UCSB CTF 2004

From C4 Wiki
Revision as of 23:55, 5 December 2004 by 134.130.4.46 (talk) (What To Do Better)
Jump to: navigation, search

A team of hackers (known as "0ld Eur0pe"), mainly consisting of the Summerschool Aachen 2004, members of the Chaos Computer Club Cologne and some students of the RWTH[1], participated in the UCSB Capture The Flag 2004 game and were quite successful (see the scoreboard[2], second line).

This page serves as a whiteboard to document the setup we used this year and to collect ideas about what we can do better next time.

Setup

Network Setup

What To Do Better

General

  • don't put such a strong focus on host and network security again, this game was about application security ...
  • use some means of internal communication (wiki?)
  • split teams into research/abuse instead of attack/defense (?)

Research would read code, produce new exploit and fix bugs. Abuse would automate and use exploits.

VMWare Game Image Security

Check for

  • ssh pubkeys
  • sshd configuration:
    • PubKeyAuthentication
    • PermitRootLogin
  • nfs exports
  • user passwords
    • PHP Safe Mode?

Pics!