Author Topic: Hacking competition?  (Read 23159 times)

0 Members and 1 Guest are viewing this topic.

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: Hacking competition?
« Reply #30 on: September 25, 2009, 06:13:34 pm »
I'll give it a shot I guess :D

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Hacking competition?
« Reply #31 on: September 25, 2009, 07:24:14 pm »
doing this on a DoD network... I might pass.
I'm going to set it up so you have to connect to me through a secure tunnel. So technically, if you wanted to, you'd be safe. :)

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Hacking competition?
« Reply #32 on: September 26, 2009, 12:20:33 am »
Not to get into a cryptography debate, but can't they decrypt everything that comes over the wire once he sends his public key? Sure, they can't pretend to be him, but they can read everything sent out, if I understand correctly.

But that's a moot point since it's not against the law to hack into a machine with it's owners permission. Of course, you might have to prove that you have iago's permission to someone pretty important.. :P

EDIT -
Headline: US Navy Cadet caught hacking into Canadian web server.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Hacking competition?
« Reply #33 on: September 26, 2009, 12:38:01 am »
Not to get into a cryptography debate, but can't they decrypt everything that comes over the wire once he sends his public key? Sure, they can't pretend to be him, but they can read everything sent out, if I understand correctly.

But that's a moot point since it's not against the law to hack into a machine with it's owners permission. Of course, you might have to prove that you have iago's permission to someone pretty important.. :P

EDIT -
Headline: US Navy Cadet caught hacking into Canadian web server.
No, you're entirely wrong about how public-key cryptography works. To briefly explain, there are two concepts:
1) Anything encrypted with a private key can only be decrypted with the corresponding public key (what you're talking about)
2) Anything encrypted with a public key can only be decrypted with the corresponding private key (closer to what's actually happening)

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Hacking competition?
« Reply #34 on: September 26, 2009, 05:32:28 pm »
I forgot that. SSH is double-encrypted, right? With your private key and their public key, therefore since only the intended recipient has both your public key and their own private key, only they can read it.

Gotcha.
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Hacking competition?
« Reply #35 on: September 26, 2009, 09:47:31 pm »
I forgot that. SSH is double-encrypted, right? With your private key and their public key, therefore since only the intended recipient has both your public key and their own private key, only they can read it.

Gotcha.
Something like that, anyway. :P

Offline Joe

  • B&
  • x86
  • Hero Member
  • *****
  • Posts: 10319
  • In Soviet Russia, text read you!
    • View Profile
    • Github
Re: Hacking competition?
« Reply #36 on: September 26, 2009, 10:00:55 pm »
Don't you work for an internet security company? :P
I'd personally do as Joe suggests

You might be right about that, Joe.


Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Hacking competition?
« Reply #37 on: September 26, 2009, 10:11:21 pm »
Nope, I work from the government.

I'm not a crypto expert, though I do have a decent understanding of how ssh works. Your answer isn't really right, but explaining it is kind of a waste of time. :)

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Hacking competition?
« Reply #38 on: September 27, 2009, 11:42:28 am »
I forgot that. SSH is double-encrypted, right? With your private key and their public key, therefore since only the intended recipient has both your public key and their own private key, only they can read it.

Gotcha.

SSH is a probably special case, but the standard public key model is the sender encrypts the message with the recipient's public key.  A message can be decrypted using the private key corresponding to the public key that encrypted it.  "Double encryption" probably means that the traffic is encrypted both ways.

Public keys and private keys have some sort of mathematical relation to each other.  The idea is that the (or a) public key is trivially determinable from a private key, but it's an intractable problem to determine a private key from a public key.  In RSA (and similar approaches), which is probably the most common form of public key cryptography in practice, the private key is two large primes, and the public key is the product of those two primes.

Don't you work for an internet security company? :P

The innards of cryptography is a rather small subset of what internet security is about...
« Last Edit: September 27, 2009, 11:46:08 am by Sidoh »

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Hacking competition?
« Reply #39 on: September 27, 2009, 11:55:30 am »
SSH is a probably special case, but the standard public key model is the sender encrypts the message with the recipient's public key.  A message can be decrypted using the private key corresponding to the public key that encrypted it.  "Double encryption" probably means that the traffic is encrypted both ways.
Typically, encryption using public/private keys is rarely done, because it's computationally expensive. What happens in SSH/SSL/etc is that the client/server use public key encryption to exchange a session key (and as of SSHv2, it's done in a way that isn't vulnerable to man-in-the-middle attacks; I don't know the details), and that session key is used for symmetric encryption (AES or something).

The innards of cryptography is a rather small subset of what internet security is about...
Exactly. On a day-to-day basis, I need to know how to use encryption properly, but I don't necessarily need to know how it works (I trust very smart people like Bruce Schneier and the RSA folks to understand that kind of stuff. :) )

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Hacking competition?
« Reply #40 on: September 27, 2009, 12:57:33 pm »
So it turns out that the old PoS computer I grabbed to run this on won't boot with a USB keyboard, and I don't own a PS/2 one. Oops. :)

I'm thinking of running this on my old laptop now.. I know it can handle it, and it's not doing anything else. We'll see! I suddenly got really busy again. Bah!

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: Hacking competition?
« Reply #41 on: September 27, 2009, 01:30:57 pm »
So it turns out that the old PoS computer I grabbed to run this on won't boot with a USB keyboard, and I don't own a PS/2 one. Oops. :)

I'm thinking of running this on my old laptop now.. I know it can handle it, and it's not doing anything else. We'll see! I suddenly got really busy again. Bah!

http://www.google.com/products/catalog?q=usb+to+ps/2+adapter&hl=en&cid=8787340792746948795&sa=title#p

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Hacking competition?
« Reply #42 on: September 27, 2009, 02:29:00 pm »
Now that you mention it, I have several of those in a drawer. I only have two keyboard/mouse sets, though, and both are wireless. It's worth a try, anyways.

If not, I'll just borrow a PS/2 from work. :)

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Hacking competition?
« Reply #43 on: January 10, 2010, 01:42:54 pm »
So yeah, I haven't forgotten about this, but I do apologize for the delay. Life's busy and all that, you know?

Anyway, this is all basically set up now. I was thinking, though, instead of doing a straight up competition, what if I give access to the virtual machines to people, give a brief lesson on a tool or two, then let you play around? After some practice, I can set up a proper "competition" for people. Would that work? And, is anybody still interested? :)

The only thing I have left to do is make an OpenVPN server. People who want to play will have to install OpenVPN on their workstation and connect to my server. From there, they will have access to the environment and can do whatever they like in the test network.

So yeah, anybody interested? :)

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: Hacking competition?
« Reply #44 on: January 10, 2010, 03:52:57 pm »
I am.