Course Capstone: RisottoCorp Engagement Choose Your Own (Pwn) Adventure

Note: This is the capstone for the Responsible Red Teaming course available on the Taggart Institute. It is not required to complete the course before attempting this capstone, though it is recommended.

The Taggart Institute: Master Your Craft

Great hackers are good people. Many courses on red teaming will teach you the technical process of how to exploit targets. But seldom do courses cover what it means to carry out the role of a red teamer responsibly.

taggartinstitute.org

Welcome to the Responsible Red Teaming course capstone!

Today, you’ll assume the role of a red team operator during a live engagement. You’ll also read along with this Choose Your Own (Pwn) Adventure style narrative while you perform a hands-on technical engagement against a vulnerable virtual machine.

At each phase of the engagement, you’ll have to make decisions about how to complete the engagement in a safe, responsible manner. Each decision may impact the success of the engagement, so choose carefully!

Setup

To perform the capstone, you’ll need:

• rrt-kali
• risotto-dmz: the vulnerable virtual machine for this capstone
• the ability to provision a cloud Ubuntu server host.

Please download and use VirtualBox, VMware Workstation, or a different hypervisor to provision the vulnerable virtual machine. The VM is located at the course share:

risotto-dmz-prod-v1.ova

drive.google.com

When the vulnerable VM is done provisioning, check to see if it has an IP address via DHCP. If not, log into the VM with the credentials risottoadmin:MYpassword123!and set an IP address statically or dynamically. Feel free to use any method of setting an IP address that you wish.

Note: I recommend using nmtui and adding one statically if DHCP is failing.

Once the vulnerable virtual machine is provisioned, add the VM’s IP address to the /etc/hosts file on rrt-kali and call it dmz.risottocorp.lan.

When the host has fully provisioned, you should be able to Nmap scan it from rrt-kali with a basic nmap scan (nmap dmz.risottocorp.lan) and see four open ports.

How It Works

In this capstone, you’ll do two things. You’ll read the narrative for the engagement and make choices on how to progress through the narrative (the Choose Your Own Adventure portion) and you’ll perform some of the technical exploitation steps on the virtual machine itself.

The vulnerable VM used in this capstone will be provisioned in the safety of your home network, but imagine that this is a host that you found live on the open internet. For the duration of the capstone, treat the vulnerable VM like it is in the target network and treat the rrt-kalimachine like it’s in your red team’s physical on-premise location.

This means that you can access the services of the vulnerable VM by its DNS record (dmz.risottocorp.lan) but the target server will not know the rrt-kali host’s IP address.

When you see a callout block with the target symbol (🎯), that indicates that there is a technical task to perform on the target host. This could be scanning, exploitation, persistence, or something else! The callout blocks will include general instructions for what to do and will look like this:

Ready?

When the vulnerable host is provisioned and you are ready, click the link below to begin! Good luck!

Responsible Red Teaming Capstone: Choose Your Own (Pwn) Adventure

Note: this is the course capstone for Responsible Red Teaming, which is available at The Taggart Institute for free! If you have not taken that course, I strongly recommend it. But it is not required to do this challenge.

notes.huskyhacks.dev