There are two actions that you must take in class today:
Rules on Offense
You may not modify another team's machine in any permanent fashion with two exceptions. The first is if your compromise technique itself requires such modification then you may do so. The second is that you may also change the root password on a compromised machine.
You may try any type of ruse (including social engineering) to get another team to reveal information.
At no time may you physically touch any other computing or networking equipment in the room other than your assigned machine. Don't plug CDs or USB memory sticks into other folks' machines. Don't rewire the room.
DO NOT ATTEMPT ANY ATTACKS ON MACHINES OUTSIDE THE LAB, AND OF THOSE IN THE LAB, ONLY THOSE USING IP NUMBERS IN THE RANGE 192.168.10.10 -> 192.168.10.200.
DO NOT USE ARP ATTACKS. It's too disruptive.
Rules on Defense
You must leave your real and virtual machines up and running, and able to connect to the Internet. You may not change IP numbers or MAC addresses on your required real and virtual machines; if you create other virtual machines, you may use any of the three additional IP numbers assigned to you (though using VirtualBox's internal NAT is probably a better course.)
You may turn off all outward facing services except those we configured for class. Once we have enabled a service, however, you should leave it running for the semester unless I ask you to turn it off. In particular, you must leave sshd on port 366 with no firewall blocking it.
Be aware of social engineering. It has been the single most effective technique for this security exercise. While a number of technical compromises have been successful (particularly attacks against LAMP servers), spear phishing alone has been far more effective.
Penalty for no/incorrect/inaccessible flag: Each time that your flag is found to be inaccessible on either of your machines, 1 point will be deducted from your final grade, up to 1 point per day.
A journal is due for this assignment. Make sure that you document in your journal all of the steps that you went through, following the guidelines on the class home page. Please turn in a printed copy of this assignment by exam time on Friday, December 14. Note that the final day of class is December 6; I will accept journals at that time, and I will be in my office all morning on December 14 so you can drop off journals at that time also.