UCSB CTF 2004

From C4 Wiki
Revision as of 12:17, 16 December 2004 by 194.185.112.169 (talk) (Patches and Exploits)
Jump to: navigation, search

A team of hackers (known as "0ld Eur0pe"), mainly consisting of the Summerschool Aachen 2004, members of the Chaos Computer Club Cologne and some students of the RWTH[1], participated in the UCSB Capture The Flag 2004 game[2] and were quite successful (see the participants[3] and scoreboard[4], second line).

This page serves as a whiteboard to document the setup we used this year and to collect ideas about what we can do better next time.

Setup

Network Setup

The image is missing our loghost, which we added later with a hub in front of styx.

What To Do Better

General

  • don't put such a strong focus on host and network security again, this game was about application security
  • use some means of internal communication (wiki?)
  • split teams into research/abuse instead of attack/defense (Research would read code, produce new exploit and fix bugs, Abuse would automate and use exploits) (?)
  • start earlier
  • get more hardware boxes which could be used for monitoring and firewalls
  • doorkeeper for drunken people

VMWare Game Image Security

Check for

  • ssh pubkeys
  • sshd configuration:
    • PubKeyAuthentication
    • PermitRootLogin
  • nfs exports
  • user passwords
  • PHP Safe Mode?

Patches and Exploits

Please contribute the weaknesses you found including exploits and patches. Lexi is also collecting all files that were produced during the event (scripts, logs, etc)

  • pollit
    • directory traversal, rsutling is reading and writing capability on files whose names contain a dot
  • register
    • possible SQL-injection in at least update.pl and review.pl due to unsanitized input
  • feedback
    • directory traversal, ability to write (append) and read access to script files. Appending leads to executing of malicious commands.
  • diebald (task admin)
    • a compound of format bug on a printf and broken logic while reading tasks file, leaded to /bin/sh

Pics!

Where are the pictures people made during the event? Where can I download the video somebody created? (That was Klaus Ridder)

Logs

fd0 has some irc-logs of #ucsb-ctf on freenode during the game.