Skip to main content

Hacker Capture The Flag (CTF)

In 2011 I set up a CTF network, which players can VPN into in order to hack the victims inside.  It started out as me just setting up boxes to practice my own stuff, then friends wanted in, then I started scoring, and now it's HUGE, with over 100 boxes, several subnets, and tons of stuff to do!

Here are the instructions:  

1)  Scoring:  The lab consists of over 100 machines with various levels of vulnerabilities.  There are dozens of OSs spanning the range from Win2K, to DPRK linux, and even a little real hardware!  To get credit for hacking these machines, you'll need to provide the secret word, or 'flag,' which is usually annotated in a "hackthis" file located somewhere on the machine.  Document your activities, and feel free to share exceptional hacking methods and tools, and extra credit points may be awarded.  Send a separate email for each victim hacked with the IP of the victim, the secret word, and any additional information such as exploit/payload/method/screenshots, etc. to the White Cell email address, as soon as it is hacked.  5 points will be awarded for each secret word, and there are a plethora of bonus points challenges as well.  There are objects designed to test your password-cracking, decryption, stegonography, forensics, language, and geek skills along the way.  Hopefully they will not test your patience.  There are over a dozen websites for exploitation and defacement.  Test your SQL-Injection, test your pivoting through different networks, test your IDS avoidance, test your client-side attacks, and try to avoid the honeypots.  

Based on score, players will be awarded N00b, Script Kiddy, Sk1llz, H@x0r, 31337, Ub3r-31337, or APT status.  After connecting to the VPN, put 10.50.60.67 into your browser, and check your stats.   
There's a IRC to talk to other players also!  Instructions to set it up are on in the "News" tab of the website!
2) Connection information:  The VPN is a no longer a PPTP VPN!  I'll send you OpenVPN certs, and you just put them in a folder called 'keys' on your desktop, and run the script to connect!

3)  Rules of Engagement (ROE):
- Don't attack machines below x.x.x.100, as those are my operational machines and the machines of other players. 

4)  Gamesmanship:
- Be courteous to other players and leave machines in as pristine an operational state as you found it.  Unsportsman-like conduct, such as shutting a machine down to stop others from hacking it, patching a victim, changing the hackthis file secret word, or DoS'ing other players may result in a penalty or disqualification/ejection from the game.  Bragging/taunting via benign methods such as changing wallpapers, dropping text files, ASCII art, and comments in the hackthis file are not only allowed, but are highly encouraged.

5)  Problems:
- If a problem is encountered, such as you inadvertently shut a machine down, the VPN tunnel goes down (on my side), you blue screen a victim, etc., send me a text message on my phone if you would like immediate resolution.  Otherwise, send an email to the White Cell email address.

6)  Game Times/Players:
- Only known players are allowed at this time.  Games are pick-up, but if you would like me to host one please feel free to email me.
- When a game is hosted, players will receive an email with the domain, start/stop times, userid, password, and White Cell contact information.   

7)  Contributions:
- If you have an idea on how to make the game better next time, let me know.  If you would like to contribute victim machines, tips on building them, vulnerable application code, special tools/scripts, or any tips to enhance the game, I'm all for it.  email me!

8)  Terms of Use:
- In connecting to the CTF VPN you are allowed to have Internet connectivity as well.   This is a convenience to allow research, downloading tools, etc.  Please don't use my ISP as a jumping off point to conduct illegal activities such as surfing kiddy porn, commanding your Bot Army, or hacking the Chinese. 


9)  Have fun!  Feedback is appreciated!  Check out the CTF_Admin website when you get on, for up-to-date network status information, player stats, and news.  Just put 10.50.60.67 in your browser after you log in.
Since I don't want this to be a VPN hacking CTF, here are the connection settings:

I used to have a PPTP VPN... In case I go back, here are instructions on how to set up PPTP VPNs for various OSs.... But for now (and probably forever), I'm running OpenVPN, so these instructions are only here for reference.


- Ubuntu (which I recommend trying out at first):
- Add a VPN adapter, the gateway is mydomainname.com (I'll provide)
-username and password (I'll provide)
- Advanced settings are: 
- use only MSCHAP (not MSCHAPV2, PAP, CHAP, etc)
- use MPPE
- the rest should be defaults (allow BSD data compression, allow deflate data compression, use TCP header compression, and don't check the send PPP echo packets checkbox)

- Windows: 

On your PC do Control Panel -> Network Connections -> Create new Connection. Select Connect to Network at my Workplace, then select Virtual Private Connection, give it a name (home link). Select what applies, dial up or LAN. Type the domain of the CTF, and you're basically done.  Then at connect window, type your username and password.

-Backtrack 4:  
1>> apt-get install pptpd pptp-linux network-manager-pptp kvpnc
You many choose to use Synaptic or Yumex package manager.
2>> Restart (pptpd daemon should be running)
3>> Start ...->Internet->Kvpnc
4>> Choose Profile -> new profile wizard -> Microsoft pptp-> check Require MPPE and leave rest blank -> Authorization method is MSCHAP.
5>> Enter username and password
6>> next ->next -> next -> next 
7>> profile name (whatever you want), Description (whatever you want), VPN Gateway (my domain)
8>> next -> finish
(note, there is a bug with kvpn so you can't disconnect from the VPN.  So you'll have to ps -A | grep kvpn to find its PID, then kill it)
[Also, if you run into issues where you can ping the router at 10.50.60.1, but can't ping anything else, you may have to adjust your route with something like:
root@bt:~# route add -net 10.50.60.0 netmask 255.255.255.0 ppp0
root@bt:~# route add default gw 10.50.60.1]
[Lastly, if you can ping the router, and victims, but can't reach the Internet, then when you added the default gw route above, you probably added it in ADDITION to your normal route, and not INSTEAD of it.  So your machine may be confused.  To fix this, you probably need to do the following:
sudo route del default gw (IP of the other gateway)]--- Remember, a simple 'route' command will show you your routes.  

- Backtrack 5 R1 (recommended):   This is the easiest, most reliable setup.  Instructions are similar to the above, which is basically 2 steps to remember:
1) apt-get install pptpd pptp-linux network-manager-pptp kvpnc
2) after your kvpnc profile is made (and before you connect), change your authentication from MSChapV2 to MSChap.

- Macintosh: (I tested this on my Hackintosh, leopard OS X, but you may have to adjust)
1) Apple > System Preferences > Network
2) click on "+" button in the lower left pane, and you will be presented with a pop-up
3) For Interface select VPN
4) for VPN type put PPTP
5) for Service Name put whatever you want, and click "Create"
6) under Configuration select default
7) under Server address put the domain from your email
8) under account name put your username
9) under Authentication Settings select 'Password' and enter your password, and click OK
10) I select "Show VPN Status in menu bar" just to see what is going on, but that is it.


Comments

  1. Ive been told to email bebo to get access to the ctf. Does anyone have the address?

    ReplyDelete

Post a Comment

Popular posts from this blog

HP c6180 Printer and Vista

Hp c6180 driver issues with Vista Home Premium My wife has a Vista Home Premium laptop, and the HP C6180 Photosmart printer keeps disappearing from her available printers.  The only way I've found to fix the problem is to reinstall all the HP software. When I do this, I have to download the (large..507M software from HP, or reinstall the printer (ONLY the printer, not the scanner) with the installation disk, as the drivers are not discovered with a "Windows Update" setting.  My guess is that is because HP doesn't like people to install only the printer driver, which would be easy, but they want folks to install all their crapware as well, so they are withholding the drivers from the on-line Microsoft printer database.  So keep your installation CD!  I've also found that unless I install everything on the CD or in the Full Version download (HP Customer Participation Program, HP Imaging Device functions, HP OCR SW, HP All-In-one SW, HP Photosm...

atftpd vs tftpd-hpa

Recently I was trying to tftp files from a Windows computer to a Kali box.   One version of Windows worked, but another didn't.    After much troubleshooting, here were my symptoms: I could tftp a file from-to any Kali box from-to another Kali box I could NOT tftp files to a specific Windows 7 box from any Kali box I could NOT tftp files to a Chrooted-Ubuntu-Chromebook box from a Kali box After MUCH troubleshooting, going through every setting in atftpd, it seemed like it literally was a client OS problem.  Different clients simply would not download files---unacceptable. Thus, I switched to tftpd-hpa.   To install: apt-get install tftpd-hpa files go to/come from /srv/tftp, but it needs to be a tftp user. Thus, I needed to: chroot -R /srv/tftp Also, if you want to be able to put files ON the tftp server (from a client), you need to modify /etc/default/tftpd-hpa: change "TFTP_OPTIONS="--secure"  to "TFTP_OPTIONS="--secure --create" ...

Security Onion on the Antsle

My Setup of Security Onion on the Antsle: Recently my IDS box, an Intel Atom D2500 Fanless Mini-ITX PC, D2500CCE, died.  Truth be told, I think it came from the factory in a bad state, as I originally thought I had a bad graphics driver, but I then noticed that, after much troubleshooting, it wasn't a driver issue at all.  The box just sometimes wouldn't boot up correctly with video.  It seems heat related, something like not enough thermal paste on the CPU, as after it is powered off for a while it is more likely to boot than when it is warm.  Along with that issue, this box maxed out at 4GB of RAM (only has 2 memory slots, each of which will only take a 2GB card max) and had a single processor, so it was under powered for Security Onion. So, I decided to quit limping along on P.O.S. boxes, and buy a little more heavyweight box for my networked IDS.   Security Onion requires a minimum of 8GB of RAM, and 4 cores per their specs page htt...