[College Project] Creating my own machines

Hello guys!
So a teacher in my college, asked me to give some classes to his students about CTF and network security in general. i am not an expert but I know a little bit and, the goal here is to get more people interested in the fied anyway so I accepted the challenge.

My idea is, after a some introductory classes I give them some easy machines so they can see how the process works and I want that those machines are build around systems that are current being used in our college. For example I am thinking about using moodle as a vector, it is used a lot here, and we had one machine some time ago that exploited that.

With that in mind, can you guys give me some tips? I already started to built some of them but I would like some help, because I am kinda lost honestly, especially in the windows machine haha.

What I have in mind:
Machine 1: Linux. User vector: moodle. Root vector: kernel exploit.
Machine 2 Windows. User vector: ? (still researching, maybe an simple upload with extension change). Root vector: Eternal Blue.

Thanks for your help!

Comments

  • Surprisingly a lot of people have to Google how to even sign up for HTB. That should be your first exercise/lesson. Just have them navigate to hackthebox.eu and tell them they have to "hack" to sign up! Will spread the word about the site, help the community grow even larger and get more people interested in InfoSec/cyber security, etc. I think you should definitely have a machine that requires heavy use of Burp (but easy to solve) as it's highly used in the industry (how many boxes have you done on this site that you don't ever use Burp on?). Just a couple cents from me. Good luck!

Sign In to comment.