Author Topic: Hacking competition? (Read 14592 times)

iago · « **on:** January 13, 2009, 06:22:45 PM »

I spent the last week or so putting together a vulnerable network for a presentation/demo I'm doing next week. When I'm done, I was thinking of fixing up the demo a bit, making it a bit more interesting/challenging, then giving people access and seeing who can get to the end first.

Naturally, there'd be a prize for the person who got through it first.

If you'd be interested in doing it, post here (and get others to, as well

). If at least 3-4 people are interested, I'll set it up.

It isn't insanely difficult, but it'd be an interesting challenge and requires the use of a few different tools.

Blaze · « **Reply #1 on:** January 13, 2009, 07:21:59 PM »

Sure!

iago · « **Reply #2 on:** January 13, 2009, 07:29:20 PM »

Incidentally, I'm well aware that nobody doing this will be experts (or even amateurs), so I'll post a list of tools and some basic theories at the outset.

Quik · « **Reply #3 on:** January 13, 2009, 07:34:17 PM »

Maybe.. might be interesting.

Krazed · « **Reply #4 on:** January 13, 2009, 07:49:43 PM »

I'd definitely be interested to learn something.

iago · « **Reply #5 on:** January 13, 2009, 08:36:34 PM »

So at least 4 people have shown some kind of interest (3 here + one more on AIM), so I'll definitely set this up. Don't expect it to be right away, though, but hopefully it'll be in the next couple months.

Newby · « **Reply #6 on:** January 13, 2009, 09:07:10 PM »

If I get time, I'll do it for the learning experience.

Hdx · « **Reply #7 on:** January 14, 2009, 08:57:30 PM »

I must ditto everyone else's reponses. I'd be more then happy to take a swing at it to learn some new stuff.
As all of you know i'm not 'deh ubber 1337 haxorz'

rabbit · « **Reply #8 on:** January 15, 2009, 08:44:12 AM »

Same as everyone else

Dale · « **Reply #9 on:** January 16, 2009, 02:41:31 PM »

I'm definitely interested!

mynameistmp · « **Reply #10 on:** February 05, 2009, 10:29:21 PM »

Is this idea dead?

Hitmen · « **Reply #11 on:** February 05, 2009, 11:21:39 PM »

Quote from: mynameistmp on February 05, 2009, 10:29:21 PM

Is this idea dead?

Quote from: iago on January 13, 2009, 08:36:34 PM

So at least 4 people have shown some kind of interest (3 here + one more on AIM), so I'll definitely set this up. Don't expect it to be right away, though, but hopefully it'll be in the next couple months.

iago is slow like that

Blaze · « **Reply #12 on:** February 06, 2009, 02:49:33 AM »

He did figure out what the prize is, though!

iago · « **Reply #13 on:** February 06, 2009, 02:58:44 AM »

Haha, it's not at all dead. I'll even go so far as to promise I'll set it up, eventually.

The presentation I was going to do got bumped due to the fact that I couldn't stop throwing up the day I was supposed to do it (damn flu!), so I'm not doing it till the 18th.

But here's the thing -- I'm moving before the end of April, at which point I'll be on a new connection on a new ISP. I'm also considering picking up some new hardware, so I could even dedicate the old server to this contest. Whatever the case, that stuff isn't going to happen till May.

I also need to learn how to use OpenVPN, so people participating can connect directly to my network and not get pwned by ISPs that do filtering. If anybody knows how already, let me know.

And yes, I've chosen a prize for the contest.

Ribose · « **Reply #14 on:** February 06, 2009, 04:28:47 PM »

This would be interesting...

Sidoh · « **Reply #15 on:** February 08, 2009, 12:21:55 AM »

I got openvpn working at some point (I think over last spring break or something?), but I wouldn't be helpful other than to tell you it's pretty well documented.

iago · « **Reply #16 on:** February 08, 2009, 03:13:01 AM »

Heh, thanks. It looked pretty easy from a quick look at the manpage. I'll just have to send people .conf files that point to my private network.

iago · « **Reply #17 on:** September 22, 2009, 02:19:02 PM »

For what it's worth, I haven't forgotten about this. I'm hopefully going to have the hardware I need in the next little while.

Tuberload · « **Reply #18 on:** September 23, 2009, 06:00:05 PM »

Quote from: iago on January 13, 2009, 07:29:20 PM

Incidentally, I'm well aware that nobody doing this will be experts (or even amateurs), so I'll post a list of tools and some basic theories at the outset.

Could you post the list of tools and basic theories now? That way I can begin allocating my free time for research purposes.

iago · « **Reply #19 on:** September 23, 2009, 06:10:12 PM »

Quote from: Tuberload on September 23, 2009, 06:00:05 PM

Quote from: iago on January 13, 2009, 07:29:20 PM
Incidentally, I'm well aware that nobody doing this will be experts (or even amateurs), so I'll post a list of tools and some basic theories at the outset.

Could you post the list of tools and basic theories now? That way I can begin allocating my free time for research purposes.

Hmm, I can't list too much without giving away a lot (I have a pdf I can send that is basically a guide, but it's also basically a walkthrough

). I'll list some stuff, though!

My favourite tools (and the ones you need for this) are:
* Nmap
* Metasploit
* sqlmap
* rainbowcrack (rcrack) -- you only need the 'alpha' tables, which are <1gb, not anything else. I think l0pht puts out a live cd for cracking passwords, too

The theories:
* Port scanning
* Network discovery
* Web vulnerabilities (sql injection, path traversal, cross-site scripting [not required, but good to know], local/remote file include)
* Exploits (metasploit -> how to use the exploits, different payloads [meterpreter])
* Password cracking (w/ rainbow tables)
* Pass-the-hash (w/ metasploit)

That should put you in a good position.

I'm thinking I should do a basic one first to get people going, give out a prize for that one, post the theories used, then do my full contest. Thoughts on that?

Camel · « **Reply #20 on:** September 23, 2009, 07:36:51 PM »

I was talking with my boss about this thread today. He says you need to get laid, iago.

iago · « **Reply #21 on:** September 23, 2009, 10:28:34 PM »

I don't really understand what you mean.

Keep in mind that this is my job. I use this type of demo to teach people how to hack and to demonstrate to programmers/management what hackers do. That's my job, and I love doing it, people appreciate learning it, and I get paid decently for my skills.

The fact that I'm planning to share some of the work I've done with the community doesn't really change anything.

Dale · « **Reply #22 on:** September 24, 2009, 12:07:30 AM »

sounds fun to me!

Camel · « **Reply #23 on:** September 24, 2009, 03:34:53 AM »

I find it pretty interesting too. I think he doesn't approve of nerding during free time.

iago · « **Reply #24 on:** September 24, 2009, 08:40:04 AM »

Quote from: Camel on September 24, 2009, 03:34:53 AM

I find it pretty interesting too. I think he doesn't approve of nerding during free time.

I do a lot (in fact, most) of it at work. I use it to train new students, and I use it in presentation to our departments.

I do a ton of work in my free time, though, too. Like, I'm one of the top Nmap contributors right now, and have been for awhile. Speaking of which...

Tuberload: When you look things up, make sure you learn how to use the Nmap Scripting Engine (NSE), especially the scripts written by the guy named "Ron". They're awesome.

Tuberload · « **Reply #25 on:** September 24, 2009, 08:32:03 PM »

Quote from: iago on September 24, 2009, 08:40:04 AM

Tuberload: When you look things up, make sure you learn how to use the Nmap Scripting Engine (NSE), especially the scripts written by the guy named "Ron". They're awesome.

I'm setting my printer up now so I can start printing educational material.

Camel · « **Reply #26 on:** September 24, 2009, 09:47:19 PM »

Paper kills trees, you savage.

Tuberload · « **Reply #27 on:** September 24, 2009, 10:33:30 PM »

I do what I can.

AntiVirus · « **Reply #28 on:** September 24, 2009, 10:57:10 PM »

This does sound really interesting. I would love to try and give it a shot, but I don't think I have time. : (

Towelie · « **Reply #29 on:** September 25, 2009, 06:05:03 PM »

doing this on a DoD network... I might pass.

rabbit · « **Reply #30 on:** September 25, 2009, 06:13:34 PM »

I'll give it a shot I guess

iago · « **Reply #31 on:** September 25, 2009, 07:24:14 PM »

Quote from: Towelie on September 25, 2009, 06:05:03 PM

doing this on a DoD network... I might pass.

I'm going to set it up so you have to connect to me through a secure tunnel. So technically, if you wanted to, you'd be safe.

Joe · « **Reply #32 on:** September 26, 2009, 12:20:33 AM »

Not to get into a cryptography debate, but can't they decrypt everything that comes over the wire once he sends his public key? Sure, they can't pretend to be him, but they can read everything sent out, if I understand correctly.

But that's a moot point since it's not against the law to hack into a machine with it's owners permission. Of course, you might have to prove that you have iago's permission to someone pretty important..

EDIT -
Headline: US Navy Cadet caught hacking into Canadian web server.

iago · « **Reply #33 on:** September 26, 2009, 12:38:01 AM »

Quote from: Joe on September 26, 2009, 12:20:33 AM

Not to get into a cryptography debate, but can't they decrypt everything that comes over the wire once he sends his public key? Sure, they can't pretend to be him, but they can read everything sent out, if I understand correctly.

But that's a moot point since it's not against the law to hack into a machine with it's owners permission. Of course, you might have to prove that you have iago's permission to someone pretty important..

EDIT -
Headline: US Navy Cadet caught hacking into Canadian web server.

No, you're entirely wrong about how public-key cryptography works. To briefly explain, there are two concepts:
1) Anything encrypted with a private key can only be decrypted with the corresponding public key (what you're talking about)
2) Anything encrypted with a public key can only be decrypted with the corresponding private key (closer to what's actually happening)

Joe · « **Reply #34 on:** September 26, 2009, 05:32:28 PM »

I forgot that. SSH is double-encrypted, right? With your private key and their public key, therefore since only the intended recipient has both your public key and their own private key, only they can read it.

Gotcha.

iago · « **Reply #35 on:** September 26, 2009, 09:47:31 PM »

Quote from: Joe on September 26, 2009, 05:32:28 PM

I forgot that. SSH is double-encrypted, right? With your private key and their public key, therefore since only the intended recipient has both your public key and their own private key, only they can read it.

Gotcha.

Something like that, anyway.

Joe · « **Reply #36 on:** September 26, 2009, 10:00:55 PM »

Don't you work for an internet security company?

iago · « **Reply #37 on:** September 26, 2009, 10:11:21 PM »

Nope, I work from the government.

I'm not a crypto expert, though I do have a decent understanding of how ssh works. Your answer isn't really right, but explaining it is kind of a waste of time.

Sidoh · « **Reply #38 on:** September 27, 2009, 11:42:28 AM »

Quote from: Joe on September 26, 2009, 05:32:28 PM

I forgot that. SSH is double-encrypted, right? With your private key and their public key, therefore since only the intended recipient has both your public key and their own private key, only they can read it.

Gotcha.

SSH is a probably special case, but the standard public key model is the sender encrypts the message with the recipient's public key. A message can be decrypted using the private key corresponding to the public key that encrypted it. "Double encryption" probably means that the traffic is encrypted both ways.

Public keys and private keys have some sort of mathematical relation to each other. The idea is that the (or a) public key is trivially determinable from a private key, but it's an intractable problem to determine a private key from a public key. In RSA (and similar approaches), which is probably the most common form of public key cryptography in practice, the private key is two large primes, and the public key is the product of those two primes.

Quote from: Joe on September 26, 2009, 10:00:55 PM

Don't you work for an internet security company?

The innards of cryptography is a rather small subset of what internet security is about...

iago · « **Reply #39 on:** September 27, 2009, 11:55:30 AM »

Quote from: Sidoh on September 27, 2009, 11:42:28 AM

SSH is a probably special case, but the standard public key model is the sender encrypts the message with the recipient's public key. A message can be decrypted using the private key corresponding to the public key that encrypted it. "Double encryption" probably means that the traffic is encrypted both ways.

Typically, encryption using public/private keys is rarely done, because it's computationally expensive. What happens in SSH/SSL/etc is that the client/server use public key encryption to exchange a session key (and as of SSHv2, it's done in a way that isn't vulnerable to man-in-the-middle attacks; I don't know the details), and that session key is used for symmetric encryption (AES or something).

Quote from: Sidoh on September 27, 2009, 11:42:28 AM

The innards of cryptography is a rather small subset of what internet security is about...

Exactly. On a day-to-day basis, I need to know how to use encryption properly, but I don't necessarily need to know how it works (I trust very smart people like Bruce Schneier and the RSA folks to understand that kind of stuff.

)

iago · « **Reply #40 on:** September 27, 2009, 12:57:33 PM »

So it turns out that the old PoS computer I grabbed to run this on won't boot with a USB keyboard, and I don't own a PS/2 one. Oops.

I'm thinking of running this on my old laptop now.. I know it can handle it, and it's not doing anything else. We'll see! I suddenly got really busy again. Bah!

rabbit · « **Reply #41 on:** September 27, 2009, 01:30:57 PM »

Quote from: iago on September 27, 2009, 12:57:33 PM

So it turns out that the old PoS computer I grabbed to run this on won't boot with a USB keyboard, and I don't own a PS/2 one. Oops.

I'm thinking of running this on my old laptop now.. I know it can handle it, and it's not doing anything else. We'll see! I suddenly got really busy again. Bah!

http://www.google.com/products/catalog?q=usb+to+ps/2+adapter&hl=en&cid=8787340792746948795&sa=title#p

iago · « **Reply #42 on:** September 27, 2009, 02:29:00 PM »

Now that you mention it, I have several of those in a drawer. I only have two keyboard/mouse sets, though, and both are wireless. It's worth a try, anyways.

If not, I'll just borrow a PS/2 from work.

iago · « **Reply #43 on:** January 10, 2010, 01:42:54 PM »

So yeah, I haven't forgotten about this, but I do apologize for the delay. Life's busy and all that, you know?

Anyway, this is all basically set up now. I was thinking, though, instead of doing a straight up competition, what if I give access to the virtual machines to people, give a brief lesson on a tool or two, then let you play around? After some practice, I can set up a proper "competition" for people. Would that work? And, is anybody still interested?

The only thing I have left to do is make an OpenVPN server. People who want to play will have to install OpenVPN on their workstation and connect to my server. From there, they will have access to the environment and can do whatever they like in the test network.

So yeah, anybody interested?

rabbit · « **Reply #44 on:** January 10, 2010, 03:52:57 PM »

I am.

Blaze · « **Reply #45 on:** January 10, 2010, 10:53:39 PM »

I'd be interested in that lesson with or without the competition.

However, that's not to say I'm not interested in the competition.

deadly7 · « **Reply #46 on:** January 11, 2010, 09:00:12 AM »

There's no way I'd win the competition but I'd be interested in learning.

iago · « **Reply #47 on:** January 11, 2010, 01:06:48 PM »

Ok.. just give me some time to learn how to set up an OpenVPN server (if anybody has experience, let me know).

News:

Author Topic: Hacking competition? (Read 14592 times)