UCSB CTF 2004

From C4 Wiki
Revision as of 23:59, 5 December 2004 by 134.130.4.46 (talk) (General)
Jump to: navigation, search

A team of hackers (known as "0ld Eur0pe"), mainly consisting of the Summerschool Aachen 2004, members of the Chaos Computer Club Cologne and some students of the RWTH[1], participated in the UCSB Capture The Flag 2004 game and were quite successful (see the scoreboard[2], second line).

This page serves as a whiteboard to document the setup we used this year and to collect ideas about what we can do better next time.

Setup

Network Setup

What To Do Better

General

  • don't put such a strong focus on host and network security again, this game was about application security
  • use some means of internal communication (wiki?)
  • split teams into research/abuse instead of attack/defense (Research would read code, produce new exploit and fix bugs, Abuse would automate and use exploits) (?)
  • start earlier
  • get more hardware boxes which could be used for monitoring and firewalls

VMWare Game Image Security

Check for

  • ssh pubkeys
  • sshd configuration:
    • PubKeyAuthentication
    • PermitRootLogin
  • nfs exports
  • user passwords
    • PHP Safe Mode?

Pics!