SecurityTubeBeta Watch ... Learn ... Contribute |
 |
 |
 |
 |
 |
  |
|
Louisville InfoSec CTF 2009 Challenge
This video summarizes one possible way contestants could have completed the Capture The Flag event at the 2009 Louisville Infosec. Tools and concepts used in the video include: Backtrack 4, Kismet Newcore, Nmap, Metasploit, Meterpreter, Firefox, SQL Injection, Cain, Truecrypt and 7zip.
Scenario:
The admins try to run their network as a tight ship, but you have been brought in to do a pentest. You know the admins have a Truecrypt volume out there with Personally Identifiable Information (PII). Your goal is to find it, and decrypt its contents till you get a list of names and Social Security Numbers. Little hints will be given via a comment wall on one of the web servers. To win points bring proof to the judge that the particular flag task has be completed. These are the "flags", and their point values:
0. Attach to the Wireless network (hint:CTF is in the name) and show the judge how you got the SSID. 15 points
(Name will be given if you can't find it, but you won't be able to get points for it.)
1. Find the IP of the of the Windows box named WinCTF owned by IronGCorp, and list 3 or more open ports. 5 points
2. Find the IP of the x86 based Linux box ran by IronGCorp, and list 2 or more open ports. 5 points
3. What box are the admins running their Intranet site on, and what is the web server type/version? 5 point
4. What is the Windows box's (WinCTF) Administrator password? 10 points
5. What is the x86 Linux box's Root password? 5 points
6. Copy PII.tc (a true crypt volume) to your box. 10 points
7. Password to the PII.tc file. 10 points
8. Password to a non x86 based Linux box. 10 points
9. Password to a 7zip archive. 10 points
10 The decrypted PII.csv file. 25 points
Highest point score at the end of the game wins. If two contestants have the same points at the end of the game, the first to accumulate their point total wins.
Thanks to Netinfinity for referring this video to us.
Scenario:
The admins try to run their network as a tight ship, but you have been brought in to do a pentest. You know the admins have a Truecrypt volume out there with Personally Identifiable Information (PII). Your goal is to find it, and decrypt its contents till you get a list of names and Social Security Numbers. Little hints will be given via a comment wall on one of the web servers. To win points bring proof to the judge that the particular flag task has be completed. These are the "flags", and their point values:
0. Attach to the Wireless network (hint:CTF is in the name) and show the judge how you got the SSID. 15 points
(Name will be given if you can't find it, but you won't be able to get points for it.)
1. Find the IP of the of the Windows box named WinCTF owned by IronGCorp, and list 3 or more open ports. 5 points
2. Find the IP of the x86 based Linux box ran by IronGCorp, and list 2 or more open ports. 5 points
3. What box are the admins running their Intranet site on, and what is the web server type/version? 5 point
4. What is the Windows box's (WinCTF) Administrator password? 10 points
5. What is the x86 Linux box's Root password? 5 points
6. Copy PII.tc (a true crypt volume) to your box. 10 points
7. Password to the PII.tc file. 10 points
8. Password to a non x86 based Linux box. 10 points
9. Password to a 7zip archive. 10 points
10 The decrypted PII.csv file. 25 points
Highest point score at the end of the game wins. If two contestants have the same points at the end of the game, the first to accumulate their point total wins.
Thanks to Netinfinity for referring this video to us.
Related Videos from: Hacker Challenges
 | |||||
You are Viewing this Video Now! | |||||
2313 views |
Author
Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net
©2007 Freak Labs |