This repository sets up a small "gamified" challenge to teach your spouse about the basics computer security and attacks. It's a fun little date idea ♥
Leveraging an attacker machine (Kali Linux Docker Container) and a "vulnerable" server (Ubuntu 22.04 Docker Container), the goal of the challenge is to get to the /root/deeboodah.txt to read a message.
Using attacker machine, your spouse will have to:
- Enumerate the challenge server for open ports.
- Attempt to password crack into port 22. (password is
admin). - Read three files (
readme.txt) in the/home/userdirectory. Each file has a small riddle and clue into what command to issue next. - Once all three files have been read, a new user account should be provisioned in the
/etc/passwdfile, which will provide privilege escalation (reset the password of the new account withpasswd hacker). The scriptcheck-etc-passwd.etcwill echo this command to the console. - Navigate into root's directory to read the message!
The two docker containers install the necessary dependencies to set up this scenario.
- The Kali Linux docker container install nmap for port enumeration and hydra for password cracking.
- Note: If you want a password list to use, download rockyou.txt and place it in the
kalifolder. (I could not upload this as its too big.)
- Note: If you want a password list to use, download rockyou.txt and place it in the
- The Ubuntu server installs openssh.
Change directories into where you want to download this repo.
Issue: git clone https://github.com/collinsmc23/spouse-hack-challenge.git
Build two docker images.
- Kali Linux:
docker build -t {docker-image-name} -f /kali/Dockerfile . - Ubuntu Server:
docker build -t {docker-image-name} Dockerfile
Run the Docker containers:
- Kali Linux:
docker run -it {docker-image-name}. - Ubuntu:
docker run -d -p 2222:22 --name {docker-image-name} ubuntu_22.04
Coming soon.