HITBSecConf2007 Capture the Flag Game Considered Fun

< HITBSecConf2007 Considered 1337 | HITBSecConf2007 CTF Daemons Considered Sexy >

Saturday, September 8. 2007

(Posted by Mel Mudin)

Capture the Flag Day 1

11 teams were supposed to compete is this year's edition of Capture the Flag game (this year's edition was the sixth CTF to be organized by HITB), but one team, the winner of the UiTM i-Hack international hacking challenge (organized by SCAN associates) pulled out at the last minute. Like previous years, the game play is the same, except that this year we introduced new points (bonus and breakthroughs).

Bonus points were given for teams that manage to crack Windows binaries provided during the game day
Breakthrough points were given for any team that managed to submit the first flag for any daemon, basically, if you're the first to submit a flag for say daemon01, then you will be given breakthrough points
Another bonus points will be given at the end of the game day for writeups - the writeups were written by the team on how they exploit certain daemons, the binaries and their defensive strategies

On the first day, the game was delayed due to technical glitches - we didn't have enough time for testing since all of the CTF crew were pretty darn busy with work, and on top of that, thanks so effing much to Hilton, we were only able to do the setup at 12 midnight.

We released crackme1.exe, and SaoVang from Vietnam managed to crack it in under an hour.

Havoc began when teams entered the CTF area. Most of them quickly shutdown VMWare Player in order to make copies of the image. While there was nothing against this, it was pretty annoying since we had to ensure every team's server was online.

The first day ended without any interesting events. We had to leave early (against thanks to Hilton) as the bomb squads were in the building - the Deputy Prime Minister was going to have a function that evening.

Capture the Flag Day 2

The second day went well, and SoaVang led from beginning. They managed to crack crackme2.exe (provided on day 1). They were also the first team to submit flags for daemon01, daemon04, daemon07, and daemon08 (daemon08's source code was released to the team later during the day). WsLabi were only able to crack crackme1.exe, and the first team to submit flag for daemon03, while Padocon managed to get breakthrough for daemon02. Interestingly, Padocon team only submitted 5 flags for daemon02 - maybe their exploit wasn't reliable.

After lunch we released crackme3.exe, which carried 800 points, and the SoaVang cracked it with ease.

The winner was then pretty clear after lunch, and second place was pretty much determined after lunch as well when WsLabi overtook Padocon and Powerhacker by submitting more flags.

What we observed during the game

The SaoVang team members were really good reverse engineers and exploit writers
The SaoVang team members were even better at Windows reverse engineering
It took an average of 1.5 hours for other teams to write exploit for daemon08 after the source code was released, but SaoVang managed to crack it under an hour
During the last 3 hours of the game, SaoVang automated all their available exploits and flag submissions via a simple Python script, while other teams were doing the copy/paste->remove whitespace routine
Army Strong had quite a complicated defensive strategies (a few Perl scripts were submitted to us for bonus points), and came out with the highest defensive score. t3nth had a simple but effective defensive strategy as well, and they could have gotten enough points if they put more effort into offense - or send a better team member. During the game, it seemed like only one person was doing something, while the other two was staring blankly at the screen.
Qb1t - no matter how many times we resetted their flags, they always screwed it up! What is the fuck? Qb1t, as far as my memory can recall, is the only team that have been participating since 2003, but never got anything right.
Some teams tried to reverse engineer our set_flag and get_flag operation - I think one of the team managed to do it.
Army Strong was very good defensively - they could have won any of the first three placings if they managed to get offensive points.
~~Compared to last year, Padocon sent two very young teams (Padocon and Powerhacker) but they managed to get 3rd and 4th placings respectively~~.
After m0s (toyok, a fomer member is now a rock star, riaf helped out with the CTF - thanks bro!) none of the participating Malaysian teams were up to par with the other Asian hackers.

So that's it for the CTF this year. It was good game, we made it much easier than last year, albeit more challenging, and as always, it wasn't an easy game to organize. Thanks to all participating teams, sponsors, organizers and team kambing biri2 31337 (elite sheep team).

ERRATA: Powerhacker is not part of Padocon

Posted by Mel Mudin at 06:04 | Comments (13) | Trackbacks (0)

Defined tags for this entry: ctf, events, hacking, hitb, hitbsecconf, vnsecurity

1066 hits

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

There is something wrong~^^
The Powerhacker is not include the Padocon.
The Powerhacker is Other team that not Padocon...^^
One of Powerhacker is good friend
so I don't want that give some confuse~^^
Powerhacker is good team that has good skill^^
Have a good day~^^

#1 oroi on 2007-09-08 18:47 (Reply)

hey man,

sorry for the confusion. i did not know that powerhacker was not part of padocon. the blog post had been fixed.

#1.1 spoonfork (Homepage) on 2007-09-08 18:54 (Reply)

Thanks~ for the fast modify~^^

Well~ It may be that we don't have introduce time...^^

Next year, may be can get a time to introduce~^^

sorry for my english is not good...TT

#1.1.1 oroi on 2007-09-09 13:13 (Reply)

thanks spoonfork.. :)~~~
next year hitb party can invite myband to perform

#2 toyok on 2007-09-10 11:48 (Reply)

Well, at least M'sia still had two teams (nevertheless struggling) and holding their breaths. DTF07 was a rehashed from Duo of two years and Stealther was there also two/three years back.

You cannot compare the m0s time-of-fame period, as the rule of the game that time was merely to see ... who can hit the ENTER key the fastest

sheesh. there's no real skillz like wat u see in SaoVang and WsLabi (aka Zone-H).

If our teams shd shine, less buggers shd hit the Gamer's stand and learn to write 'sploits. And come back next year. Any M'sian team that comes in at least 3rd, I'll buy you a teh tarik (or if you're on the other side of the fence, I'll ask me friend to buy you a beer)!

#3 konarlehper on 2007-09-12 14:26 (Reply)

no, we do have skillful hackers - it is just that there's too much reputation at stake in the CTF, thus rather than 'suffering the humiliation of getting 2nd place', they rather not join

#3.1 spoonfork (Homepage) on 2007-09-13 12:15 (Reply)

oh come on! MY can surely do better than that; if u dun suffer humiliation, u'll never know where u go man!

as a matter of fact, u'll notice that Stealther actually cracked 2 bins, and was on the way to wreaking more havoc. They're probably slo.....wer than the rest (of the first 4; dun count the yankees as they're only good in defending; yeah, they and their STARWARS programme! But Stealther's definitely getting there. Probably their skillz would be more up-to par with Koreans next year. Hopefully.

if u notice both teams Duo and Stealther had a change of some folks over the years. Stealther used to have a "babe" on board (checkout previous years photos). Wonder where she retired to??

M'sia BOLEH! Who say tak boleh? I'll ask my bros to come down to the hotel and ketuk them teruk-teruk next year.

#3.1.1 konarlehper on 2007-09-13 14:35 (Reply)

well, if you notice how Stealther play, then you may be surprised. If I was not wrong, what they did was basically running a Honeypot on the server and capture all the traffics flying on the network, then copy all the related flag and submit to the score server. So, now get it?

Anyway, it is good that they know how to use honeypot, very good tactic and strategy. And if you talk about cracking skill, may be they have but still not on par with other Asian countries.

#3.1.1.1 kg on 2007-09-14 16:59 (Reply)

By the way, I agree that if you dont suffer humiliation, you will never know good are you.

#3.1.1.1.1 kg on 2007-09-14 17:01 (Reply)

how do you capture all traffic on the network if you're connected to the switch?

#3.1.1.1.2 spoonfork (Homepage) on 2007-09-14 19:36 (Reply)

Well then, Stealther is smart/cerdik then! There's no real rulez in the real world (and there are also no rulez that specifically state that you CANNOT capture traffic from the LAN; which obviously is the loophole and kenshoto guys have already found this out many moons ago

) Don't you think attack vectors like this (ie., MITM) would not happen in the REAL world???

#3.1.1.1.3 konarlehper on 2007-09-17 08:33 (Reply)

Look at this then judge for yourself. Yes, we don't have any rules against MITM, or social engineering for that matter, but we keep tabs on all activities during the game, and a tthe end of the day, each team was asked to submit their writeups for bonus points. If they can capture a flag but unable to explain how they get it, well, its in the score.

http://ctf2007.security.org.my/bonus.html

#3.1.1.1.3.1 spoonfork (Homepage) on 2007-09-21 10:14 (Reply)

Dude, how much do you know about switch???
Dont you know you can capture traffic in switch arr..
Just that it is not straight forward as hub only..

#4 kg on 2007-09-21 09:56 (Reply)

Add Comment

Before you post a comment, please take note of the following guidelines:

Commenting is provided as a courtesy only.
Please be brief and relevant to the post.
Please be polite even in disagreement with us or others.
Support claims you wish to make using sources and links.
No personal attacks, name calling, or commercial commenting.
Anyone creating false or multiple identities will be banned.
If you don't have a cogent argument, you will be censored.
If you are purposefully deceptive, you will be censored.
No spamming or flooding.

We appreciate your time and effort in contributing to security.org.my
Comment policy copied and modified from Spin Hunters.

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images.
	Remember Information? Subscribe to this entry

DISCLAIMER

All data and information provided on this site is for informational purposes and on an *as-is* basis.

This weblog does not represent the thoughts, intentions, plans or strategies of our employers. It is solely our opinion and views as security professionals.

Feel free to challenge us, disagree with us, or even tell us that we are a complete mindless and brainless monkeys in the comment section of the blog entry.

Report Defacements of Malaysian Website

Report web defacements so that we all can keep track of them! Information here. You can view the reported defacements here.

HITBSecConf2007 Capture the Flag Game Considered Fun

Computer and Network Security, Mamak Style

Saturday, September 8. 2007

HITBSecConf2007 Capture the Flag Game Considered Fun

DISCLAIMER

Report Defacements of Malaysian Website

Tags

Recent Entries

Archives

Syndicate This Blog

Creative Commons