My son (Alex) is 16 years old (at the time of writing this). He has told me he wants to have a career as a pen tester. In the hope of encouraging him I have given him the following challenge. I have a linux server in my basement, it’s running Ubuntu 20.4. Alex has to get access to the server and create a personal account on the box. If he can do so, I’ll give him $100. The server in question is just an old dell desktop computer. I haven’t added anything special to it security wise. The server has limited access to the outside internet.
Update 1: He’s decided on a network scan to find the server and then attempt to login to it. He’s found the following ports open 80, 443, 22, 139 and 445.
Update 2: He wouldn’t tell me what he tried but whatever it was took down the box. I rebooted and everything was fine.
Update 3: He was able to get a list of users and smb shares using a tool on Kali Linux. He’s decided to try using my friend Liz’s account.