Skip to content

Exercise Environment Catalog

Overview

This catalog describes exercise environments currently available in the exercise area. Each environment description includes a list of exercises that are available in the Virginia Cyber Range courseware repository that cover a range of beginner to intermediate topics including reconnaissance and scanning, web application penetration testing, cryptography, password auditing, buffer overflow attacks, forensics, server hardening, incident response, and more. To access these exercise documents, be sure to request an instructor account on our Sign Up Page (available only to faculty at Virginia high schools, community colleges, and universities). With an instructor account in the exercise area, faculty can test these exercises and deploy them to students in their courses.

Instructors should keep in mind virtual environments described below for each exercise can be used for homeworks and labs other than the provided exercise documents. For example, the Cyber Basics environment includes resources necessary for all of the Cyber Basics exercises listed, plus any other hands-on exercises the instructor creates for that environment.

Cyber Basics

This virtual environment is intended to be used for introductory to intermediate cybersecurity exercises and includes student access to a Kali Linux virtual machine that is in a subnet with a three other discoverable systems (described below). The environment can be used for network scans, web application vulnerability exploitation, basic penetration testing, as well as a variety of exercises that can be completed using a standalone Kali Linux system.

The Kali Linux VM has access to the Internet through a proxy that allows connections to standard web ports (HTTP and HTTPS). This allows students to access web pages from the virtual machine, as well as install packages on the virtual machine using the apt utility. Students can use sudo to execute commands as the root user.

The credentials for the Kali Linux virtual machine are (username/password): student/student.

Virtual Machine Descriptions

  1. Kali Linux Virtual Machine – This Linux distribution includes several tools for cybersecurity research and penetration testing. Users of this environment will have desktop access to this VM. User credentials (username/password) for his virtual machine are student/student.

  2. Vulnerable Web Server – This LAMP-based web server stack runs a vulnerable web service called DVWA and is intended to teach introductory web application penetration testing and web app security. To access this server from the Kali Linux computer, open a web browser in the Kali VM and enter this into the URL bar: http://dvwa. Credentials (username/password) for the vulnerable web application are admin/password.

  3. Samba Server – This Linux virtual machine is running Samba version 4.6.0, which is an outdated and vulnerable version of this service that can be exploited.

  4. File Server – This virtual machine is running vsftpd FTP service. While the service itself is not (intentionally) vulnerable, it allows anonymous login, some directory traversal by anonymous users, and there are accounts with weak passwords that can be exploited.

Corresponding Exercises

Click the links below to access exercise documents:

Additional Information

To the user, the Kali VM appears to exist in an x.x.x.x/20 network. To discover other systems in the environment, and the services running on each, the student can use the ipconfig command to determine their own IP address, then use nmap with their own IP with /20 appended to scan the subnet. An example is shown in the below image.


Introduction to Forensics (2020)

This virtual environment is intended to be used for introductory to intermediate hands-on digital forensics exercises. The environment is a stand-alone Ubuntu Linux virtual machine with a set of pre-installed tools for digital forensic investigations. Installed tools include Autopsy, Sleuthkit, Volatility, Regripper, Wireshark, and others. The login credentials for this virtual machine are student/student.

The only network access it has is to the Internet through a proxy that allows connections to standard web ports (HTTP and HTTPS). This allows students to access web pages from the virtual machine, as well as install packages on the virtual machine using the apt utility. Students can use sudo to execute commands as the root user.

Corresponding Exercises

This virtual machine includes digital forensic artifacts required to complete the following exercises from the Courseware Repository (click links to access exercise documents):


Windows Virtual Machine

This environment is a standalone windows virtual machine in its own virtual subnet. The only network access it has is to the Internet through a proxy that allows connections to standard web ports (HTTP and HTTPS). This allows students to access web pages from the virtual machine, as well as download and install software on the virtual machine. Students have administrator access when logged in.

Virtual Machine Description

Windows Server 2016 with Windows 10 experience – This Windows virtual machine feels and acts like a Windows 10 system so it will be familiar to students and faculty. User credentials (username/password) for this virtual machine are student/student.


Ubuntu Linux Virtual Machine

This environment is a standalone Ubuntu Linux virtual machine in its own virtual subnet. The only network access it has is to the Internet through a proxy that allows connections to standard web ports (HTTP and HTTPS). This allows students to access web pages from the virtual machine, as well as install packages on the virtual machine using the apt utility. Students can use sudo to execute commands as the root user.

Virtual Machine Description

Ubuntu Linux 16.04 – This Ubuntu virtual machine uses the lightweight xfce windowing interface instead of Gnome, but is otherwise a basic Ubuntu desktop instance. User credentials (username/password) for this virtual machine are student/student.


Kali Linux Virtual Machine

This environment is a standalone Kali Linux virtual machine in its own virtual subnet. The only network access it has is to the Internet through a proxy that allows connections to standard web ports (HTTP and HTTPS). This allows students to access web pages from the virtual machine, as well as install packages on the virtual machine using the apt utility. Students can use sudo to execute commands as the root user.

Virtual Machine Description

Kali Linux – This virtual machine uses the lightweight xfce windowing interface instead of Gnome, but is otherwise a basic Debian-based Kali desktop instance. User credentials (username/password) for this virtual machine are student/student.


Ubuntu with Snort and Other Tools (2019.1)

This virtual environment is a stand-alone Ubuntu Linux virtual machine in its own subnet. It includes software and artifacts to conduct exercises on password auditing, buffer overflow, firewall configuration, intrusion detection, and basic cryptography.

The user credentials (username/password) for this virtual machine are student/student.

Desktop View of Ubuntu

Corresponding Exercises

This virtual machine includes software and artifacts required to complete the following exercises from the Courseware Repository:


K12 Cyber Security Concepts Using Kali Linux

This virtual environment is intended to be used with the Introduction to Cybersecurity for High School Students and K12 Educators course. Using a Kali Linux virtual machine in this environment, students learn about various cyber security concepts through analysis of network traffic (PCAP files), CTF (Capture the Flag) style challenges, basic cryptography, web/HTML client side scripting and SQL injection exercises and more.

Virtual Environment Description

The Kali Linux Desktop VM has access to the Internet through a proxy that allows connections to standard web ports (HTTP and HTTPS). This allows students to access web pages from the virtual machine, as well as install packages on the virtual machine using the apt utility. Students can use sudo to execute commands as the root user.

This VM has been "seeded" with several flags and required files to complete assignments. A flag is usually a name of a file or data that students need to find as part of the assignment/assessment. Most of the homework assignments and assessments provide a "hands on" experience and are usually in the form of capture the flag.

User credentials (username/password) for this virtual machine are student/student.


Brigante

Brigante is a self-paced, hands-on exercise with multiple levels designed to familiarize beginners with the Linux user interface and terminal commands. It is based on OverTheWire.org's Bandit wargame. The game is presented as a series of increasingly difficult levels. Solving one level gives the user access to the next, and students will have to apply problem-solving skills as they make their way through the series of challenges. The game assumes the student can open a Linux terminal window to get to the command-line interface, but assumes little experience with Linux beyond that.

Students should log in to the Brigante environment with the credentials student/student. They should then open a web browser and browse to http://brigante.example.com for further instructions.

The Brigante game lists all available levels along the left side of the screen. Instructions for each level are present in the center of the screen.


Laboratory Exercise: Host Based Network Security Basics

Multi-VM exercise environment used for a Beginner Plus level introduction to Linux-based host network security.

Virtual Environment Description

The environment for this exercise includes two VMs, an Ubuntu Linux VM and a CentOS Linux VM. The students harden one of the servers using instructions provided and use the other VM to externally test security configurations.

Lab Exercise Part 1

This first of two labs describes the process by which students harden Linux servers using the iptables firewall and how to use the Linux apparmor utility to impose mandatory access control (MAC) rules to restrict user access to resources on the system. It also introduces students to the Linux netstat utility to get information about ports and protocols open on their systems. Finally, students test their various security settings using a second virtual machine in the same network subnet.

Lab Exercise Part 2

This second of two labs has students continue host hardening by locking down local services and daemons, and securely configuring operating system and filesystem access. Students will learn more about host-based firewall configuration, learn how to install and manage packages, and use the fail2ban utility to identify and ban external hosts demonstrating malicious behavior such as brute-force password-guessing attacks. Students will also securely configure smpt, ssh, and apache daemons.


Laboratory Exercise: Compromised Server Security and Lockdown

This Beginner Plus level, real world lab has students log into a worm-infected CentOS Linux server (ssh terminal only) and follow prescribed steps to secure, clean up and lock down the infected server. Students will use utilities such as chkconfig, service, ps, and kill to examine running services and shut down potentially malicious ones; netstat and nmap to identify rogue network services; iptables to properly configure the firewall; and, package management software such as rpm and yum to verify and repair system packages.

Virtual Environment Description

  • The environment for this exercise includes two CentOS VMs. The students harden one of the servers using instructions provided and use the other VM to externally test security configurations.