You can ignore the following backstory, but I added it for dramatic effect.

I'm currently wrapping up  Computer Forensics course here at school. Sadly we got stuck with a first year professor who doesnt know half of what she is talking about. She claims to have worked for a Fortune 50 company doing their network security, but her knowledge level is laughable for the job she used to have held. Students will commonly correct her on the basic facts about subjects, its almost offensive to my education. There are very few intelligent people in this class, its considered an easy minor, no wonder with professors like this, and a lot of Criminal Justice students latch onto it as well.

All of this being said,I've learned next to nothing from these Computer Forensics courses with her after a full year. So to cap off my year she decides to announce a live "computer hacking" competition of sorts. The major problem with this competition is the fact that there has never been any sort of lesson on network penetration or computer hacking in the general sense. The closest we got was a card trick that somehow simulated password cracking. All we know about the competition is the class will be split in 2 groups, one on defense and the other on offense.  I have no doubt there are only two people on the opposing team who could be potential threats but I am pretty confident I know more in this area.

This type of work is what I'd like to do for a career so I'm making this assignment into a test of sorts for myself. ONCE AGAIN KEEP IN MIND WE HAVE BEEN TAUGHT ABSOLUTELY NOTHING INVOLVING NETWORK SECURITY OR PENETRATION TESTING. Everything here is stuff that I've either been taught, picked up over the years or have convinced myself to believe is true. Pick it apart, whats good, whats bad, whats flat out wrong.

The Setting:

PC's that barely boot.
Windows XP Service Pack 3
Every machine was built using the same image, they all have very little added aside from some shithead forensic tools we've never used
We're on our own network of about 15 machines

The following are the software I plan on putting to use and my strategy for both defending and attacking.

Defense:

Software:

Firewall - Really have no idea here, havent used anything that was a specific "firewall" since ZoneAlarm back in 2006, would really be interested to hear some recommendations for a firewall.

Anti-Virus - Microsoft Security Essentials, these PC's are pieces of shit and need all the resources they can hold on to and I've always liked this software.

Miscelaneous:

Get all machines patched up to date, uninstall all unnecessary programs, shit like Adobe Reader/Flash, MSOffice, etc. Remove all Administrator accounts, basically try to leave as few things they could attack as possible. Generate a strong Windows password, wont do much for physical security but I assume it'd help network-wise. Lame as it is, BIOS passwords on all our machines, theyre padlocked so the jumpers cant be pulled.


Offense:

I cannot stress enough how little I formally know about this type of stuff, so please help me better myself. I think of it as a simple 4-part attack attempt

1. Port Scan, identify the targets and recognize their open ports
2. Vulnerability Scan, scan the target IP's and discover known vulnerabilities the machines currently have.
3. Attack, use Metasploit to exploit the vulnerability and gain access to the users system.
4. Keep control, installing a backdoor to keep control of the system

Software:

nmap - Read a few books on the tool so I know a decent amount of what I'm doing with it, couldnt think of a better portscanner

Nessus - vulnerability scanner, again the most revered in its category I figured I couldnt go wrong, know little about the software though

Metasploit - I've been looking for a decent introduction to Metasploit for a long time but havent had much luck. I've messed with it a little bit but would definitely like a thorough introduction from the start. I know Metasploit is even considered to be script kiddy-esque but I'm not sure of a better starting point.

BACKUP PLAN:

I will have unmonitored access to this lab for hours at a time, and I highly doubt the other students would consider physical security of their machines or take advantage of us in the same way.  I had considered placing trojans on the PC's and adding them to the "Ignored" section of the Anti-Virus, along with simply adding another Administrator account and giving it remote desktop access. I'd rather have this as a back up plan because of how lame it is, but if times get tough this I will resort to 10th grade tactics.


I'm basically wondering if this is an accurate strategy to be going into this type of thing with? Having you offer constructive criticism are things I'm looking for so please do. Have another place you visit where I could post this story and get some knowledgeable feedback, send that my way too.

Will you be able to bring in a laptop/netboot in and plug it into the network?  If so you could pre-build it with backtrack and get everything updated to give you the best chance.

Ref the av software, the microsoft security essentials is poor to say the least.  How long is the lab to run for as you could get one of the better Internet Security packages and run it on a trial version for about 10-20 days.  Would give you better AV and firewall?  Try steer clear of McAfee, Nortons and BitDefender as they can all be a bit resource hungry.

Re the metasploit, check some of the videos on security tube and see if you can get hold of any of the hacking books that get a good review on here.

Maybe I missed it, but what books were you using in your class?

Not the feeling I'm left with. First year teacher. She's still learning how to teach.

I had more than one class in college, where I was the guy that showed up to class, sat in the back of the class and slept during lecture, get up during break get coffee and then surf the web during lab time. Some of the easiest A's I ever got.

So don't underestimate your opponents. Some of them may be "sleepers" there for the easy A.



I think you might want to open that one up and scan through it. See if there is anything in it you can use.

I may be teaching a 2000 level ethical hacking course at a community college this fall and my biggest fear is that I get a Sil.

bwahahahahaha!  <evil grin> 

Sil, some how I expect your social engineering attempts to work better than his.

<grin>  Funny, I did ALMOST the same thing, a few years ago, ring and all.  But in my case, wife didn't try to hide it. 

BTW, if sil's wife is anything like mine, he got eyes rolled at him, as soon as he tipped his hand to her, though.  It's amazing how our wives put up with so much from us, but more amazing how much they're willing to dish out, in return, sometimes...  I can only imagine the following day or two...

And I agree with the kids thing, too.  While mine hasn't, yet, been the Xbox live password, they try, hard, to get other passwords from me, all the time, through careful 'manipulation.'  Fortunately, they just never figure out how mom and dad KNOW what they're up to.