UCSB CTF 2004
A team of hackers (known as "0ld Eur0pe"), mainly consisting of the Summerschool Aachen 2004, members of the Chaos Computer Club Cologne and some students of the RWTH[1], participated in the UCSB Capture The Flag 2004 game and were quite successful (see the scoreboard[2], second line).
This page serves as a whiteboard to document the setup we used this year and to collect ideas about what we can do better next time.
Setup
What To Do Better
General
- don't put such a strong focus on host and network security again, this game was about application security ...
- use some means of internal communication (wiki?)
- split teams into research/abuse instead of attack/defense (?)
Research would read code, produce new exploit and fix bugs. Abuse would automate and use exploits.
VMWare Game Image Security
Check for
- ssh pubkeys
- sshd configuration:
- PubKeyAuthentication
- PermitRootLogin
- nfs exports
- user passwords
- PHP Safe Mode?