Hacking competition?

[Sidoh]

I got openvpn working at some point (I think over last spring break or something?), but I wouldn't be helpful other than to tell you it's pretty well documented.

[iago]

Heh, thanks. It looked pretty easy from a quick look at the manpage. I'll just have to send people .conf files that point to my private network.

[iago]

For what it's worth, I haven't forgotten about this. I'm hopefully going to have the hardware I need in the next little while.

[Tuberload]

Incidentally, I'm well aware that nobody doing this will be experts (or even amateurs), so I'll post a list of tools and some basic theories at the outset.

Could you post the list of tools and basic theories now? That way I can begin allocating my free time for research purposes.

[iago]

Incidentally, I'm well aware that nobody doing this will be experts (or even amateurs), so I'll post a list of tools and some basic theories at the outset.

Could you post the list of tools and basic theories now? That way I can begin allocating my free time for research purposes.

Hmm, I can't list too much without giving away a lot (I have a pdf I can send that is basically a guide, but it's also basically a walkthrough ). I'll list some stuff, though!

My favourite tools (and the ones you need for this) are:
* Nmap
* Metasploit
* sqlmap
* rainbowcrack (rcrack) -- you only need the 'alpha' tables, which are <1gb, not anything else. I think l0pht puts out a live cd for cracking passwords, too

The theories:
* Port scanning
* Network discovery
* Web vulnerabilities (sql injection, path traversal, cross-site scripting [not required, but good to know], local/remote file include)
* Exploits (metasploit -> how to use the exploits, different payloads [meterpreter])
* Password cracking (w/ rainbow tables)
* Pass-the-hash (w/ metasploit)

That should put you in a good position.

I'm thinking I should do a basic one first to get people going, give out a prize for that one, post the theories used, then do my full contest. Thoughts on that?

[Camel]

I was talking with my boss about this thread today. He says you need to get laid, iago.

[iago]

I don't really understand what you mean.

Keep in mind that this is my job. I use this type of demo to teach people how to hack and to demonstrate to programmers/management what hackers do. That's my job, and I love doing it, people appreciate learning it, and I get paid decently for my skills.

The fact that I'm planning to share some of the work I've done with the community doesn't really change anything.

[abc]

sounds fun to me!

[Camel]

I find it pretty interesting too. I think he doesn't approve of nerding during free time.

[iago]

I find it pretty interesting too. I think he doesn't approve of nerding during free time.

I do a lot (in fact, most) of it at work. I use it to train new students, and I use it in presentation to our departments.

I do a ton of work in my free time, though, too. Like, I'm one of the top Nmap contributors right now, and have been for awhile. Speaking of which...

Tuberload: When you look things up, make sure you learn how to use the Nmap Scripting Engine (NSE), especially the scripts written by the guy named "Ron". They're awesome.

[Tuberload]

Tuberload: When you look things up, make sure you learn how to use the Nmap Scripting Engine (NSE), especially the scripts written by the guy named "Ron". They're awesome.

I'm setting my printer up now so I can start printing educational material.

[Camel]

Paper kills trees, you savage.

[Tuberload]

I do what I can.

[AntiVirus]

This does sound really interesting.  I would love to try and give it a shot, but I don't think I have time. : (

[Towelie]

doing this on a DoD network... I might pass.