Hacking Contest by OffSec

[UNIX]

We are happy to announce the first of our Public Hacking contests, labeled “How strong is Your Fu?“. The challenge will last for two days, and may go on longer, depending on how long our machines survive. The reward ? The winner of the contest will be able to choose ONE of our Online courses, free of charge. This could be either PWB, WiFu or CTP (30 day labs where relevant).

More here. 🙂

[n1p]

Nice… That looks like it will be an interesting few days. Good to get a taste of those courses.

[impelse]

Great

[MicroJay]

That weekend just got booked!  😉

[Ketchup]

Ooooh, it’s a weekend.  Count me in.  Does anyone know if we can we team up at all?

[UNIX]

What do you have to do to win this challenge?  Use the Internet, use your skills, call your friends, heck, ask your mama – whatever it takes for you to hack our lab machines.

So teaming shouldn’t be a problem. 😉

[pizza1337]

nice.
i am gonna try (harder).

i am in your team 😉

[n1p]

EH oriented selection of teams may be a nice idea.

[dynamik]

Thanks for the heads-up, this looks fun.

They’ll have more information in a few days. I’d love to do a team-based thing, but it reads like its geared towards individuals.

[Dengar13]

I am in.  This should be fun!

[rattis]

I know my fu is weak, but I can’t wait to hear how someone else here decimates it. (also doesn’t help that most of my may weekends are already booked).

[MosGuy]

Looks very cool. I’ll have started my PWB session by then. If I’m not busy in the OffSec labs I may give it a shot.

[j0rDy]

wow, this is a great opportunity for everyone to get familiar with OffSec! CRAP!  >:((excuse me) i’m on holiday that weekend (actually returning that saturday evening)!  :'( maybe i’ll join in that sunday not to compete but just for the fun of it…

[DavidW]

This is something that I definitely want to participate in.  🙂 I was unfortunately still in lurker status on the boards last month when the competetiion for some Offensive Security prizes were up for grabs.

[eternal_security]

So when does this start?  And how do you get signed up?

[n1p]

Check out the link provided. It will answer your questions  😛

[rattis]

The first 3 steps of hacking are:
1) research
2) research again
3) research even more

Heck you have to do that before you can even get started most of the time. Who is the client, are they legit, is the guy asking for the pen-test really an employee?

Anyway as n1p said, read the link. You have to dig a little deeper, but the information is there.

[j0rDy]

research is key, but dont forget to document! always keep you findings neatly organized so you can trace steps back if you have to!

[MosGuy]

Or as Muts likes to say, “If I had 6 hours to chop down a tree, I’d spend the first 3 sharpening my axe.”

[UNIX]

Actually it’s a quote by Abraham Lincoln.

[MosGuy]

@awesec wrote:

Actually it’s a quote by Abraham Lincoln.

Yeah I know that, it’s one of Muts favorites. Seeing as this thread is regarding OffSec and the quote refers to the importance of prep/planning it seemed fitting.

[j0rDy]

Don’t forget “TRY HARDER!”

[hayabusa]

@awesec wrote:

Actually it’s a quote by Abraham Lincoln.

OK, geek time for the scholars –

And, as Lincoln was quite the scholar, himself I personally think he spoke with reference to the Bible, specifically Ecclesiastes 10:9-10, where it says:

“Whoso removeth stones shall be hurt therewith; and he that cleaveth wood shall be endangered thereby.  If the iron be blunt, and he do not whet the edge, then must he put to more strength: but wisdom is profitable to direct.”

[pizza1337]

http://www.information-security-training.com/n … les/ 

register quick!

[MicroJay]

I registered as well.

[DavidW]

I registered as well but I have not received a confirmation email to complete the process and it’s been over an hour.  I understand they might be receiving many requests for registration but I didn’t want to miss out on this opportunity. 🙂

[impelse]

I hope you guys share you exp with this attack. My skill are low for this kind tournament, but I would like to know how you did

[DavidW]

I don’t have a whole lot of skills either but I’m going to atleast try and see what I can do.

[pizza1337]

@DavidW wrote:

I don’t have a whole lot of skills either but I’m going to atleast try and see what I can do.

same here, if i participate it will be learning experience for me.

[impelse]

I think you are right. I will sign up too.

[MosGuy]

Good luck to those of you who have registered I hope some of you are accepted. I’ve decided to give it a miss, I’ll be banging my head & trying harder in the PWB labs. For those that do attend it would be good to hear feedback.

[Ketchup]

I am concerned.  I still haven’t gotten my confirmation and I registered hours ago.  I would hate to miss this despite having no chance of winning 🙂

[impelse]

Try to register again and check your spam or try a second email.

[Ketchup]

Been there, done that, still nothing 🙁

[MicroJay]

I had a similar issue. But I jumped on a different internet connection and it worked for me. I’m thinking they are going/filtering by IP addresses. Possibly someone registered on your network?

[rvs]

From http://www.information-security-training.com/news/how-strong-is-your-fu-registration-and-rules/

FYI:

      “cc says:
      April 23, 2010 at 4:13 am

      hey guys,

      why are you sending emails from apache@localhost.localdomain ?
      a lot of mail servers block that kind of stuff

      pretty sure lot of registrations will bounce”

admin says:
April 23, 2010 at 4:31 am

Changed SMTP settings, try now. Thanks for the heads up!

I guess try again guys…

[Xen]

@rvs
Thanks! I tried again and received my confirmation email.

[Ketchup]

rvs, thanks for the heads.  I finally got it.

[rvs]

hey guys,  maybe one of you guys taking the challenge,  could probably discuss it on a Thread or something… that could be very informative for security professionals. Would that be amazing I guess so…

[Anonymous]

Hi guys,

“No vulnerability scanners, or automated tools”

Are you aware if Nmap is included in the “don’t use” tools?

[pizza1337]

@JollyJokker wrote:

Hi guys,

“No vulnerability scanners, or automated tools”

Are you aware if Nmap is included in the “don’t use” tools?

I hope its allowed.

[Ketchup]

Someone asked about that in the discussion.  The impression that I got is that they will intentionally mislead your vuln scanner results.  Either way, a I am sure a simple netcat scan or a scripted telnet scan will do the job just as well.

[j0rDy]

there are plenty other ways to get a good fingerprint of the system at hand (like said: telnet or netcat will do just fine).

I decided not to sign up because of absence on the first day. this way i will give someone else the opportunity to give it a REAL try…(my guess: it will be cracked within the first 24h, or not at all 8))

[Ketchup]

I am actually thinking someone may 0day pwn it in a couple of hours 🙂

[bamed]

I have to wonder how difficult the Tournament will be compared to the PWB challenge or the CTP challenge.
Having taken PWB and obtained OSCP, I’m pretty sure it will be a quality exercise and worth the time, and I’m all for free training!  However, if it more the Tournament is more difficult than the courses’ challenge exams, will the winner need the training?  I mean if you win the Tournament by basically passing the challenge exam at the end of a course, and the prize is the course…  Of course if it’s easier, than it should be cracked pretty quickly.

Anyway, just thinking out loud (or rather silently, but publicly).  At any rate, I expect it to be fun and the competition to be fierce.  And if I happen to win, I’ll greedily accept the free CTP training.

[impelse]

Some people will do it just for the glory or prove themselvs or they can take the other training like the CPT

[Xen]

Offensive Security recently announced that they’ll allow everyone to participate. However, the tournament will be conducted in two phases and only the first 100 who complete phase 1 will be allowed to advance to phase 2.

What to expect

   * The challenge will be built of two Phases, appropriately called “Phase 1″ and “Phase 2″. Phase one is also humorously called “The noob filter”, as only the first 100 people who hack their way past this machine will pass on to “Phase 2″. Please do not be offended by the choice of machine names, it’s all done in humor. Once “Phase 1″ is hacked by an attendee, they will find instructions on how to proceed to “Phase 2″.
   * “Phase 2″ will involve VPN access to an internal lab, with several additional machines which are trembling with anticipation for the taunting session hacking tournament.
   * All registered attendees will get an email on the 8th of May, around 14:00 GMT (that means around 10am EST) with further instructions, attack adresses, etc. We have around 120 people who have not verified their registration – those will not be included in the list. If you did not get a confirmation email, re-register, or contact Offsec Staff (figure out how).

Complete information here;
http://www.information-security-training.com/events/offensive-security-hacking-tournament-updates/

[Xen]

Has anyone received their password for the contest? They’ve sent the email I guess..

[Xen]

If anyone has not received their email they can contact muts at #HSIYF on freenode. Just received mine 😀

[Anonymous]

got mine too  🙂

[zeroflaw]

Crap…I forgot about this. Now I’m too late :/

[hayabusa]

I saw it, but as I was already registered for OSCP v3 starting tomorrow, I decided against jumping into it.

[pizza1337]

This is hard. has anyone here passed phase 1 yet?

[bamed]

There’s 15 people on the scoreboard so far.  This n00b filter is pretty tough.  The IDS is pretty fierce and the 5 minute cooldown is wearing on my patience.

[pizza1337]

i see someone named “KETCHUP” there, who got passed phase 1. 🙂

[hayabusa]

Good.  Nice to know one of ours is progressing.  Great job, Ketchup!

[What90]

Nice work Ketchup!

The challenge was fun, apart from load times.
The lag is an absolute killer of us at the bottom of the world. Load time of over 10,000ms per object, so can’t complete stage one to get away from the loonies and get some peace to go for gold 🙁

[pizza1337]

I agree, its sloww..

[alan]

this is fun, got past the noob filter, but not getting much else going!

[rattis]

for those of us not playing (I have not the skill), where is the score board to watch?

*edit: Never mind, I found it:
http://scoreboard.information-security-training.com/scoreboard/

[pizza1337]

I cant get past noob filter, i get access to WAF but i dont know what to do after that..

http://www.securityfocus.com/archive/1/508124/30/0/threaded&nbsp; < i dont understand this..

[Xen]

I too am not able to clear phase1. Contact Ketchup on IRC perhaps he might help you.

[Xen]

Anyone else from EHNet pwned phase 1? I see Ketchup and xXxKrisxXx only.
I’m still not able to authenticate to the website.

[j0rDy]

nice to see people are trying hard! just got back from holiday so i’m dying to see how people are doing. too bad phase 1 is slow for some people, but i guess it will be better after the “noob filter”.

[zeroflaw]

I’ve tried for a bit last night. And now I’m gonna try again lol. Don’t have much time for this, cause of exams going on.

I’m not sure if I should look for some server misconfiguration or bypass the login script  :-

[Xen]

@zeroflaw
My attempts too have been sporadic. I believe you’ve to firstly authenticate to the website and then exploit a vulnerability in the dotDefender WAF. I started password guessing 1/2 hr. ago. Don’t know how much time will it take.

@j0rDy
I’m a noob. This contest is a proof of that.

[zeroflaw]

Oh lol, didn’t realise I was actually hitting the WAF :-[

I just want to pwn the noob filter now  😛

[pizza1337]

me too.

[Ketchup]

I officially got my butt kicked, big time, and I loved every minute of it.  I thought it was a tough challenge, although I expected nothing less.  I realized how weak my FU is and how much work I need on exploit development.  If nothing else, this should motivate me. 

There were a few EH.net members in IRC, trying to get through it.  Hopefully everyone had a blast like I did.

P.S.  Mark, I read your article (and the links your provided) on SEH Exploits about 10 times this weekend. 🙂 

[pizza1337]

@Ketchup wrote:

I officially got my butt kicked, big time, and I loved every minute of it.   I thought it was a tough challenge, although I expected nothing less.   I realized how weak my FU is and how much work I need on exploit development.  If nothing else, this should motivate me. 

There were a few EH.net members in IRC, trying to get through it.  Hopefully everyone had a blast like I did.

P.S.  Mark, I read your article (and the links your provided) on SEH Exploits about 10 times this weekend. 🙂 

dude, you did good job.
I couldn’t even get past phase 1, i figured out how to do it this morning, but it was too late.
I am not very good at web applications.

[impelse]

Congrats Ketchup

[Xen]

Nevertheless, good job ketchup! Did you even sleep? I checked that you were on IRC the whole time. Have some rest now. You deserve it  🙂

[bamed]

It was fun, but totally kicked my butt too.  Never got past phase 1.  I didn’t get much time besides Saturday morning and a little while Saturday evening to spend on it, though I did spend all weekend thinking about it.  Now I know I need to focus some study on exploiting web apps. 
On another note, I managed to get through the Google Code Jam qualification round, so the weekend wasn’t a total loss!

[MicroJay]

I tried…Guess I did not “Try Harder”! 
I looked at the source of the pages to try and pick something out.  “HAHAHAHA!” kept bugging me.
I kept getting the 5 minute delay.  🙁

I think I will be taking some courses this year when the time is right!  😉

Congrats on getting by Level 1 Ketchup and xXxKrisxXx and anyone else I forgotten!

[zeroflaw]

Well the annoying thing was that I pretty much had the solution to phase 1 thanks to What90. Lag prevented me from getting a HTTP response from the exploit  :- There were a few slots left and I just didn’t make it.

I learned something from this though. I was trying to bypass the filter by HTTP Parameter Pollution. So I was skipping through PDF’s and PPT’s trying to learn as much about it as quickly as I could. Also tried a bunch of other SQL Injection vectors. And in the end I was thinking far too difficult. Though the HPP techniques will come in handy in the future perhaps 8)

Perhaps Ill see if I can install dotDefender and try the exploit in a lab environment ;D And I’ve heard there will be another contest like this in the future, so hopefully my Fu will be stronger by then 😉

[Xen]

Offensive Security has declared winners and posted the solutions to the contest.
http://www.information-security-training.com/blog/

Now that I look at the answers I feel so stupid that I wasn’t able to clear this stage. I was on the right track but someone or the other regularly changing the passwords confused me a lot.

[Ketchup]

Offsec released some of the reports for the challenges. 

http://www.information-security-training.com/news/hsiyf-runner-up-documentation/

I feel absolutely silly for spending I don’t even know how many hours trying to modify an exploit to work with Windows 7, when I didn’t have to 😀  I can’t believe I missed the completely easy route and went for something nuts.  It’s not the first time though 🙂  Oh well, live an learn.

[impelse]

That’s the way to learn, I am very sure you will never forget it and next time you will save time.

[hayabusa]

@impelse wrote:

That’s the way to learn, I am very sure you will never forget it and next time you will save time.

Amen!  But congrats on the fun and learning you DID get, Ketchup.

[Xen]

Thanks, Ketchup!
These reports clearly demonstrate how different people take different approaches to achieve the same goal.

[zeroflaw]

Oh man! So there was no lag on the noob-filter! Everyone was saying that so I assumed everyone was trying to exploit the filter all at the same time. Oh well, better luck next time… hopefully 😛

[j0rDy]

a great way to keep learning new stuff and to keep everyone on there toes! good to see OffSec liked it too and turned it in to an annual event!

[Author]

Posts