Capture the Flag: Final Scores – Ring 0 Wins!

 CTF  9 Responses »
Nov 232009
 

Ring 0 pulled it off in the end, with VM to VM flag submission to prevent their own flags from going out on the wire, thwarting the McGrewchebag’s attempts at automated sniffing/resubmission.  They were here all night hacking away and their devotion paid off.  I expected to find them face-down on the keyboard when I got back to the lab at 7AM, but they were still going, fueled by caffeine.

In the last moments of the game, with “Eye of the Tiger” playing from an unidentified laptop, the two top teams submitted all of the flags they had been afraid to submit earlier, along with plenty of cover traffic.  The scoring server creaked and groaned under the pressure, and I closed all of the other VMs to help out a bit.  When the clock hit 9:00 AM, I pulled the power to the hub, cutting the VM server off from the rest of the network.  The two teams congratulated each other, and we all went down to the classroom for the awards ceremony.

The final scores:

  1. Ring 0 : 29 Flags
  2. McGrewchebags: 23 Flags
  3. Where’s Jerry?: 12 Flags
  4. Team 3: 6 Flags
  5. Team 5: 4 Flags
 Posted by wesley at 10:27 am

CTF Weekend Update: Sunday 2:30 PM

 CTF  1 Response »
Nov 222009
 

The lab has been very busy this weekend.  Yesterday at 3PM I received an email asking me to drop by and reboot the VMs due to sluggish performance, and I expected a handful of people in here when I arrived.  When I got to the lab, I was very surprised to see a little over half the class hacking away.  There were still several people around when I left at 8PM.

After looking into it, we have found that the “Jerry” of “Where’s Jerry”‘s name dropped the class some time back.  That team is on an even footing with the others with 4 members, so there is no injustice there.  I originally had a 1 flag bounty on Jerry’s head, if they could bring him to me, though with these circumstances, I’ve raised the bounty to 2.

Ring 0 was just awarded a flag for a social engineering attempt that I was deliberating on for a while, and another flag for something I cannot disclose at this time.  Right now, it’s a very close three-team race for first place, although it’s hard to say how many unsubmitted flags the teams could be sitting on.

The scores as of this moment:

  1. McGrewchebags : 17 Flags (Time of last capture: 3:46 PM Saturday)
  2. Ring 0 : 14 Flags (Time of last capture: 11:30 PM Saturday)
  3. Where’s Jerry?: 12 Flags (Time of last capture: 1:51 PM Sunday)
  4. Team 3: 6 Flags (Time of last capture: 8:22 PM Saturday)
  5. Team 5: 4 Flags (Time of last capture: 11:57 AM Saturday)
 Posted by wesley at 2:34 pm

CTF Update: Friday 5:00 PM

 CTF  2 Responses »
Nov 202009
 

After a very busy morning, the number of students in the lab hacking away at CTF went down in number, but up in rowdiness.  There are three close “top” teams now, with “Where’s Jerry?” (formerly known as Team 4, name in reference to a missing member) joining McGrewchebags and Ring 0 in being very active.  ”Where’s” is not to be underestimated, having run their score up to the current value in a very short period of time.

The teams are getting more and more humorous with their trash talking.  It’s all in the spirit of the competition, though, as they’re being very friendly and sportsman-like to each other.  Earlier, I was witness to a member of Ring Zero sharing his copy of Fyodor’s nmap book with a member of McGrewchebags.

There was a bit of social engineering action today (bribery, etc.), and a small handful of points were handed out.  The best social engineering attempt, a survey sent to us, was actually rewarded by providing the team with an answer to one of their survey questions, rather than a “social engineering flag”.  That answer might serve them well.  It’s difficult to judge the social engineering attempts objectively, so I simply go with my gut.  Occasionally students protest about perceived uneven applications of rules and rewards, but it all evens out in the end.  Either way, there’s no way to appeal my decisions :)

Teams are getting a good handle on their sniffing and packet analysis skills, and are falling into a good routine on that front.  Most of the teams appear to be working well with each other as a team, and continue to put in some long hours.  I wouldn’t be surprised to see a sleeping bag in here the next time I drop by to see what’s going on.

I will be dropping by at least once tommorow and Sunday, and will post updates then.

Current scores:

  1. McGrewchebags – 15 Flags (Last capture, 7:39 AM)
  2. Ring 0 – 9 Flags (Last capture, 11:31 AM)
  3. Where’s Jerry? – 8 Flags (Last capture, 11:25 AM)
  4. Team 5 – 3 Flags (Last capture, 12:16 PM)
  5. Team 3 – 1 Flag (Last capture, 2:46 PM)
 Posted by wesley at 4:56 pm

CTF Update: Friday Morning

 CTF  2 Responses »
Nov 202009
 

Activity has seriously picked up after this morning’s brief class meeting.  I discussed the events of my previous updates with them, clarified some rules, talked about useful tools, and gave a brief ramble on ways to effectively keep Wireshark from overwhelming them with data (or from crashing).  Members of the previously less active teams are in here now, as they become free of their weekday obligations.  There’s still plenty of time over the weekend for hacking!

Current scores as of 10:04 this morning:

  1. McGrewchebags: 14 flags (Time of last capture: 7:39 AM)
  2. Ring 0: 7 flags (Time of last capture: 9:53 AM)
  3. Team 4: 4 flags (Time of last capture: 9:38 AM)
  4. Team 3: 1 flag (From yesterday, when they weren’t here)
  5. Team 5: Nothin’!

I’ll likely update again this evening at 5PM.

 Posted by wesley at 10:06 am

CTF Update: Thursday 5:00 PM

 CTF  No Responses »
Nov 192009
 

Today has been a busy day, but with slight movement to the scores.  The two busiest teams, McGrewchebags and Ring 0, have been at work re-evaluating and re-deploying their sniffing and counter-sniffing measures.  Representatives of two other teams have been by to poke at the network and their own reserved computers, yet remain quiet on the scoreboard.

Three flags were submitted for scoring today.  This includes one flag each by Ring 0 and the McGrewchebags, 30 minutes apart from each other.  The remaining flag is more interesting for one reason: it was credited to Team 3, who had no members in the room at that time.  I know the reason for this, along with many other CTF secrets that I cannot reveal until after the closing ceremony.  For now, it is an exercise for the readers and other teams to figure it out.

Network traffic is picking up with “cover traffic”, designed to confuse other sniffing teams.  If it begins to get out of hand, I will need to start unplugging network cables, but so far so good.  The active teams are learning a lot about filtering through packet logs.

Soon, it seems, teams will be getting very serious about attacking target VMs and actually capturing flags for themselves ;)

The scores as of 5:00PM:

  1. McGrewchebags – 13 Flags
  2. Ring 0 – 5 Flags
  3. Team 4 – 1 Flag (Time of last capture NULL, only flag is social eng. granted)
  4. Team 3 – 1 Flag (Time of last capture: 2:46PM, no members present!)
  5. Team 5 – 0 (Sleeper cell, or just asleep?)
 Posted by wesley at 4:57 pm

CTF Update: Thursday Morning

 CTF  1 Response »
Nov 192009
 

I arrived to an empty lab this morning, just before 8AM, and the target VMs were running very sluggish.  Rather than spending a lot of time diagnosing the exact problem, I felt it would be quicker to just shut the VMs down, restart VMWare, and bring them back up to see if they would spring back to life.  They did.  I got the (happy) feeling that these targets had been well abused during the night, and I believe I was right.

The students of team Ring 0 have made their presence known on the scoreboard, now in a distant second place with 4 flags.  Don’t let the word “distant” fool you, though.  They were in here and working on it for a good while last night, indicated by their time of last flag submission: 12:42 AM.  The flags they submitted last night were likely just the ones they didn’t mind the other teams’ sniffers catching.  I am certain they have more.

A flag was awarded last night to Ring 0 for a social engineering attempt that I interfered with.  The team registered a gmail account in my name, and planned on posting a letter on the door of the lab, from “me”, informing the other teams that the lab was closed temporarily, due to damage caused by the “disqualified” Ring 0.  They were not sure if the letter would violate the spirit of the CTF rules against interfering too much with other teams, so they consulted with me before putting the sign up.  I thought it was a cool idea, but I didn’t want to cut into other teams’ time in the lab, so I thanked them for the attempt, told them to not put up the sign, but awarded them a flag for their efforts.

I look forward to today’s activity.

The scoreboard, as it stands this morning:

  1. McGrewchebags – 12 flags
  2. Ring 0 – 4 flags
  3. Team 4 – 1 flag
  4. Team 3 – 0
  5. Team 5 – 0
I arrived to an empty lab this morning, just before 8AM, and the target VMs were running very sluggish.  Rather than spending a lot of time diagnosing the exact problem, I felt it would be quicker to just shut the VMs down, restart VMWare, and bring them back up to see if they would spring back to life.  They did.  I got the (happy) feeling that these targets had been well abused during the night, and I believe I was right.
The students of team Ring 0 have made their presence known on the scoreboard, now in a distant second place with 4 flags.  Don’t let the word “distant” fool you, though.  They were in here and working on it for a good while last night, indicated by their time of last flag submission: 12:42 AM.  The flags they submitted last night were likely just the ones they didn’t mind the other teams’ sniffers catching.  I am certain they have more.
A flag was awarded last night to Ring 0 for a social engineering attempt that I interfered with.  The team registered a gmail account in my name, and planned on posting a letter on the door of the lab, from “me”, informing the other teams that the lab was closed temporarily, due to damage caused by the “disqualified” Ring 0.  They were not sure if the letter would violate the spirit of the CTF rules against interfering too much with other teams, so they consulted with me before putting the sign up.  I thought it was a cool idea, but I didn’t want to cut into other teams’ time in the lab, so I thanked them for the attempt, told them to not put up the sign, but awarded them a flag for the great idea.
The scoreboard, as it stands this morning
 Posted by wesley at 9:13 am

CTF Update: Wednesday 5:00 PM

 CTF  3 Responses »
Nov 182009
 

It’s time for me to leave the lab for the evening, but Capture the Flag and the participating teams march on.

After a briefing on the rules of CTF to the students from 9:00 to 9:45 this morning, this semester’s marathon Capture the Flag began.  The five teams have until 9:00 Monday morning to rack up their score.  There is plenty of time to go, although some teams are getting an early start.

The McGrewchebags (I love their name) have had an excellent start.  Members have been in the lab working on it ever since the end of the initial briefing, and have found most of the publicly available flags along with a handful of flags on the isolated CTF network.  They are also the very first team to break the scoring server in such a way that they could end the game right then and there.  The game was quickly repaired and the McGrewchebags were rewarded 2 points on the spot.

The teams that have been on the network have quickly realized that having an entirely hubbed network (one large broadcast domain) and the lack of a secure way to submit flags for scoring presents an interesting set of opportunities and challenges.  Passive monitoring is allowed, and each team is laying claim to one computer in the lab from which to run scripts and sniffers.  Espionage and communications security are top concerns for some of the teams, with counter-measures and counter-counter-measures being discussed in hushed tones.

The only team to submit flags to the scoring server, the McGrewchebags, are in the lead, although it is not known how many flags other teams are “sitting on” at the moment.  It’s a battle of nerves, as ties are broken by the earliest time of last submission.

The un-named Team 4 was just (50 minutes ago) awarded with one flag for a nice social engineering attempt.  This team sent me an email, spoofed to appear as though it was from the professor of the class, informing me that Team 4 deserved points because “they got me earlier” (meta-social-engineering!).  The email wasn’t perfect.  The headers didn’t match Dr. Vaughn’s usual emails, and they accidentally double-spaced his signature, but it was a pretty good attempt and earned them a flag.

Ring 0 just chose their name, and appear to be in a sort of set-up stage.  They may be a little slower to jump in than the McGrewchebags, but I get the impression that they are very serious about winning.

Scores as of Wednesday 5:00PM:

  1. McGrewchebags : 12 points
  2. Team 4 : 1 point
  3. Ring 0 : 0 points
  4. Team 3 : 0 points
  5. Team 5 : 0 points

If everything stays up and running, and I don’t get any emergency calls, I will be back on the CTF network in the morning, and will keep my readers up to date with scores and commentary.

 Posted by wesley at 4:34 pm

Capture The Flag Begins Today!

 Uncategorized  3 Responses »
Nov 182009
 

The students in the CSE 4243/6243 Information Security class at Mississippi State University will begin their end-of-semester CTF exercise today, and in a change of format, it will be for a much longer period of time.  In previous semesters, we have run this exercise during class time, with laptops in one of the classrooms.  This semester, in order to give them more time and opportunity to research obstacles in their way, I have set the game up in our security lab, and it will run from the end of class today (10 AM) to the beginning of class on Monday (9 AM).

There are five teams of students, and each will be racing to find a series of “flags” (10-character hexadecimal students l strings) that are scattered among a series of target computers.  As they find these flags, they will be submitting them to a scoring server to increase their score.  Since the are of varying levels of experience, we have strict rules against attacking other teams directly (though passive monitoring is allowed).

The students have always enjoyed the CTF in the past, and I believe that the new time format will make it even more fun and instructive.  The student teams have been meeting and preparing for some time now, and are very excited.  My favorite team name so far is “The McGrewchebags”.

If all goes well, I will be posting scores and commentary as the competition carries on through the weekend.

If you are a student in the class, here’s a free flag: ff8551ef39

 Posted by wesley at 8:12 am

Skiddies hacking sites in my name

 skiddies  9 Responses »
Nov 032009
 

I noticed a realty website in my referrals today, so I checked it out to see why they’d be linking here.  Here’s what I found:

http://mcgrewsecurity.com/img/nicetry.png

For those of you who are new here: This is obviously not how I roll.  Not only is it not something I would do (protip: don’t do pentesting for free), but the capitalization is awful.

Our good friend MR^E of the ETA dropped by this earlier in the day also, to leave troll comments and launch a pointless spider/scan against the site (again), so I figured I’d take a look and see what’s going on over at their new site, hackserver.org:

Wow!  MR^E figured it out before I did!  When asked about it by another member, he responded:

Stumbling across it before it even has a chance to get indexed by Google?

I’ll leave the conclusions as an exercise for the reader.

 Posted by wesley at 2:33 pm
© 2012 McGrew Security Suffusion theme by Sayontan Sinha