Difference between revisions of "UCSB CTF 2004"

From C4 Wiki
Jump to: navigation, search
(What To Do Better)
(What To Do Better)
Line 7: Line 7:
  
 
== What To Do Better ==
 
== What To Do Better ==
 
+
=== General ===
 
* don't put such a strong focus on host and network security again, this game was about application security ...
 
* don't put such a strong focus on host and network security again, this game was about application security ...
 
* use some means of internal communication (wiki?)
 
* use some means of internal communication (wiki?)
Line 13: Line 13:
 
Research would read code, produce new exploit and fix bugs.
 
Research would read code, produce new exploit and fix bugs.
 
Abuse would automate and use exploits.
 
Abuse would automate and use exploits.
 +
 +
=== VMWare Game Image Security ===
 +
Check for
 +
* ssh pubkeys
 +
* sshd configuration:
 +
** PubKeyAuthentication
 +
** PermitRootLogin
 +
* nfs exports
 +
* user passwords
 +
** PHP Safe Mode?
  
 
== Pics! ==
 
== Pics! ==

Revision as of 23:55, 5 December 2004

A team of hackers (known as "0ld Eur0pe"), mainly consisting of the Summerschool Aachen 2004, members of the Chaos Computer Club Cologne and some students of the RWTH[1], participated in the UCSB Capture The Flag 2004 game and were quite successful (see the scoreboard[2], second line).

This page serves as a whiteboard to document the setup we used this year and to collect ideas about what we can do better next time.

Setup

Network Setup

What To Do Better

General

  • don't put such a strong focus on host and network security again, this game was about application security ...
  • use some means of internal communication (wiki?)
  • split teams into research/abuse instead of attack/defense (?)

Research would read code, produce new exploit and fix bugs. Abuse would automate and use exploits.

VMWare Game Image Security

Check for

  • ssh pubkeys
  • sshd configuration:
    • PubKeyAuthentication
    • PermitRootLogin
  • nfs exports
  • user passwords
    • PHP Safe Mode?

Pics!