News:

Wieners, Brats, Franks, we've got 'em all.

Main Menu

Hacking competition?

Started by iago, January 13, 2009, 06:22:45 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

iago

I spent the last week or so putting together a vulnerable network for a presentation/demo I'm doing next week. When I'm done, I was thinking of fixing up the demo a bit, making it a bit more interesting/challenging, then giving people access and seeing who can get to the end first.

Naturally, there'd be a prize for the person who got through it first.

If you'd be interested in doing it, post here (and get others to, as well ;) ). If at least 3-4 people are interested, I'll set it up.

It isn't insanely difficult, but it'd be an interesting challenge and requires the use of a few different tools.

Blaze

And like a fool I believed myself, and thought I was somebody else...

iago

Incidentally, I'm well aware that nobody doing this will be experts (or even amateurs), so I'll post a list of tools and some basic theories at the outset.

Quik

Maybe.. might be interesting.
Quote[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Krazed

I'd definitely be interested to learn something.
It is good to be good, but it is better to be lucky.

iago

So at least 4 people have shown some kind of interest (3 here + one more on AIM), so I'll definitely set this up. Don't expect it to be right away, though, but hopefully it'll be in the next couple months. :)

Newby

If I get time, I'll do it for the learning experience. :P
- Newby
http://www.x86labs.org

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote from: Rule on June 30, 2008, 01:13:20 PM
Quote from: CrAz3D on June 30, 2008, 10:38:22 AM
I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Hdx

I must ditto everyone else's reponses. I'd be more then happy to take a swing at it to learn some new stuff.
As all of you know i'm not 'deh ubber 1337 haxorz' :)
http://img140.exs.cx/img140/6720/hdxnew6lb.gif
09/08/05 - Clan SBs @ USEast
[19:59:04.000] <DeadHelp> We don't like customers.
[19:59:05.922] <DeadHelp> They're assholes
[19:59:08.094] <DeadHelp> And they're never right.

rabbit


abc


mynameistmp


Hitmen

Quote from: mynameistmp on February 05, 2009, 10:29:21 PM
Is this idea dead?

Quote from: iago on January 13, 2009, 08:36:34 PM
So at least 4 people have shown some kind of interest (3 here + one more on AIM), so I'll definitely set this up. Don't expect it to be right away, though, but hopefully it'll be in the next couple months. :)

iago is slow like that
Quote
(22:15:39) Newby: it hurts to swallow

Blaze

He did figure out what the prize is, though!
And like a fool I believed myself, and thought I was somebody else...

iago

Haha, it's not at all dead. I'll even go so far as to promise I'll set it up, eventually.

The presentation I was going to do got bumped due to the fact that I couldn't stop throwing up the day I was supposed to do it (damn flu!), so I'm not doing it till the 18th.

But here's the thing -- I'm moving before the end of April, at which point I'll be on a new connection on a new ISP. I'm also considering picking up some new hardware, so I could even dedicate the old server to this contest. Whatever the case, that stuff isn't going to happen till May.

I also need to learn how to use OpenVPN, so people participating can connect directly to my network and not get pwned by ISPs that do filtering. If anybody knows how already, let me know.

And yes, I've chosen a prize for the contest. :D

Ribose

This would be interesting...
~Ribose

Sidoh

I got openvpn working at some point (I think over last spring break or something?), but I wouldn't be helpful other than to tell you it's pretty well documented. :)

iago

Heh, thanks. It looked pretty easy from a quick look at the manpage. I'll just have to send people .conf files that point to my private network.

iago

For what it's worth, I haven't forgotten about this. I'm hopefully going to have the hardware I need in the next little while.

Tuberload

Quote from: iago on January 13, 2009, 07:29:20 PM
Incidentally, I'm well aware that nobody doing this will be experts (or even amateurs), so I'll post a list of tools and some basic theories at the outset.


Could you post the list of tools and basic theories now? That way I can begin allocating my free time for research purposes.
I am prepared to be ridiculed for what I believe, are you?

iago

Quote from: Tuberload on September 23, 2009, 06:00:05 PM
Quote from: iago on January 13, 2009, 07:29:20 PM
Incidentally, I'm well aware that nobody doing this will be experts (or even amateurs), so I'll post a list of tools and some basic theories at the outset.


Could you post the list of tools and basic theories now? That way I can begin allocating my free time for research purposes.

Hmm, I can't list too much without giving away a lot (I have a pdf I can send that is basically a guide, but it's also basically a walkthrough :) ). I'll list some stuff, though!

My favourite tools (and the ones you need for this) are:
* Nmap
* Metasploit
* sqlmap
* rainbowcrack (rcrack) -- you only need the 'alpha' tables, which are <1gb, not anything else. I think l0pht puts out a live cd for cracking passwords, too

The theories:
* Port scanning
* Network discovery
* Web vulnerabilities (sql injection, path traversal, cross-site scripting [not required, but good to know], local/remote file include)
* Exploits (metasploit -> how to use the exploits, different payloads [meterpreter])
* Password cracking (w/ rainbow tables)
* Pass-the-hash (w/ metasploit)

That should put you in a good position.

I'm thinking I should do a basic one first to get people going, give out a prize for that one, post the theories used, then do my full contest. Thoughts on that?

Camel

I was talking with my boss about this thread today. He says you need to get laid, iago. :P

<Camel> i said what what
<Blaze> in the butt
<Camel> you want to do it in my butt?
<Blaze> in my butt
<Camel> let's do it in the butt
<Blaze> Okay!

iago

I don't really understand what you mean.

Keep in mind that this is my job. I use this type of demo to teach people how to hack and to demonstrate to programmers/management what hackers do. That's my job, and I love doing it, people appreciate learning it, and I get paid decently for my skills.

The fact that I'm planning to share some of the work I've done with the community doesn't really change anything.

abc


Camel

I find it pretty interesting too. I think he doesn't approve of nerding during free time.

<Camel> i said what what
<Blaze> in the butt
<Camel> you want to do it in my butt?
<Blaze> in my butt
<Camel> let's do it in the butt
<Blaze> Okay!

iago

Quote from: Camel on September 24, 2009, 03:34:53 AM
I find it pretty interesting too. I think he doesn't approve of nerding during free time.
I do a lot (in fact, most) of it at work. I use it to train new students, and I use it in presentation to our departments. :)

I do a ton of work in my free time, though, too. Like, I'm one of the top Nmap contributors right now, and have been for awhile. Speaking of which...

Tuberload: When you look things up, make sure you learn how to use the Nmap Scripting Engine (NSE), especially the scripts written by the guy named "Ron". They're awesome. :)

Tuberload

Quote from: iago on September 24, 2009, 08:40:04 AM
Tuberload: When you look things up, make sure you learn how to use the Nmap Scripting Engine (NSE), especially the scripts written by the guy named "Ron". They're awesome. :)

I'm setting my printer up now so I can start printing educational material.
I am prepared to be ridiculed for what I believe, are you?

Camel

Paper kills trees, you savage.

<Camel> i said what what
<Blaze> in the butt
<Camel> you want to do it in my butt?
<Blaze> in my butt
<Camel> let's do it in the butt
<Blaze> Okay!

Tuberload

I am prepared to be ridiculed for what I believe, are you?

AntiVirus

This does sound really interesting.  I would love to try and give it a shot, but I don't think I have time. : (
The once grove of splendor,
Aforetime crowned by lilac and lily,
Lay now forevermore slender;
And all winds that liven
Silhouette a lone existence;
A leafless oak grasping at eternity.


"They say that I must learn to kill before I can feel safe, but I rather kill myself then turn into their slave."
- The Rasmus

Towelie

doing this on a DoD network... I might pass.

rabbit

I'll give it a shot I guess :D

iago

Quote from: Towelie on September 25, 2009, 06:05:03 PM
doing this on a DoD network... I might pass.
I'm going to set it up so you have to connect to me through a secure tunnel. So technically, if you wanted to, you'd be safe. :)

Joe

Not to get into a cryptography debate, but can't they decrypt everything that comes over the wire once he sends his public key? Sure, they can't pretend to be him, but they can read everything sent out, if I understand correctly.

But that's a moot point since it's not against the law to hack into a machine with it's owners permission. Of course, you might have to prove that you have iago's permission to someone pretty important.. :P

EDIT -
Headline: US Navy Cadet caught hacking into Canadian web server.
Quote from: Camel on June 09, 2009, 04:12:23 PMI'd personally do as Joe suggests

Quote from: AntiVirus on October 19, 2010, 02:36:52 PM
You might be right about that, Joe.


iago

Quote from: Joe on September 26, 2009, 12:20:33 AM
Not to get into a cryptography debate, but can't they decrypt everything that comes over the wire once he sends his public key? Sure, they can't pretend to be him, but they can read everything sent out, if I understand correctly.

But that's a moot point since it's not against the law to hack into a machine with it's owners permission. Of course, you might have to prove that you have iago's permission to someone pretty important.. :P

EDIT -
Headline: US Navy Cadet caught hacking into Canadian web server.
No, you're entirely wrong about how public-key cryptography works. To briefly explain, there are two concepts:
1) Anything encrypted with a private key can only be decrypted with the corresponding public key (what you're talking about)
2) Anything encrypted with a public key can only be decrypted with the corresponding private key (closer to what's actually happening)

Joe

I forgot that. SSH is double-encrypted, right? With your private key and their public key, therefore since only the intended recipient has both your public key and their own private key, only they can read it.

Gotcha.
Quote from: Camel on June 09, 2009, 04:12:23 PMI'd personally do as Joe suggests

Quote from: AntiVirus on October 19, 2010, 02:36:52 PM
You might be right about that, Joe.


iago

Quote from: Joe on September 26, 2009, 05:32:28 PM
I forgot that. SSH is double-encrypted, right? With your private key and their public key, therefore since only the intended recipient has both your public key and their own private key, only they can read it.

Gotcha.
Something like that, anyway. :P

Joe

Don't you work for an internet security company? :P
Quote from: Camel on June 09, 2009, 04:12:23 PMI'd personally do as Joe suggests

Quote from: AntiVirus on October 19, 2010, 02:36:52 PM
You might be right about that, Joe.


iago

Nope, I work from the government.

I'm not a crypto expert, though I do have a decent understanding of how ssh works. Your answer isn't really right, but explaining it is kind of a waste of time. :)

Sidoh

#38
Quote from: Joe on September 26, 2009, 05:32:28 PM
I forgot that. SSH is double-encrypted, right? With your private key and their public key, therefore since only the intended recipient has both your public key and their own private key, only they can read it.

Gotcha.

SSH is a probably special case, but the standard public key model is the sender encrypts the message with the recipient's public key.  A message can be decrypted using the private key corresponding to the public key that encrypted it.  "Double encryption" probably means that the traffic is encrypted both ways.

Public keys and private keys have some sort of mathematical relation to each other.  The idea is that the (or a) public key is trivially determinable from a private key, but it's an intractable problem to determine a private key from a public key.  In RSA (and similar approaches), which is probably the most common form of public key cryptography in practice, the private key is two large primes, and the public key is the product of those two primes.

Quote from: Joe on September 26, 2009, 10:00:55 PM
Don't you work for an internet security company? :P

The innards of cryptography is a rather small subset of what internet security is about...

iago

Quote from: Sidoh on September 27, 2009, 11:42:28 AM
SSH is a probably special case, but the standard public key model is the sender encrypts the message with the recipient's public key.  A message can be decrypted using the private key corresponding to the public key that encrypted it.  "Double encryption" probably means that the traffic is encrypted both ways.
Typically, encryption using public/private keys is rarely done, because it's computationally expensive. What happens in SSH/SSL/etc is that the client/server use public key encryption to exchange a session key (and as of SSHv2, it's done in a way that isn't vulnerable to man-in-the-middle attacks; I don't know the details), and that session key is used for symmetric encryption (AES or something).

Quote from: Sidoh on September 27, 2009, 11:42:28 AM
The innards of cryptography is a rather small subset of what internet security is about...
Exactly. On a day-to-day basis, I need to know how to use encryption properly, but I don't necessarily need to know how it works (I trust very smart people like Bruce Schneier and the RSA folks to understand that kind of stuff. :) )

iago

So it turns out that the old PoS computer I grabbed to run this on won't boot with a USB keyboard, and I don't own a PS/2 one. Oops. :)

I'm thinking of running this on my old laptop now.. I know it can handle it, and it's not doing anything else. We'll see! I suddenly got really busy again. Bah!

rabbit

Quote from: iago on September 27, 2009, 12:57:33 PM
So it turns out that the old PoS computer I grabbed to run this on won't boot with a USB keyboard, and I don't own a PS/2 one. Oops. :)

I'm thinking of running this on my old laptop now.. I know it can handle it, and it's not doing anything else. We'll see! I suddenly got really busy again. Bah!

http://www.google.com/products/catalog?q=usb+to+ps/2+adapter&hl=en&cid=8787340792746948795&sa=title#p

iago

Now that you mention it, I have several of those in a drawer. I only have two keyboard/mouse sets, though, and both are wireless. It's worth a try, anyways.

If not, I'll just borrow a PS/2 from work. :)

iago

So yeah, I haven't forgotten about this, but I do apologize for the delay. Life's busy and all that, you know?

Anyway, this is all basically set up now. I was thinking, though, instead of doing a straight up competition, what if I give access to the virtual machines to people, give a brief lesson on a tool or two, then let you play around? After some practice, I can set up a proper "competition" for people. Would that work? And, is anybody still interested? :)

The only thing I have left to do is make an OpenVPN server. People who want to play will have to install OpenVPN on their workstation and connect to my server. From there, they will have access to the environment and can do whatever they like in the test network.

So yeah, anybody interested? :)

rabbit


Blaze

I'd be interested in that lesson with or without the competition.

However, that's not to say I'm not interested in the competition.  :)
And like a fool I believed myself, and thought I was somebody else...

deadly7

There's no way I'd win the competition but I'd be interested in learning.
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
[17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

iago

Ok.. just give me some time to learn how to set up an OpenVPN server (if anybody has experience, let me know).