KEMBAR78
CPENT Practices Range | PDF | Superuser | Exploit (Computer Security)
Scribd
Upload
49 views4 pages

CPENT Practices Range

This document provides instructions for accessing the CPENT practice range and a summary of the scope of work for each zone of the network. The 8 zones include Active Directory, binary analysis and exploitation, CTF, IoT, OT, pivoting, double pivoting, and web. Each zone has specific objectives such as identifying the domain controller, analyzing IoT firmware, mapping ICS/SCADA traffic, or gaining access through multiple pivoting machines. Instructions are provided.

Uploaded by

ScribdTranslations
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
49 views4 pages

CPENT Practices Range

This document provides instructions for accessing the CPENT practice range and a summary of the scope of work for each zone of the network. The 8 zones include Active Directory, binary analysis and exploitation, CTF, IoT, OT, pivoting, double pivoting, and web. Each zone has specific objectives such as identifying the domain controller, analyzing IoT firmware, mapping ICS/SCADA traffic, or gaining access through multiple pivoting machines. Instructions are provided.

Uploaded by

ScribdTranslations
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Instructions to Access CPENT Practice Range

You will need a machine that runs a Pentesting Linux distribution, such as
Parrot Security OS / Kali Linux with the OpenVPN Connect client.

2. Download your VPN connection package below and import it into the VPN client.

3. Carefully read the CPENT Practice Range Guide - Scope of Work and begin
your practice.
4. You can reverse any machine in the environment of your field of practice, in case
that I have any problem.

Please note that, according to the CPENT practice range, it is subject to the
Terms of use, the rules and guidelines below.
In case of further inquiries or clarifications, please feel free to write to us at
aspensupport@eccouncil.org.

CPENT Practice Range Guide - Scope of Work

You are about to embark on an enterprise penetration testing assessment


designed to challenge you across a wide range of objectives. Each of the areas of
The network comes with a work range. The areas of the network are defined as follows
way

Active Directory
2. Binary Analysis and Exploitation
3. CTF
4. IOT
5. OT
6. Pivoting
7. Double Pivoting
8. Web

We developed the CPENT to provide you with the most realistic experience possible of a
professional security test. You are in the role of an external Pentester who,
As a result of this, just like in most commitments, you must take the
scope and the rules of engagement and see what can be found. The key here is that,
just like in a real confrontation, there are defenses in place and one must proceed with
Caution; otherwise, you may not be able to obtain the necessary data.

Here, at the CPENT, as in a real confrontation, you are required to map the
attack surface as you discover it. From this attack surface, you want
map the vulnerabilities or weaknesses that could potentially be exploited for
gain access. A fundamental part of the CPENT is a wide range of skills
and we have developed it, so if you are assigned the task of testing a device of
IoT has practiced the process of this type of testing. We focus solely on the
process for each of the areas as that is the essential key element to be
a professional tester. As you move through the different areas of the network, remember
analyze the data and determine what the network is telling you. If there is a filter in place,
then it must attack the filter, skip it, or accept that the attack surface will be based on
the rules of the filter. As with any test, not all will be accessible
machines, but they are still part of the test. In a real-life test, no, all of them.
machines fall. Another thing to remember is that it is not always necessary to explode
the box to access it. Analyze the attack surface and try to find ways to
those who can potentially take advantage of that and gain access. Then comes another part
from the challenge, once you gain access, you must escalate the privileges.

A key component of this is in * nix, which determines what the version of the kernel is.
and in Windows, the service pack and patch level. Once you have this, you can
try what we call "traditional" and popular privilege escalation methods.
Another method that actually does not belong to any other testing program is to use
sticky bits program to escalate privileges by writing a controller program for
exploit the application and achieve root level. This challenge is unique because it does not
we are providing a simple application that can be bypassed to gain access to
root, we are providing you with a binary that must undergo reverse engineering, then write
a controller to exploit it and once I have it, I must do it. once again, write
another program or shell to get root, a fun project for sure!

Finally, as you embark on this journey, try to access all the machines.
that can and observe what works and what doesn't. For example, the version of the operating system
and the kernel, as well as the configuration, think of MS17-010, just have port 445
it does not mean that SMBv1 is also enabled and both are necessary for the
exploit works. The process would be to create your target database and then obtain the
responses to that. Just as I would in a real commitment. There are user indicators,
as well as privileged level indicators that can reveal if you gain access to a
picture. One last thing, "frustration is good, it’s when we learn." The key is
don't get too frustrated, if that starts to happen, take a break. When you are
testing, wants to acquire the habit of analyzing what the network is telling him. A lot
good luck and enjoy it!

• Active Directory:

This zone is an Active Directory forest that you need to identify the Domain.
Controller then uses the potential method of silver, gold ticket, and kerberoasting.
Scope: 172.25.170.0/24
172.25.170.1

• 2. Binary Analysis and Exploitation:

In this area, you must identify the filtering device, map the surface of
attack and then gain access to the filtered segment. Once there, you must identify
the binary archclaves and apply reverse engineering to answer the
questions and then, to obtain the privilege flag, you will have to create an exploit
and then obtain root-level privileges. The protections may or may not be compiled.
in binary.

Scope:172.25.120.0/24, 192.168.120.0/24
Exclusion:172.25.120.1, 10.1.120.0/24
• 3. CTF:

In this area, it is supposed to deal with multiple vulnerabilities.


web applications and incorrect security configurations. Once the
Identify and exploit them, he owns the servers. By owning them, he finds the
secret keys placed in them.
Scope:172.25.20.0/24, 172.25.30.0/24
Exclusions:172.25.20.1, 172.25.30.1

• 4. IOT:

In this area, you must identify the target, then map the attack surface.
and then gain access, once you gain access, you will need to perform
reverse engineering of the firmware and answer questions about it. As it progresses
that builds its target database, take note of the credentials
encoded. Once you find a firmware image, analyze the system
of extracted files and observe the code, which in many cases will be php, etc.
172.25.101.0/24
172.25.101.1

• 5. OT:
In this area, you will first need to identify the IT side of the network, then the OT network and
map the attack surface, once you gain access to the OT network, you will have
identify the traffic of the ICS / SCADA network and analyze the protocol and then
read the values of the data in the registers and coils.
Scope:172.25.100.0/24, 192.168.110.0/24
172.25.100.1, 192.168.110.1, 10.1.110.0/24

• 6. Web

In this area, you must identify the web servers and then map them.
web applications and the attack surface. Find the weaknesses and then
access. Once you have access, you will need to escalate privileges to obtain
access to the content of the flags.

Scope: 172.25.210.0/24, 192.168.210.0/24


172.25.210.1, 192.168.210.1, 10.1.210.0/24

• 7. Pivoting:

In this area, you should map the network, identify the multiple host machine,
obtain access and then pivot to the connected network. Once there, you will have to
map that network and gain access to obtain the content of the files.
Scope: 172.25.65.0/24, 192.168.65.0/24, 192.168.5.0/24
172.25.65.1, 192.168.65.1, 192.168.5.1, 10.1.65.0/24
• 8. Double Pivoting:

In this area, you will need to identify the multi-host machines, obtain
access and then pivot on each network that is connected. Gain access and then
increase privileges to gain access to the content of the flags.
Scope:172.25.25.0/24, 192.168.25.0/24, 192.168.35.0/24, 192.168.45.0/24
Exclusions:172.25.25.1, 192.168.25.1, 192.168.35.1, 192.168.45.1, 10.1.25.0/24

Rules and Guidelines

All CPENT Practice Range challenges have a predefined scope. Any


Users who attempt to attack other networks (out of range) will be excluded from the range
practice.
The same rule applies to all gateways, firewalls, and routers that it
they help stay connected with the CPENT Practice Range.
Attacking the machines with DoS or any type of malware is strictly prohibited.
The use of CPENT Practice Range machines or the virtual private network to start
Any type of fraudulent activity is considered a crime.
a. Unsolicited communications by email/messaging (or) or
b. Commercial or marketing activities (or)
It is strictly forbidden to fingerprint or hack the systems or networks of its
companions. Any activity of this type that comes to our attention will give
place to the cancellation of the user's credentials.
Make sure not to store any personal/confidential information in the
computer through which you are connecting to the network.
Do not make the solutions public.

You might also like