$$
\text {An iCSI CTF (RED26)}
$$
Setup:
- The VM needed for this challenge can be downloaded here.
- You’ll need Kali Linux.
- You’ll need a separate Ubuntu machine you control for demonstration purposes in the first part of the lab.
First Steps:
-
You will not have the login credentials to the machine.
-
Before you power it on, go to the machine settings and give the network adapter a custom MAC address.
- This way you will be able to locate it with the arp-scan utility within Kali.
- Don’t use the MAC address I have below. Everyone in the class needs something different.
- Manually randomize the MAC Address you give your machine!

Once you have started the CTF machine, launch a root shell in Kali and do the following:
- use the
*arp-scan* utility to scan the entire subnet and report back on MAC addresses that are present.
- Your Kali Linux machine must be on the same subnet as the CTF machine.
- Use
grep to filter for the MAC address that you gave the CTF Machine.
- NOTE: I only grep for the OUI of the MAC address. You should grep for the entire MAC Address!
- Use all 6 Hex characters in your grep

Start with an Nmap:
- It will turn up a web server on port 80 this time

This time we have a customer support portal with the options to:
- Log in
- Register an account
- Create a support requests