GAME_LEVEL",
"order":1,
"estimated_duration":5,
"estimated_duration":15,
"flag":"Top_Secret_Flag",
"content":"Your task in this simple level is to connect to the server via **`telnet`** on port **`2323`** using **`test:password`** and get the flag.\n\n## GUI access\n1. In the topology overview, click the button in the top-right corner of the graph, then **`Expand All`**, **`client`** and **`Generate console URL`**. After a few moments, **`Open link`** next to the **`Generate console URL`** should appear.\n\n2. Login using username **`kypo`** and password **`kypo`** for root access.\n\n## SSH from local machine\n1. Use the **`Get SSH Access`** button to download **`ssh-access.zip`**.\n\n2. Extract the **`ssh-access.zip`** file to the **`~/.ssh/`** directory.\n\n ```shell\n $ unzip ssh-access.zip -d ~/.ssh/\n ```\n\n You will get following files:\n\n ```shell\n ~/.ssh/pool-id-<pool_ID>-sandbox-id-<sbx_ID>-user-config - The SSH configuration file.\n ~/.ssh/pool-id-<pool_ID>-sandbox-id-<sbx_ID>-user-source.sh - The configuration script.\n ~/.ssh/pool-id-<pool_ID>-sandbox-id-<sbx_ID>-user-key - The sandbox user SSH private key.\n ~/.ssh/pool-id-<pool_ID>-sandbox-id-<sbx_ID>-user-key.pub - The sandbox user SSH public key.\n ```\n\n3. Execute the extracted source script in the current shell using the **`source`** command with the path to the KYPO proxy SSH private key. The source script that will set the **`ssh`** command and the **KYPO proxy SSH private key**, which is available to instance operator.\n\n ```shell\n $ source ~/.ssh/pool-id-<pool_ID>-sandbox-id-<sbx_ID>-user-source.sh PATH_TO_KYPO_PROXY_PRIVATE_KEY\n ```\n\n4. Connect to the client to **`kypo`** user. \n\n ```shell\n $ ssh kypo@client\n ```",
"solution":"1. To connect to the server use command **` telnetserver2323`**, then enter username **`test`** and password **`password`**.\n\n2. Get the flag using **`cat flag.txt`** and submit it. \n",
"content":"Your task is to connect to the server and get the flag. You know that there is a **`telnet`** service running on the server and that **`alice`** has a weak password. The flag is in alices home directory. There is a list of common passwords placed in your home directory for your convenience.\n\nBelow are two options how to connect to the client from which you can connect to the server.\n\n## GUI access\n1. In the topology overview, click the button in the top-right corner of the graph, then **`Expand All`**, **`client`** and **`Generate console URL`**. After a few moments, **`Open link`** next to the **`Generate console URL`** should appear.\n\n2. Login using username **`kypo`** and password **`kypo`**.\n\n3. You may want to run **`/bin/bash`** to get a friendlier shell.\n\n## SSH from local machine\n1. Use the **`Get SSH Access`** button to download **`ssh-access.zip`**.\n\n2. Extract the **`ssh-access.zip`** file to your **`~/.ssh/`** directory.\n\n ```shell\n $ unzip ssh-access.zip -d ~/.ssh/\n ```\n\n You will get following files:\n\n ```shell\n ~/.ssh/pool-id-<pool_ID>-sandbox-id-<sbx_ID>-user-config - The SSH configuration file.\n ~/.ssh/pool-id-<pool_ID>-sandbox-id-<sbx_ID>-user-source.sh - The configuration script.\n ~/.ssh/pool-id-<pool_ID>-sandbox-id-<sbx_ID>-user-key - The sandbox user SSH private key.\n ~/.ssh/pool-id-<pool_ID>-sandbox-id-<sbx_ID>-user-key.pub - The sandbox user SSH public key.\n ```\n\n3. Execute the extracted source script in the current shell using the **`source`** command with the path to the KYPO proxy SSH private key. The source script that will set the **`ssh`** command and the **KYPO proxy SSH private key**, which is available to instance operator.\n\n ```shell\n $ source ~/.ssh/pool-id-<pool_ID>-sandbox-id-<sbx_ID>-user-source.sh PATH_TO_KYPO_PROXY_PRIVATE_KEY\n ```\n\n4. Connect to the client to **`kypo`** user. \n\n ```shell\n $ ssh kypo@client\n ```",
"solution":"1. Look for open ports using the command **`nmap server`**. You can see **ssh** running on port **22** and some other service running on port **2323**. This has to be the **telnet** service.\n\n2. You know that **alice** has a weak password so you can try a dictionary attack. A list of common passwords is ready in your home directory. One of possible tools to make a password attack is **hydra**. A command to find the password is **`hydra -l alice -P passlist.txt telnet://server:2323`**. This will reveal alices password **bacon**.\n\n3. Now you can connect to the server by using **`telnet server 2323`**, entering username **`alice`** and her password **`bacon`**.\n\n4. To read the flag you can use **`cat flag.txt`**. Use the flag to get to the next level.\n",
"solution_penalized":true,
"hints":[{
"title":"Correct Command",
"content":"Use `telnet server 2323` and enter username and password to connect.",
"hint_penalty":50,
"title":"Connecting using telnet",
"content":"The command to connect using telnet is **`telnet server <port>`**, where **`<port>`** is the number of port on which the telnet server is running. You will be prompted to enter username and password.",
"hint_penalty":10,
"order":2
},{
"title":"Tool for password attacks",
"content":"Common tools for password attacks are **hydra** and **medusa**. Consult their help commands or man pages to find appropriate options to perform the attack. You can use the list of common passwords in your home directory.",
"hint_penalty":40,
"order":1
},{
"title":"Port Number",
"content":"The server is listening at port `2323`.",
"hint_penalty":0,
"title":"Tool to find open ports.",
"content":"A common tool to find open ports is **nmap**. It has many options, but you will suffice with **`nmap server`** to find the open ports.",
"hint_penalty":20,
"order":0
}],
"incorrect_flag_limit":10,
"attachments":[]
},{
"title":"Privilege Escalation",
"max_score":100,
"level_type":"GAME_LEVEL",
"order":2,
"estimated_duration":15,
"flag":"Cant_Guess_This",
"content":"Great, you managed to login to the server as **alice** but there is not much you can do as **alice**. Can you find a way to become **root**? The flag is in roots home directory.",
"solution":"1. One of common privilege escalation attack vectors is badly configured **sudo**. To see what you can use sudo for, use the **`sudo --list`** command.\n\n2. You can see that the only command you can use sudo on is **`less /home/alice/flag.txt`**. There is not much to see in the flag, but you can run this as **root**. Is there a way to get a shell?\n\n3. There is, all you have to do is enter **`!sh`** while running the **`sudo less /home/alice/flag.txt`** to get a root shell.\n\n4. To get the flag, use **`cd`** to enter roots home directory and **`cat flag.txt`** to read the flag.",
"solution_penalized":true,
"hints":[{
"title":"Attack vector",
"content":"One of common privilege escalation attack vectors is badly configured **sudo**. To see what you can use sudo for, use the **`sudo --list`** command.\n",
"hint_penalty":30,
"order":0
},{
"title":"Using the privilege escalation",
"content":"You have probably figured out that you can run **sudo** on a certain **less** command. To get a shell enter **`!sh`** while running the **less** command.",
"hint_penalty":60,
"order":1
}],
"incorrect_flag_limit":10,
"attachments":[]
},{
"title":"Test Example",
"max_score":0,
"level_type":"ASSESSMENT_LEVEL",
"order":2,
"order":3,
"estimated_duration":5,
"questions":"[{\"question_type\":\"FFQ\",\"correct_choices\":[\"flag.txt\"],\"answer_required\":true,\"order\":0,\"penalty\":10,\"points\":100,\"text\":\"What was the flag filename?\"},{\"question_type\":\"MCQ\",\"choices\":[{\"text\":\"Yes\",\"order\":0,\"is_correct\":false},{\"text\":\"No\",\"order\":1,\"is_correct\":true}],\"answer_required\":true,\"order\":1,\"penalty\":10,\"points\":100,\"text\":\"The telnet service was running on default port.\"},{\"question_type\":\"EMI\",\"rows\":[\"HTTP\",\"SSH\",\"HTTPS\",\"Telnet\"],\"cols\":[\"22\",\"23\",\"80\",\"443\"],\"correct_answers\":[{\"x\":0,\"y\":2},{\"x\":1,\"y\":0},{\"x\":2,\"y\":3},{\"x\":3,\"y\":1}],\"answer_required\":true,\"order\":2,\"penalty\":10,\"points\":100,\"text\":\"Assosiate services with their default port numbers.\"}]",
"instructions":"A simple test.",
...
...
@@ -48,11 +76,11 @@
"title":"Assesment Example",
"max_score":0,
"level_type":"ASSESSMENT_LEVEL",
"order":3,
"order":4,
"estimated_duration":5,
"questions":"[{\"question_type\":\"MCQ\",\"choices\":[{\"text\":\"Graphical user interface of KYPO\",\"order\":0,\"is_correct\":false},{\"text\":\"SSH\",\"order\":1,\"is_correct\":false}],\"answer_required\":true,\"order\":0,\"penalty\":0,\"points\":0,\"text\":\"How did you connect to the client?\"},{\"question_type\":\"EMI\",\"rows\":[\"Everything went smoothly\",\"The User Interface is nice\",\"The test was easy\"],\"cols\":[\"Very much\",\"A little bit\",\"Not really\",\"Not at all\"],\"correct_answers\":[],\"answer_required\":true,\"order\":1,\"penalty\":0,\"points\":0,\"text\":\"Do you agree that... ?\"},{\"question_type\":\"FFQ\",\"correct_choices\":[],\"answer_required\":false,\"order\":2,\"penalty\":0,\"points\":0,\"text\":\"How would you improve this demo?\"}]",
"instructions":"Please answer the questions. The last question is voluntary.",