Hacking competition?

[Sidoh]

I got openvpn working at some point (I think over last spring break or something?), but I wouldn't be helpful other than to tell you it's pretty well documented. :)

[iago]

Heh, thanks. It looked pretty easy from a quick look at the manpage. I'll just have to send people .conf files that point to my private network.

[iago]

For what it's worth, I haven't forgotten about this. I'm hopefully going to have the hardware I need in the next little while.

[Tuberload]

Incidentally, I'm well aware that nobody doing this will be experts (or even amateurs), so I'll post a list of tools and some basic theories at the outset.

Could you post the list of tools and basic theories now? That way I can begin allocating my free time for research purposes.

[iago]

Incidentally, I'm well aware that nobody doing this will be experts (or even amateurs), so I'll post a list of tools and some basic theories at the outset.

Could you post the list of tools and basic theories now? That way I can begin allocating my free time for research purposes.

Hmm, I can't list too much without giving away a lot (I have a pdf I can send that is basically a guide, but it's also basically a walkthrough :) ). I'll list some stuff, though!

My favourite tools (and the ones you need for this) are:
* Nmap
* Metasploit
* sqlmap
* rainbowcrack (rcrack) -- you only need the 'alpha' tables, which are <1gb, not anything else. I think l0pht puts out a live cd for cracking passwords, too

The theories:
* Port scanning
* Network discovery
* Web vulnerabilities (sql injection, path traversal, cross-site scripting [not required, but good to know], local/remote file include)
* Exploits (metasploit -> how to use the exploits, different payloads [meterpreter])
* Password cracking (w/ rainbow tables)
* Pass-the-hash (w/ metasploit)

That should put you in a good position.

I'm thinking I should do a basic one first to get people going, give out a prize for that one, post the theories used, then do my full contest. Thoughts on that?

[Camel]

I was talking with my boss about this thread today. He says you need to get laid, iago. :P

[iago]

I don't really understand what you mean.

Keep in mind that this is my job. I use this type of demo to teach people how to hack and to demonstrate to programmers/management what hackers do. That's my job, and I love doing it, people appreciate learning it, and I get paid decently for my skills.

The fact that I'm planning to share some of the work I've done with the community doesn't really change anything.

[abc]

sounds fun to me!

[Camel]

I find it pretty interesting too. I think he doesn't approve of nerding during free time.

[iago]

I find it pretty interesting too. I think he doesn't approve of nerding during free time.

I do a lot (in fact, most) of it at work. I use it to train new students, and I use it in presentation to our departments. :)

I do a ton of work in my free time, though, too. Like, I'm one of the top Nmap contributors right now, and have been for awhile. Speaking of which...

Tuberload: When you look things up, make sure you learn how to use the Nmap Scripting Engine (NSE), especially the scripts written by the guy named "Ron". They're awesome. :)

[Tuberload]

Tuberload: When you look things up, make sure you learn how to use the Nmap Scripting Engine (NSE), especially the scripts written by the guy named "Ron". They're awesome. :)

I'm setting my printer up now so I can start printing educational material.

[Camel]

Paper kills trees, you savage.

[Tuberload]

I do what I can.

[AntiVirus]

This does sound really interesting.  I would love to try and give it a shot, but I don't think I have time. : (

[Towelie]

doing this on a DoD network... I might pass.