2

I'm new to the INFOSEC scene and was intrigued by the concept of CTF challenges. I was hoping to get started with OverTheWire.org which requires you to SSH to their server to complete the challenges.

I am running Kali on a VMWare VM using bridged networking to my host device, which is on my home network.

Are there any security-related concerns I should take into account before using SSH?

schroeder
  • 125,553
  • 55
  • 289
  • 326

1 Answers1

2

OverTheWire is a very reputable site that has been used for war games/training for a long time. You don't have anything to worry about there.

As far as SSH goes, Kali does not by default run an SSH server, only the client. This means that you can make outbound connections, but a remote server cannot attach to your SSH session and send commands back. Just take caution and avoid trying to make a connection back to your machine for any reasons.

schroeder
  • 125,553
  • 55
  • 289
  • 326
Connor Peoples
  • 1,431
  • 6
  • 12
  • 1
    One minor addition to this otherwise great answer: There have indeed been cases where a malicious ssh server could attack and infect the connecting client (e.g. CVE-2005-0467). However you likely have nothing to fear from a widely trusted site like OTW. – manduca Jan 11 '19 at 05:37
  • 2
    While OTW may be trustworthy, don't put it past a board hacker to compromise the site. I don't think it's likely that anyone would do that and burn valuable 0days, but it's something that should always be kept in mind. After all, most sites with malicious code in them do not even know they are serving exploits! – forest Jan 11 '19 at 07:33