Ragnarok30

Penetration Testing Competition

9 posts in this topic

Hey guys.

I'm a organizer for computer related events at my college. One event I'm trying to host is a hacking battle on a closed network. Just mainly to show how exploits work and how to defend them.

I've never done anything like this before. Have any of you guys setup anything like this? If you have any links or ideas, can you help me?

Thanks

0

Share this post


Link to post
Share on other sites

There was one, it was called the "Semaphore Project". Was a while back and i dont think its up anymore, could be but i can't find it if it is. Anyway, the idea was you could create an account, log in via putty. You were either one of 2 teams to begin with (you pick which). CIA and the KGB. you had to find hidden docs on the box, take out players from other teams etc etc etc. It was still in open beta when i was on and since I went offline for a while I haven't seen it since. But that give you an idea of what you can do.

0

Share this post


Link to post
Share on other sites

The community I'm involved in did the exact same thing for Novell. We ran a round of wargames for Novell.

0

Share this post


Link to post
Share on other sites

Yes, our design consisted of 18 machines of various fresh installs, variety of OS builds, even IOS firmwares that were outdated. Most of these systems existed in a controlled VM environment on a private network where participants had an option to jump in and have fun. The biggest thing we got that allowed for the most fun is... RULE 1: There are no rules. Have fun. We had backup VM images that we rolled back into play every 12 hours so the game kept turning on them.

0

Share this post


Link to post
Share on other sites

if you are having a hacking battle, you should arrange teams and each team set up and secure their own box, the first team to root the other wins.

alternatively if you are setting up the boxes for the teams, then just install a few unpatched os's like xp sp1 and just secure them sketchily, look for some exploits on milw0rm and install the software, first one to root each box wins etc etc

0

Share this post


Link to post
Share on other sites

You also have to consider the skillset of your participants.

Two teams going against each others' hardened, fully-patched, firewalled OpenBSD boxes with only public key OpenSSH enabled will get old pretty quickly for anyone other than professional security researchers. I have seen wargames fail for just this reason -- it's boring for most of us (although in one case it did lead to a new vulnerability being tested and published against OpenBSD, which was kind of cool).

Better to have a collection of older or unpatched stuff with some known vulnerabilities to give all us hobbyists a fighting chance. This is more likely to approximate a "real world" setting, too, where you're not always looking at the latest and greatest security in place.

0

Share this post


Link to post
Share on other sites

some time ago me and some mates we organized a 'capture the flag' hacking challenge.

In a private network where anyone could join with his computer, we had one server with win2k server edition unpatched and another machine with

dvl. All the guys in the competition they had their chance to log in the box and acquire root or admin access.

The whole event took was only for 3 hours, and it was quite exciting! :)

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now