NGC | Catalog
CatalogContainersMintNV

MintNV

For copy image paths and more information, please view on a desktop device.
Logo for MintNV

Description

The MintNV AI/ML educational exercise is a vulnerable environment for security professionals to practice attacking Machine Learning applications. This environment will locally host a realistic website and server for the end user to compromise.

Publisher

NVIDIA

Latest Tag

v5

Modified

October 11, 2022

Compressed Size

2.35 GB

Multinode Support

No

Multi-Arch Support

No

v5 (Latest) Scan Results

Linux / amd64

Machine Author: Nathan Schwartz (NVIDIA)
Contributors: Will Pearce (Microsoft)

Usage

Warning:

  • This educational exercise is meant for training purposes only.
  • Ports 22 and 80 should only be exposed in a safe & controlled network.
  • Do not re-use any private keys or credentials found within the environment.
  • This environment is unpatched and vulnerable to various CVEs.
  • Do not expose ports on any internet-facing machine.

Instructions

Pull the container to your local machine.

docker pull nvcr.io/nvidia/product-security/mintnv:v5

Run the container, exposing ports 22 and 80. The environment can be accessed at 127.0.0.1

docker run -p 22:22 -p 80:80 -dt --rm --hostname mintnv.ctf nvcr.io/nvidia/product-security/mintnv:v5

You can ensure that the container is running with docker ps

You can connect from the container to your host machine at host.docker.internals

What is MintNV?

MintNV is a vulnerable environment that showcases how an adversary can bypass defensive Machine Learning (ML) mechanisms to compromise a host. It has the following features:

  • Built from a 16.04 Ubuntu docker container
  • Realistic website for the MintNV company
  • Defensive Machine Learning application running

Education

This educational exercise was created to give hands-on experience attacking ML applications. The user is expected to take on the role of an attacker to learn skills in the following areas:

Engagement Learning Objectives
Foothold Machine Learning, Web exploitation,
Chaining vulnerabilities, Enumeration
Privesc 1 Networking Protocols, Enumeration
Privesc 2 Administrative functions, Enumeration

Write-up / Walkthrough

You can access a guided learning document for MintNV from the environment itself.

  1. Start the environment (refer to Usage section)
  2. Navigate to http://127.0.0.1/writeup/MintNV-Writeup.zip
  3. Unzip the ZIP file with the password listed below

OffensiveMachineLearning2021

  1. Access the file MintNV-Writeup.pdf

Who should attempt this exercise?

MintNV is a bridge between AI/ML researchers and cybersecurity professionals throughout the ML landscape. It enables the offensive security community to practice adversarial ML techniques. While anyone may attempt it, the target audiences are:

  • Offensive Security Engineers
  • Machine Learning Researchers
  • Artificial Intelligence Researchers

We hope that this contribution to the community inspires more creations of this kind.

System Requirements

We recommend running the educational exercise in a safe environment without outside internet connection.

  • Any operating system that can run Docker
  • Any version of Docker 2.1 and above
  • A web browser (optional)
  • Port scanning tools such as nmap (optional)
  • Counterfit for attacking Machine Learning applications (optional)

Vulnerabilities & CVEs

MintNV is an unpatched environment. You can access a list of CVEs this environment is vulnerable to by following these steps:

  1. Start the environment (refer to Usage section)
  2. Navigate to http://127.0.0.1/writeup/vulnerability-scans.txt

License

MintNV

Copyright (c) 2021, NVIDIA CORPORATION. All rights reserved.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS," WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Author Notes

We really hope you all enjoy this educational exercise. We care a lot about education within the cybersecurity community, so making these is always a pleasure.

We encourage you to hack, reverse engineer, and explore anything you want within the environment. Learn something new and share it with someone you know.

If you have any questions, comments, or feedback please send an email to psirt@nvidia.com.