Hacking Contest by OffSec

Viewing 81 reply threads
  • Author
    Posts
    • #4955
      UNIX
      Participant

      We are happy to announce the first of our Public Hacking contests, labeled “How strong is Your Fu?“. The challenge will last for two days, and may go on longer, depending on how long our machines survive. The reward ? The winner of the contest will be able to choose ONE of our Online courses, free of charge. This could be either PWB, WiFu or CTP (30 day labs where relevant).

      More here. 🙂

    • #31191
      n1p
      Participant

      Nice… That looks like it will be an interesting few days. Good to get a taste of those courses.

    • #31192
      impelse
      Participant

      Great

    • #31193
      MicroJay
      Participant

      That weekend just got booked!  😉

    • #31194
      Ketchup
      Participant

      Ooooh, it’s a weekend.  Count me in.  Does anyone know if we can we team up at all?

    • #31195
      UNIX
      Participant

      What do you have to do to win this challenge?  Use the Internet, use your skills, call your friends, heck, ask your mama – whatever it takes for you to hack our lab machines.

      So teaming shouldn’t be a problem. 😉

    • #31196
      pizza1337
      Participant

      nice.
      i am gonna try (harder).

      i am in your team 😉

    • #31197
      n1p
      Participant

      EH oriented selection of teams may be a nice idea.

    • #31198
      dynamik
      Participant

      Thanks for the heads-up, this looks fun.

      They’ll have more information in a few days. I’d love to do a team-based thing, but it reads like its geared towards individuals.

    • #31199
      Dengar13
      Participant

      I am in.  This should be fun!

    • #31200
      rattis
      Participant

      I know my fu is weak, but I can’t wait to hear how someone else here decimates it. (also doesn’t help that most of my may weekends are already booked).

    • #31201
      MosGuy
      Participant

      Looks very cool. I’ll have started my PWB session by then. If I’m not busy in the OffSec labs I may give it a shot.

    • #31202
      j0rDy
      Participant

      wow, this is a great opportunity for everyone to get familiar with OffSec! CRAP!  >:((excuse me) i’m on holiday that weekend (actually returning that saturday evening)!  :'( maybe i’ll join in that sunday not to compete but just for the fun of it…

    • #31203
      DavidW
      Participant

      This is something that I definitely want to participate in.  🙂 I was unfortunately still in lurker status on the boards last month when the competetiion for some Offensive Security prizes were up for grabs.

    • #31204
      eternal_security
      Participant

      So when does this start?  And how do you get signed up?

    • #31205
      n1p
      Participant

      Check out the link provided. It will answer your questions  😛

    • #31206
      rattis
      Participant

      The first 3 steps of hacking are:
      1) research
      2) research again
      3) research even more

      Heck you have to do that before you can even get started most of the time. Who is the client, are they legit, is the guy asking for the pen-test really an employee?

      Anyway as n1p said, read the link. You have to dig a little deeper, but the information is there.

    • #31207
      j0rDy
      Participant

      research is key, but dont forget to document! always keep you findings neatly organized so you can trace steps back if you have to!

    • #31208
      MosGuy
      Participant

      Or as Muts likes to say, “If I had 6 hours to chop down a tree, I’d spend the first 3 sharpening my axe.”

    • #31209
      UNIX
      Participant

      Actually it’s a quote by Abraham Lincoln.

    • #31210
      MosGuy
      Participant

      @awesec wrote:

      Actually it’s a quote by Abraham Lincoln.

      Yeah I know that, it’s one of Muts favorites. Seeing as this thread is regarding OffSec and the quote refers to the importance of prep/planning it seemed fitting.

    • #31211
      j0rDy
      Participant

      Don’t forget “TRY HARDER!”

    • #31212
      hayabusa
      Participant

      @awesec wrote:

      Actually it’s a quote by Abraham Lincoln.

      OK, geek time for the scholars –

      And, as Lincoln was quite the scholar, himself I personally think he spoke with reference to the Bible, specifically Ecclesiastes 10:9-10, where it says:

      “Whoso removeth stones shall be hurt therewith; and he that cleaveth wood shall be endangered thereby.  If the iron be blunt, and he do not whet the edge, then must he put to more strength: but wisdom is profitable to direct.”

    • #31213
      pizza1337
      Participant
    • #31214
      MicroJay
      Participant

      I registered as well.

    • #31215
      DavidW
      Participant

      I registered as well but I have not received a confirmation email to complete the process and it’s been over an hour.  I understand they might be receiving many requests for registration but I didn’t want to miss out on this opportunity. 🙂

    • #31216
      impelse
      Participant

      I hope you guys share you exp with this attack. My skill are low for this kind tournament, but I would like to know how you did

    • #31217
      DavidW
      Participant

      I don’t have a whole lot of skills either but I’m going to atleast try and see what I can do.

    • #31218
      pizza1337
      Participant

      @DavidW wrote:

      I don’t have a whole lot of skills either but I’m going to atleast try and see what I can do.

      same here, if i participate it will be learning experience for me.

    • #31219
      impelse
      Participant

      I think you are right. I will sign up too.

    • #31220
      MosGuy
      Participant

      Good luck to those of you who have registered I hope some of you are accepted. I’ve decided to give it a miss, I’ll be banging my head & trying harder in the PWB labs. For those that do attend it would be good to hear feedback.

    • #31221
      Ketchup
      Participant

      I am concerned.  I still haven’t gotten my confirmation and I registered hours ago.  I would hate to miss this despite having no chance of winning 🙂

    • #31222
      impelse
      Participant

      Try to register again and check your spam or try a second email.

    • #31223
      Ketchup
      Participant

      Been there, done that, still nothing 🙁

    • #31224
      MicroJay
      Participant

      I had a similar issue. But I jumped on a different internet connection and it worked for me. I’m thinking they are going/filtering by IP addresses. Possibly someone registered on your network?

    • #31225
      rvs
      Participant

      From http://www.information-security-training.com/news/how-strong-is-your-fu-registration-and-rules/

      FYI:

            “cc says:
            April 23, 2010 at 4:13 am

            hey guys,

            why are you sending emails from apache@localhost.localdomain ?
            a lot of mail servers block that kind of stuff

            pretty sure lot of registrations will bounce”

      admin says:
      April 23, 2010 at 4:31 am

      Changed SMTP settings, try now. Thanks for the heads up!

      I guess try again guys…

    • #31226
      Xen
      Participant

      @rvs
      Thanks! I tried again and received my confirmation email.

    • #31227
      Ketchup
      Participant

      rvs, thanks for the heads.  I finally got it.

    • #31228
      rvs
      Participant

      hey guys,  maybe one of you guys taking the challenge,  could probably discuss it on a Thread or something… that could be very informative for security professionals. Would that be amazing I guess so…

    • #31229
      Anonymous
      Participant

      Hi guys,

      “No vulnerability scanners, or automated tools”

      Are you aware if Nmap is included in the “don’t use” tools?

    • #31230
      pizza1337
      Participant

      @JollyJokker wrote:

      Hi guys,

      “No vulnerability scanners, or automated tools”

      Are you aware if Nmap is included in the “don’t use” tools?

      I hope its allowed.

    • #31231
      Ketchup
      Participant

      Someone asked about that in the discussion.  The impression that I got is that they will intentionally mislead your vuln scanner results.  Either way, a I am sure a simple netcat scan or a scripted telnet scan will do the job just as well.

    • #31232
      j0rDy
      Participant

      there are plenty other ways to get a good fingerprint of the system at hand (like said: telnet or netcat will do just fine).

      I decided not to sign up because of absence on the first day. this way i will give someone else the opportunity to give it a REAL try…(my guess: it will be cracked within the first 24h, or not at all 8))

    • #31233
      Ketchup
      Participant

      I am actually thinking someone may 0day pwn it in a couple of hours 🙂

    • #31234
      bamed
      Participant

      I have to wonder how difficult the Tournament will be compared to the PWB challenge or the CTP challenge.
      Having taken PWB and obtained OSCP, I’m pretty sure it will be a quality exercise and worth the time, and I’m all for free training!  However, if it more the Tournament is more difficult than the courses’ challenge exams, will the winner need the training?  I mean if you win the Tournament by basically passing the challenge exam at the end of a course, and the prize is the course…  Of course if it’s easier, than it should be cracked pretty quickly.

      Anyway, just thinking out loud (or rather silently, but publicly).  At any rate, I expect it to be fun and the competition to be fierce.  And if I happen to win, I’ll greedily accept the free CTP training.

    • #31235
      impelse
      Participant

      Some people will do it just for the glory or prove themselvs or they can take the other training like the CPT

    • #31236
      Xen
      Participant

      Offensive Security recently announced that they’ll allow everyone to participate. However, the tournament will be conducted in two phases and only the first 100 who complete phase 1 will be allowed to advance to phase 2.

      What to expect

         * The challenge will be built of two Phases, appropriately called “Phase 1″ and “Phase 2″. Phase one is also humorously called “The noob filter”, as only the first 100 people who hack their way past this machine will pass on to “Phase 2″. Please do not be offended by the choice of machine names, it’s all done in humor. Once “Phase 1″ is hacked by an attendee, they will find instructions on how to proceed to “Phase 2″.
         * “Phase 2″ will involve VPN access to an internal lab, with several additional machines which are trembling with anticipation for the taunting session hacking tournament.
         * All registered attendees will get an email on the 8th of May, around 14:00 GMT (that means around 10am EST) with further instructions, attack adresses, etc. We have around 120 people who have not verified their registration – those will not be included in the list. If you did not get a confirmation email, re-register, or contact Offsec Staff (figure out how).

      Complete information here;
      http://www.information-security-training.com/events/offensive-security-hacking-tournament-updates/

    • #31237
      Xen
      Participant

      Has anyone received their password for the contest? They’ve sent the email I guess..

    • #31238
      Xen
      Participant

      If anyone has not received their email they can contact muts at #HSIYF on freenode. Just received mine 😀

    • #31239
      Anonymous
      Participant

      got mine too  🙂

    • #31240
      zeroflaw
      Participant

      Crap…I forgot about this. Now I’m too late :/

    • #31241
      hayabusa
      Participant

      I saw it, but as I was already registered for OSCP v3 starting tomorrow, I decided against jumping into it.

    • #31242
      pizza1337
      Participant

      This is hard. has anyone here passed phase 1 yet?

    • #31243
      bamed
      Participant

      There’s 15 people on the scoreboard so far.  This n00b filter is pretty tough.  The IDS is pretty fierce and the 5 minute cooldown is wearing on my patience.

    • #31244
      pizza1337
      Participant

      i see someone named “KETCHUP” there, who got passed phase 1. 🙂

    • #31245
      hayabusa
      Participant

      Good.  Nice to know one of ours is progressing.  Great job, Ketchup!

    • #31246
      What90
      Participant

      Nice work Ketchup!

      The challenge was fun, apart from load times.
      The lag is an absolute killer of us at the bottom of the world. Load time of over 10,000ms per object, so can’t complete stage one to get away from the loonies and get some peace to go for gold 🙁

    • #31247
      pizza1337
      Participant

      I agree, its sloww..

    • #31248
      alan
      Participant

      this is fun, got past the noob filter, but not getting much else going!

    • #31249
      rattis
      Participant

      for those of us not playing (I have not the skill), where is the score board to watch?

      *edit: Never mind, I found it:
      http://scoreboard.information-security-training.com/scoreboard/

    • #31250
      pizza1337
      Participant

      I cant get past noob filter, i get access to WAF but i dont know what to do after that..

      http://www.securityfocus.com/archive/1/508124/30/0/threaded&nbsp; < i dont understand this..

    • #31251
      Xen
      Participant

      I too am not able to clear phase1. Contact Ketchup on IRC perhaps he might help you.

    • #31252
      Xen
      Participant

      Anyone else from EHNet pwned phase 1? I see Ketchup and xXxKrisxXx only.
      I’m still not able to authenticate to the website.

    • #31253
      j0rDy
      Participant

      nice to see people are trying hard! just got back from holiday so i’m dying to see how people are doing. too bad phase 1 is slow for some people, but i guess it will be better after the “noob filter”.

    • #31254
      zeroflaw
      Participant

      I’ve tried for a bit last night. And now I’m gonna try again lol. Don’t have much time for this, cause of exams going on.

      I’m not sure if I should look for some server misconfiguration or bypass the login script  :-

    • #31255
      Xen
      Participant

      @zeroflaw
      My attempts too have been sporadic. I believe you’ve to firstly authenticate to the website and then exploit a vulnerability in the dotDefender WAF. I started password guessing 1/2 hr. ago. Don’t know how much time will it take.

      @j0rDy
      I’m a noob. This contest is a proof of that.

    • #31256
      zeroflaw
      Participant

      Oh lol, didn’t realise I was actually hitting the WAF :-[

      I just want to pwn the noob filter now  😛

    • #31257
      pizza1337
      Participant

      me too.

    • #31258
      Ketchup
      Participant

      I officially got my butt kicked, big time, and I loved every minute of it.  I thought it was a tough challenge, although I expected nothing less.  I realized how weak my FU is and how much work I need on exploit development.  If nothing else, this should motivate me. 

      There were a few EH.net members in IRC, trying to get through it.  Hopefully everyone had a blast like I did.

      P.S.  Mark, I read your article (and the links your provided) on SEH Exploits about 10 times this weekend. 🙂 

    • #31259
      pizza1337
      Participant

      @Ketchup wrote:

      I officially got my butt kicked, big time, and I loved every minute of it.   I thought it was a tough challenge, although I expected nothing less.   I realized how weak my FU is and how much work I need on exploit development.  If nothing else, this should motivate me. 

      There were a few EH.net members in IRC, trying to get through it.  Hopefully everyone had a blast like I did.

      P.S.  Mark, I read your article (and the links your provided) on SEH Exploits about 10 times this weekend. 🙂 

      dude, you did good job.
      I couldn’t even get past phase 1, i figured out how to do it this morning, but it was too late.
      I am not very good at web applications.

    • #31260
      impelse
      Participant

      Congrats Ketchup

    • #31261
      Xen
      Participant

      Nevertheless, good job ketchup! Did you even sleep? I checked that you were on IRC the whole time. Have some rest now. You deserve it  🙂

    • #31262
      bamed
      Participant

      It was fun, but totally kicked my butt too.  Never got past phase 1.  I didn’t get much time besides Saturday morning and a little while Saturday evening to spend on it, though I did spend all weekend thinking about it.  Now I know I need to focus some study on exploiting web apps. 
      On another note, I managed to get through the Google Code Jam qualification round, so the weekend wasn’t a total loss!

    • #31263
      MicroJay
      Participant

      I tried…Guess I did not “Try Harder”! 
      I looked at the source of the pages to try and pick something out.  “HAHAHAHA!” kept bugging me.
      I kept getting the 5 minute delay.  🙁

      I think I will be taking some courses this year when the time is right!  😉

      Congrats on getting by Level 1 Ketchup and xXxKrisxXx and anyone else I forgotten!

    • #31264
      zeroflaw
      Participant

      Well the annoying thing was that I pretty much had the solution to phase 1 thanks to What90. Lag prevented me from getting a HTTP response from the exploit  :- There were a few slots left and I just didn’t make it.

      I learned something from this though. I was trying to bypass the filter by HTTP Parameter Pollution. So I was skipping through PDF’s and PPT’s trying to learn as much about it as quickly as I could. Also tried a bunch of other SQL Injection vectors. And in the end I was thinking far too difficult. Though the HPP techniques will come in handy in the future perhaps 8)

      Perhaps Ill see if I can install dotDefender and try the exploit in a lab environment ;D And I’ve heard there will be another contest like this in the future, so hopefully my Fu will be stronger by then 😉

    • #31265
      Xen
      Participant

      Offensive Security has declared winners and posted the solutions to the contest.
      http://www.information-security-training.com/blog/

      Now that I look at the answers I feel so stupid that I wasn’t able to clear this stage. I was on the right track but someone or the other regularly changing the passwords confused me a lot.

    • #31266
      Ketchup
      Participant

      Offsec released some of the reports for the challenges. 

      http://www.information-security-training.com/news/hsiyf-runner-up-documentation/

      I feel absolutely silly for spending I don’t even know how many hours trying to modify an exploit to work with Windows 7, when I didn’t have to 😀  I can’t believe I missed the completely easy route and went for something nuts.  It’s not the first time though 🙂  Oh well, live an learn.

    • #31267
      impelse
      Participant

      That’s the way to learn, I am very sure you will never forget it and next time you will save time.

    • #31268
      hayabusa
      Participant

      @impelse wrote:

      That’s the way to learn, I am very sure you will never forget it and next time you will save time.

      Amen!  But congrats on the fun and learning you DID get, Ketchup.

    • #31269
      Xen
      Participant

      Thanks, Ketchup!
      These reports clearly demonstrate how different people take different approaches to achieve the same goal.

    • #31270
      zeroflaw
      Participant

      Oh man! So there was no lag on the noob-filter! Everyone was saying that so I assumed everyone was trying to exploit the filter all at the same time. Oh well, better luck next time… hopefully 😛

    • #31271
      j0rDy
      Participant

      a great way to keep learning new stuff and to keep everyone on there toes! good to see OffSec liked it too and turned it in to an annual event!

Viewing 81 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?