Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/ Recolector de Cienci...arrow_drop_down
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
Recolector de Ciencia Abierta, RECOLECTA
Bachelor thesis . 2023
License: CC BY NC ND
Data sources: Recolector de Ciencia Abierta, RECOLECTA
 View all 1 versions
Claim

Desarrollo de un sistema CTF

descriptionPublicationkeyboard_double_arrow_right Bachelor thesis 01 Jan 2023 Spain Spanish Publisher:Universitat Oberta de Catalunya (UOC)
Authors: Garcia Bermejo, Jorge;

handle: 10609/148143

Desarrollo de un sistema CTF

Abstract

Este documento tiene como objetivo la explicación de la creación de un sistema CTF mediante una metodología ágil. Se define el desarrollo, instalación y resolución de la máquina, así como metodologías aplicadas, vulnerabilidades utilizadas y distintos tipos de configuraciones necesarias. Podemos encontrar dos grandes partes diferenciadas; primera parte, apartado 1 a 8, que contiene la configuración de sistema operativo, servicios, y aplicación de vulnerabilidades en la máquina virtual, y la segunda parte, desde el apartado 9 hasta el final, que demuestra desde la vista de un atacante como explotar las distintas vulnerabilidades configuradas anteriormente. Mediante la instalación de la máquina virtual proporcionada (archivo .ova adjunto), el objetivo del usuario final será poder llegar a completar los 4 Flags propuestos y llegar a ganar acceso root al sistema, explotando las vulnerabilidades intencionalmente creadas, pudiendo comprobar si los flags obtenidos son los correctos con la página web que se proporciona en la máquina virtual. La demostración total del documento es la importancia de mantener los servicios y aplicaciones expuestos a la última versión, además de lo importante que es configurar estos servicios de manera correcta para no tener un servidor vulnerable a ataques.

Aquest document té com a objectiu l'explicació de la creació d'un sistema CTF mitjançant una metodologia àgil. Es defineix el desenvolupament, instal·lació i resolució de la màquina, així com metodologies aplicades, vulnerabilitats utilitzades i diferents tipus de configuracions necessàries. Podem trobar dues grans parts diferenciades; primera part, apartat 1 a 8, que conté la configuració de sistema operatiu, serveis, i aplicació de vulnerabilitats en la màquina virtual, i la segona part, des de l'apartat 9 fins al final, que demostra des de la vista d'un atacant com explotar les diferents vulnerabilitats configurades anteriorment. Mitjançant la instal·lació de la màquina virtual proporcionada (arxiu .ova adjunt), l'objectiu de l'usuari final serà poder arribar a completar els 4 Flags proposats i arribar a guanyar accés root al sistema, explotant les vulnerabilitats intencionalment creades, podent comprovar si els flags obtinguts són els correctes amb la pàgina web que es proporciona en la màquina virtual. La demostració total del document és la importància de mantenir els serveis i aplicacions exposats a l'última versió, a més de l'important que és configurar aquests serveis de manera correcta per a no tenir un servidor vulnerable a atacs.

This document has the intention of show the creation of a CTF System using agile methodologies. It defines the process of development, install and solving the virtual machine, explanation of used methodologies, vulnerabilities, and the different configurations. We can find two big different parts in this document; the first part that goes from 1 to 8 and contains the configuration of the Operative System, services, and how the vulnerabilities are applied in the Virtual Machine, and the second part, that goes from 9 until the end of the document, that demonstrates from the perspective of an attacker, how to exploit the different vulnerabilities that were previously configured. With the installation of the Virtual Machine that has been provided (attached .ova file), the final target of the final user will be to be able to complete the 4 provided flags and to gain root access to the system, exploiting the intentionally created vulnerabilities, and being able to check the obtained flags on the provided website. The final goal of this document is to demonstrate how important is to keep updated and well configured the services and the apps that are exposed, so we do not have a vulnerable server.

Country
Spain
Related Organizations
Keywords

sistemes, services, servicios, Linux device drivers (Programes d'ordinador), Linux, serveis, CTF, systems, security, sistemas, seguretat, seguridad, Linux device drivers (Computer programs)

  • BIP!
    Impact byBIP!
    selected citations
    These citations are derived from selected sources.
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 0
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    		 Average
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 Average
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    		 Average
Powered by OpenAIRE graph
Found an issue? Give us feedback
selected citations
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
0
Average
Average
Average
Green