Video Tutorial:
- Credentials to Sandbox Client (Virtual Machine)
- User ID: admin
- Password: 123
Are you enrolled in a course that is using the Florida CyberHub CTF? If so, please see the directions below.
All of the exercises can be accessed by clicking the following link: https://ctf.floridacyberhub.org/ You must create an account before viewing any exercises. Click on the “Register” button on the top right side of the screen to get started.
Joining Unofficial Team
If joining a team, provide Team Name and Team Password in the provided boxes.
Creating Unofficial Team
If creating a team, provide Team Name and Team Password in the provided boxes.
NOTE: After creating your team, share the team name and password with your teammates so they can join your team.
Once you successfully register and log in, you will see a list of challenges with varying difficulties and types.
Challenge Types
There are three types of challenges in this CTF. The offensive challenges will require you to go into your Virtual Machine to attack a web server and obtain a flag.
The problem-solving challenges will generally require you to analyze a file or an image. For this kind of challenge, you do not need to attack any machines; however, you might need to utilize certain tools.
The last type of challenge is Trivia. You will have 1 attempt to answer the trivia questions, which are categorized by different topics. All of these questions are multiple-choice.
Using Lab Broker
If you need help accessing your Lab Broker, please view Immersion (Lab Broker). Once you are ready to start the CTF exercise, you will have to log in to the Kali VM within your Lab Broker. Kali Linux will be the operating system used to stage all attacks against the Web Server, so it should be the only one that you will directly connect to.
Click on 'Allocate Lab' as this will set the lab machines to be set aside for your use. After, click 'Start Nodes' so that the allocated labs begin to run.
NOTE: Remote Desktop Connection Error
If you have been away from your environment and VMs, make sure to click 'Start Nodes' before accessing your course VMs, as this will get the machines out of sleep mode.
1) In your Lab Broker window, right-click and select reload. This will refresh the Lab Broker page.
2) Check for the active Start button, please select it. (This will bring your machine out of sleep state.)
3) Give the VM a few minutes to start up. Try reconnecting.
CTF: OWASP Juice Shop Web Server
The majority of the CTF exercises are hosted within a web server. In order to find the right website to launch your attacks, you will need the PGWEBAPP IP address. This can be found by clicking the Proving Grounds Nodes within your Lab Broker. The IP will be listed next to the PGWEBAPP virtual machine.
Once you have that IP address, you can navigate to the website hosted on the web server’s port 3000. For instance, if your PGWEBAPP’s IP address is 172.22.21.158, you would use the browser from the Kali Linux virtual machine to navigate to OWASP Juice Shop by typing '172.22.21.158:3000' in the address bar.
NOTE: After clicking 'Start Nodes', allow an additional minute or two before attempting to connect to OWASP Juice Shop Server, as your virtual machines may not be fully running yet.
Kali Linux Credentials:
Username: student
Password: $tud3nt!
Proving Grounds: Linux Tutorial
NOTE: SSH connection takes place only from the PGKali virtual machine to the desired virtual machine.
If you have been assigned to solve the Proving Grounds part of the CTF, you will have to SSH into the PGUbuntu Linux machine from your Kali Linux machine. The credentials for this machine are:
Username: student
Password: $tud3nt!
To begin, you will need to know the IP address of “PGUbuntu” as shown in the screenshot. The IP addresses of the virtual machines will be listed to the right of the machine's name.
Once you have located your specific IP address, open a terminal window, and run the following command:
ssh [ip address] -l [username]
[ip address] is the PGUbuntu Linux IP.
[username] is the username of the PGUbuntu, which is listed above.