So this is the story:

The environment was made in a hurry and there are mistakes. A hacker by the
name of The 0ne has gotten in and left clues for other hackers. The Netstalkers security
team is very under staffed and hung over from the party last night and cannot defend. The
Attackers have gotten onto he DMZ with attack boxes and need to get into the secret
booty box, which has never been penetrated. All other boxes have ways in and can be
done apart from the front door.
DMZ Router
The 330 team will not really touch this router. It is only there to allow Internet access for
them and us.
Username: admin
Password: KeepOut330!
eth0: 192.168.5.34/24
eth1: 192.168.100.1/24
Internal Router
This router is setup to allow outside to inside routing. This forces them to add a route to
there Kali box to get in. Without that there would be no other way to get into the internal
network so I thought I would be nice. We are just pretending that we are bad at our jobs
on this one and set up the firewall wrong.
Username: admin
password: HopetheyArenotThisFar
eth0: 192.168.100.254/24
eth1: 172.16.25.1/24
Web Server
This box allows anon FTP as a way in. It also is set to allow anon users to upload files
and mkdir.
I also left the wiki website to allow anyone to edit it. I did this in the hopes to stall them
since I know they will want to play and deface it if they figure that out.
Username: webadmin
Password: NotGettingIn1127
eth0: 192.168.100.100
Website Admin Username: stalker
Website Admin Password: adminpassword

HoneyPot
This is just a Vuln XP box but it has a note in the desktop file. There is another note
hidden in this box giving them the address to the gateway needed to route through to get
into the internal network that was left by another hacker.
Username: Administrator
Password: P@ssW0rd
eth0: 192.168.100.55/24

Assessment Box (This will be turned off before we start)

This is just a Kali box for testing our stuff
eth0: 192.168.100.10/24
Username: root
Password: toor
Internal Admin Box
This is to give them some hope and another hint but there is nothing else in this box. The
password needs to be cracked via Hydra which should not take long if they figure that
out. Once in they will see a file called notes.txt letting them know that they need to keep
going.
Username: inadmin
Password: LockingITdown!!
Backdoor account
username: backdoor
password: password
eth0: 172.16.25.10/24

Secret Tunnel
This is a fun thing that I have done which I call a manual router. It does not route traffic
at all but you SSH into it to SSH into another box on another network that is isolated
ergo SECRET TUNNELLLLLLL. They will have to get into this and then find and ssh
into the next box to get the final loot. This is their last stop. The password is simple
enough that it should be in a dictionary somewhere and they may get in but there are no
notes or anything about getting to the booty box.
NEW STUFF: OK so I went a bit overboard with this one. Below are some screenshots
showing what I did. I thought of taking it out but it is just too fun. When you try to ssh (if
you do it at the right time) it will show the message below. If you know the password you
will get in but there is a script running that will kick you out and shutdown sshd for 30
seconds. See the script below the message. So with this new level of shenanigans I have
put the username and password hidden in the internal admin box.
Username:root
Password:YouArealmostthereHacker
(SSH) Username: remoteadmin
password: SmackDown
em0: 172.16.25.222
em1: 172.16.235.12

Booty Box
This box has the file we do NOT want them to get, there is nothing open besides on
account on ssh that can only be accesses via the secret tunnel with a rather long pass
phrase.
Username:root
password: LastStopbeforeHell?
(SSH) Username: remoteadmin
Password: YouWillneverGetarrBooty!!
em0: 172.16.235.197