Home NICE Challenge 1
network down

NICE Challenge 1

Summary of Today’s Challenge

I began my work, on 16-Jan-2022, by accessing my security-desk, and remoting into web-dev via ssh to Immediately I made a backup of the docker container running wordpress with the following:

$ docker save wordpress -o ~/wp-backup.tar 

I then navigated into /etc/apache2/sites-enabled on the devweb server, and removed symlinks by removing osticket.conf with command:

$ sudo rm osticket.conf

Then I restarted apache2 by the following:

$ sudo /etc/init.d/apache2 restart

I was then able to access the wordpress admin panel at devweb.daswebs.com/wp-login. Once logged into the wordpress panel, I, was then able to update wordpress from 5.5.1 to 5.8.3 from the dashboard. Then I navigated to the plugins panel, and installed the Stop User Enumeration plugin.

At this point I moved onto setting up the pfsense firewall by navigating to, and removing the snort addon from system > package manager > installed packages. I then re-added the snort addon, and reinstalled the openvm tools.

After completing the above task I moved onto nessus ssh problems by connecting through ssh into the backup server located at Then I opened up the /etc/ssh/ssh_config and /etc/ssh/sshd_config and removed the weak encryption outlined in the nessus report. To get this working, I restarted the ssh services by using the following commands:

$ sudo systemctl ssh.service restart 

$ sudo systemctl sshd.service restart

Observing my pcap with wireshark showed a lot of traffic on the internal network with attention specific to port 22. I setup a snort rule in pfsense to alert about this activity as follows:

alert tcp $EXTERNAL_NET any -> $HOME_NET 22 (msg: “SSH Detected”; sid:10; rev:1;)

This did not work: mission critical

Each NICE Challenge has the following core elements: a narrative-driven scenario, a business environment (workspace), and a set of technical objectives and/or a written deliverable. Each of these elements is developed to immerse the player (student) in a real-world experience and create a valuable set of data allowing their curator (educator) to judge their readiness for the workforce.

About The NICE Challenge Project

This post is licensed under CC BY 4.0 by the author.