Skip to main content
To KTH's start page To KTH's start page

Course information

The overall objective of the course Ethical Hacking 7,5 hp is to capture as many flags, as quickly as possible.

Project

A mock corporate network has been rigged in a virtual environment. On various places in this network, flags (jpeg images) are placed. The overall objective is to capture as many flags, as quickly as possible. There are around a dozen flags to be captured. To complete the attack, students are free to use their imagination and tools available on the Internet. In the provided reading material, participants are introduced to specific network and vulnerability scanning tools, platforms for development of exploits, for remote control of computers, for password cracking, and so on. Nonetheless, participants are eventually free to choose methods and tools of their own.

Starting Point

At the start of the course, students obtain VPN credentials to connect to a local area network.

Objective: Capture the Flags

The objective of the mission is to compromise the system as fully as possible. In order to prove that they were able to hack hosts, participants need to collect and submit flags. 

Tools

Kali Linux is suggested as a penetration testing platform. However, it remains the participants’ choice to decide which tools suit them best. 

Hints

As time progresses, students will receive hints that facilitate the exploitation of the network. For students who fail to solve a task independently within a reasonable time frame, teachers may hold webinars or offer screen casts.

Infrastructure

The virtual network you will interact with is hosted by Google Cloud. The most important difference between this environment and a physical network, for the point of view of this course, is that OSI layer 2 is missing. Thus, ARP spoofing and other techniques based on Layer 2 won't work. As in the case of a real corporate network, things might change in the network independent of the hacker. Notably, systems may be restored to their unhacked state at any time. Therefore, it is important to be able to repeat your hacks; thus, record your methods after successful exploitation.

The Zen of Hacking

Some advice on how to approach the challenges you will face in this course: Hacking is not user-friendly. On the contrary, you will be walking not only unpaved roads, but roads with intentional roadblocks. Exploits typically do not work on the first attempt, and even when they work, they are often unstable. You may experience significant frustration when your hack fails to execute as intended, and more frustration when the cause turns out to be trivial, such as a typo. The process of trial, error, analysis and correction is, however, very often excellent grounds for learning. So take the opportunity to learn. When things don't work, learn about the underlying technology as well as the tools and methods that may help you better understand the problem.