Tool Usage
Our most popular ranges, ShadowBank and Shred, do not require the use of ANY downloaded hacking tools. Everything on those two sites can be solved without the use of any tools except for the browser itself.
Some more advanced ranges will require the use of an external tool to complete all the challenges. The usage and download of these tools must be permitted by your organization. Please check your company policy to determine whether you may download a tool. The only tool that web ranges may need is an intercepting proxy such as Burp. Burp has a free community version that can be downloaded here. The only tool that cloud ranges may need is an SSH client. Modern operating systems come preinstalled with a native SSH client that can be accessed through the terminal - do some research to learn more about your OS. Though the tool may already be present on your machine, to access range resources via SSH, you will still need permission from your organization. Please check your company’s policy before downloading or installing any tools.
Below is a complete list of ranges that require tools to complete some challenges:
|
Range |
Tool(s) required |
|
Gold Standard |
Intercepting proxy (e.g. Burp) |
|
LetSee |
Intercepting proxy (e.g. Burp) |
|
InstaFriends |
Intercepting proxy (e.g. Burp) |
|
DigiExchange |
Intercepting proxy (e.g. Burp) |
|
Forescient |
SSH client |
|
Infinicrate |
SSH client |
|
MailJay |
SSH client |
While the community version of Burp, linked above, is limited in functionality, it is perfect for our use case. If you are playing a range that requires Burp, please have it installed before the beginning of your event. Below are some helpful videos to help you setup and configure Burp, and get an overview of the features you will need to use:
Comments
0 comments
Article is closed for comments.