Video Tutorial:
Credentials to access PGKali Virtual Machine
Username: student
Password: $tud3nt!
Credentials to access PGUbuntu through SSH
Username: student
Password: $tud3nt!
Credentials to access Metasploitable Linux through SSH
Username: vagrant
Password: vagrant
Note: SSH connection takes place only from the PGKali virtual machine to the desired virtual machine.
Are you enrolled in a course that is using the Florida CyberHub CTF? If so, please see the directions below.
All of the exercises can be accessed by clicking the following link: https://ctf.floridacyberhub.org/. You must create an account before viewing any exercises. Click on the “Register” button on the top right side of the screen to get started.
Joining Unofficial Team
If joining a team, provide Team Name and Team Password in the provided boxes.
Creating Unofficial Team
If creating a team, provide Team Name and Team Password in the provided boxes.
NOTE: After creating your team, share the team name and password with your teammates so they can join your team.
Once you successfully register and log in, you will see a list of challenges with varying difficulties and types.
Challenge Types
There are three types of challenges in this CTF. The offensive challenges will require you to go into your Virtual Machine to attack a web server and obtain a flag.
The problem-solving challenges will generally require you to analyze a file or an image. For this kind of challenge, you do not need to attack any machines; however, you might need to utilize certain tools.
The last type of challenge is Trivia. You will have 1 attempt to answer the trivia questions, which are categorized by different topics. All of these questions are multiple-choice.
Using Lab Broker
If you need help accessing your Lab Broker, please view Immersion (Lab Broker). Once you are ready to start the CTF exercise, you will have to log in to the Kali VM within your Lab Broker. Kali Linux will be the operating system used to stage all attacks against the Web Server, so it should be the only one that you will directly connect to.
Click on 'Allocate Lab' as this will set the lab machines to be set aside for your use. After, click 'Start Nodes' so that the allocated labs begin to run.
CTF: OWASP Juice Shop Web Server
The majority of the CTF exercises are hosted within a web server. In order to find the right website to launch your attacks, you will need the PGWEBAPP IP address. This can be found by clicking the Proving Grounds Nodes within your Lab Broker. The IP will be listed next to the PGWEBAPP virtual machine.
Once you have that IP address, you can navigate to the website hosted on the web server’s port 3000. For instance, if your PGWEBAPP’s IP address is 172.22.21.158, you would use the browser from the Kali Linux virtual machine to navigate to OWASP Juice Shop by typing '172.22.21.158:3000' in the address bar.
Kali Linux Credentials:
Username: student
Password: $tud3nt!
Proving Grounds: Linux Tutorial
If you have been assigned to solve the Proving Grounds part of the CTF, you will have to SSH into the PGUbuntu Linux machine from your Kali Linux machine. The credentials for this machine are:
Username: student
Password: $tud3nt!
To begin, you will need to know the IP address of “PGUbuntu” as shown in the screenshot. The IP addresses of the virtual machines will be listed to the right of the machine's name.
Once you have located your specific IP address, open a terminal window, and run the following command:
ssh [ip address] -l [username]
[ip address] is the PGUbuntu Linux IP.
[username] is the username of the PGUbuntu, which is listed above.
