SEED LABs - Hands on Labs for Security Education

Hands-on Labs for Security Education

Started in 2002, funded by a total of 1.3 million dollars from NSF, and now used by hundreds of educational institutes worldwide, the SEED project's objective is to develop hands-on laboratory exercises (called SEED labs) for computer and information security education and help instructors adopt these labs in their curricula.

Software Security Labs

These labs cover some of the most common vulnerabilities in general software. The labs show students how attacks work in exploiting these vulnerabilities.

• Buffer-Overflow Vulnerability Lab Launching attack to exploit the buffer-overflow vulnerability using shellcode. Conducting experiments with several countermeasures.
• Return-to-libc Attack Lab Using the return-to-libc technique to defeat the "non-executable stack" countermeasure of the buffer-overflow attack.
• Environment Variable and Set-UID Lab This is a redesign of the Set-UID lab (see below).
• Set-UID Program Vulnerability Lab Launching attacks on privileged Set-UID root program. Risks of environment variables. Side effects of system().
• Race-Condition Vulnerability Lab Exploiting the race condition vulnerability in privileged program. Conducting experiments with various countermeasures.
• Format-String Vulnerability Lab Exploiting the format string vulnerability to crash a program, steal sensitive information, or modify critical data.
• Shellshock Attack Lab Launch attack to exploit the Shellshock vulnerability that is discovered in late 2014.

Network Security Labs

These labs cover topics on network security, ranging from attacks on TCP/IP and DNS to various network security technologies (Firewall, VPN, and IPSec).

• TCP/IP Attack Lab Launching attacks to exploit the vulnerabilities of the TCP/IP protocol, including session hijacking, SYN flooding, TCP reset attacks, etc.
• Heartbleed Attack Lab Using the heartbleed attack to steal secrets from a remote server.
• Local DNS Attack Lab Using several methods to conduct DNS pharming attacks on computers in a LAN environment.
• Remote DNS Attack Lab Using the Kaminsky method to launch DNS cache poisoning attacks on remote DNS servers.
• Packet Sniffing and Spoofing Lab Writing programs to sniff packets sent over the local network; writing programs to spoof various types of packets.
• Linux Firewall Exploration Lab Writing a simple packet-filter firewall; playing with Linux's built-in firewall software and web-proxy firewall; experimenting with ways to evade firewalls.
• Firewall-VPN Lab: Bypassing Firewalls using VPN Implement a simple vpn program (client/server), and use it to bypass firewalls.
• Virtual Private Network (VPN) Lab Design and implement a transport-layer VPN system for Linux, using the TUN/TAP technologies. This project requires at least a month of time to finish, so it is good for final project.
• Minix IPSec Lab Implement the IPSec protocol in the Minix operating system and use it to set up Virtual Private Networks.
• Minix Firewall Lab Implementing a simple firewall in Minix operating system.

Web Security Labs

These labs cover some of the most common vulnerabilities in web applications. The labs show students how attacks work in exploiting these vulnerabilities.

Elgg-Based Labs

Elgg is an open-source social-network system. We have modified it for our labs.

• Cross-Site Scripting Attack Lab Launching the cross-site scripting attack on a vulnerable web application. Conducting experiments with several countermeasures.
• Cross-Site Request Forgery Attack Lab Launching the cross-site request forgery attack on a vulnerable web application. Conducting experiments with several countermeasures.
• Web Tracking Lab Experimenting with the web tracking technology to see how users can be checked when they browse the web.
• SQL Injection Attack Lab Launching the SQL-injection attack on a vulnerable web application. Conducting experiments with several countermeasures.

Collabtive-Based Labs

Collabtive is an open-source web-based project management system. We have modified it for our labs.

• Cross-site Scripting Attack Lab Launching the cross-site scripting attack on a vulnerable web application. Conducting experiments with several countermeasures.
• Cross-site Request Forgery Attack Lab Launching the cross-site request forgery attack on a vulnerable web application. Conducting experiments with several countermeasures.
• SQL Injection Lab Launching the SQL-injection attack on a vulnerable web application. Conducting experiments with several countermeasures.
• Web Browser Access Control Lab Exploring browser's access control system to understand its security policies.

PhpBB-Based Labs

PhpBB is an open-source web-based message board system, allowing users to post messages. We have modified it for our labs.

• Cross-site Scripting Attack Lab Launching the cross-site scripting attack on a vulnerable web application. Conducting experiments with several countermeasures.
• Cross-site Request Forgery Attack Lab Launching the cross-site request forgery attack on a vulnerable web application. Conducting experiments with several countermeasures.
• SQL Injection Lab Launching the SQL-injection attack on a vulnerable web application. Conducting experiments with several countermeasures.
• ClickJacking Attack Lab Launching the ClickJacking attack on a vulnerable web site. Conducting experiments with several countermeasures.

System Security Labs

These labs cover the security mechanisms in operating system, mostly focusing on access control mechanisms in Linux.

• Linux Capability Exploration Lab Exploring the POSIX 1.e capability system in Linux to see how privileges can be divided into smaller pieces to ensure the compliance with the Least Privilege principle.
• Role-Based Access Control (RBAC) Lab Designing and implementing an integrated access control system for Minix that uses both capability-based and role-based access control mechanisms. Students need to modify the Minix kernel.
• Encrypted File System Lab Designing and implementing an encrypted file system for Minix. Students need to modify the Minix kernel.

Cryptography Labs

These labs cover three essential concepts in cryptography, including secrete-key encryption, one-way hash function, and public-key encryption and PKI.

• Secret Key Encryption Lab Exploring the secret-key encryption and its applications using OpenSSL.
• One-Way Hash Function Lab Exploring one-way hash function and its applications using OpenSSL.
• Public-Key Cryptography and PKI Lab Exploring public-key cryptography, digital signature, certificate, and PKI using OpenSSL.

Mobile Security Labs

These labs focus on the smartphone security, covering the most common vulnerabilities and attacks on mobile devices. An Android VM is provided for these labs.

• Android Repackaging Lab Insert malicious code inside an existing Android app, and repackage it.
• Android Device Rooting Lab Develop an OTA (Over-The-Air) package from scratch to root an Android device.

Pentester Lab

There is only one way to properly learn web penetration testing: by getting your hands dirty. We teach how to manually find and exploit vulnerabilities. You will understand the root cause of the problems and the methods that can be used to exploit them. Our exercises are based on common vulnerabilities found in different systems. The issues are not emulated. We provide you real systems with real vulnerabilities.

• From SQL Injection to Shell This exercise explains how you can, from a SQL injection, gain access to the administration console. Then in the administration console, how you can run commands on the system.
• From SQL Injection to Shell II This exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then in the administration console, how you can run commands on the system.
• From SQL Injection to Shell: PostgreSQL edition This exercise explains how you can from a SQL injection gain access to the administration console. Then in the administration console, how you can run commands on the system.
• Web for Pentester This exercise is a set of the most common web vulnerabilities.
• Web for Pentester II This exercise is a set of the most common web vulnerabilities.
• PHP Include And Post Exploitation This exercise describes the exploitation of a local file include with limited access. Once code execution is gained, you will see some post exploitation tricks.
• Linux Host Review This exercise explains how to perform a Linux host review, what and how you can check the configuration of a Linux server to ensure it is securely configured. The reviewed system is a traditional Linux-Apache-Mysql-PHP (LAMP) server used to host a blog.
• Electronic Code Book This exercise explains how you can tamper with an encrypted cookies to access another user's account.
• Rack Cookies and Commands injection After a short brute force introduction, this exercice explains the tampering of rack cookie and how you can even manage to modify a signed cookie (if the secret is trivial). Using this issue, you will be able to escalate your privileges and gain commands execution.
• Padding Oracle This course details the exploitation of a weakness in the authentication of a PHP website. The website uses Cipher Block Chaining (CBC) to encrypt information provided by users and use this information to ensure authentication. The application also leaks if the padding is valid when decrypting the information. We will see how this behavior can impact the authentication and how it can be exploited.
• XSS and MySQL FILE This exercise explains how you can use a Cross-Site Scripting vulnerability to get access to an administrator's cookies. Then how you can use his/her session to gain access to the administration to find a SQL injection and gain code execution using it.
• Axis2 Web service and Tomcat Manager This exercise explains the interactions between Tomcat and Apache, then it will show you how to call and attack an Axis2 Web service. Using information retrieved from this attack, you will be able to gain access to the Tomcat Manager and deploy a WebShell to gain commands execution.
• Play Session Injection This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism.
• Play XML Entities This exercise covers the exploitation of a XML entities in the Play framework.
• CVE-2007-1860: mod_jk double-decoding This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to unaccessible pages using crafted requests. This is a common trick that a lot of testers miss.
• CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability This exercise explains how you can exploit CVE-2008-1930 to gain access to the administration interface of a Wordpress installation.
• CVE-2012-1823: PHP CGI This exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution.
• CVE-2012-2661: ActiveRecord SQL injection This exercise explains how you can exploit CVE-2012-2661 to retrieve information from a database.
• CVE-2012-6081: MoinMoin code execution This exercise explains how you can exploit CVE-2012-6081 to gain code execution. This vulnerability was exploited to compromise Debian's wiki and Python documentation website.
• CVE-2014-6271/Shellshock This exercise covers the exploitation of a Bash vulnerability through a CGI.