Difference between revisions of "UCSB CTF 2004"
(→What To Do Better) |
(→What To Do Better) |
||
Line 7: | Line 7: | ||
== What To Do Better == | == What To Do Better == | ||
− | + | === General === | |
* don't put such a strong focus on host and network security again, this game was about application security ... | * don't put such a strong focus on host and network security again, this game was about application security ... | ||
* use some means of internal communication (wiki?) | * use some means of internal communication (wiki?) | ||
Line 13: | Line 13: | ||
Research would read code, produce new exploit and fix bugs. | Research would read code, produce new exploit and fix bugs. | ||
Abuse would automate and use exploits. | Abuse would automate and use exploits. | ||
+ | |||
+ | === VMWare Game Image Security === | ||
+ | Check for | ||
+ | * ssh pubkeys | ||
+ | * sshd configuration: | ||
+ | ** PubKeyAuthentication | ||
+ | ** PermitRootLogin | ||
+ | * nfs exports | ||
+ | * user passwords | ||
+ | ** PHP Safe Mode? | ||
== Pics! == | == Pics! == |
Revision as of 23:55, 5 December 2004
A team of hackers (known as "0ld Eur0pe"), mainly consisting of the Summerschool Aachen 2004, members of the Chaos Computer Club Cologne and some students of the RWTH[1], participated in the UCSB Capture The Flag 2004 game and were quite successful (see the scoreboard[2], second line).
This page serves as a whiteboard to document the setup we used this year and to collect ideas about what we can do better next time.
Setup
What To Do Better
General
- don't put such a strong focus on host and network security again, this game was about application security ...
- use some means of internal communication (wiki?)
- split teams into research/abuse instead of attack/defense (?)
Research would read code, produce new exploit and fix bugs. Abuse would automate and use exploits.
VMWare Game Image Security
Check for
- ssh pubkeys
- sshd configuration:
- PubKeyAuthentication
- PermitRootLogin
- nfs exports
- user passwords
- PHP Safe Mode?