Skip to main content

Hacker Capture The Flag (CTF)

In 2011 I set up a CTF network, which players can VPN into in order to hack the victims inside.  It started out as me just setting up boxes to practice my own stuff, then friends wanted in, then I started scoring, and now it's HUGE, with over 100 boxes, several subnets, and tons of stuff to do!

Here are the instructions:  

1)  Scoring:  The lab consists of over 100 machines with various levels of vulnerabilities.  There are dozens of OSs spanning the range from Win2K, to DPRK linux, and even a little real hardware!  To get credit for hacking these machines, you'll need to provide the secret word, or 'flag,' which is usually annotated in a "hackthis" file located somewhere on the machine.  Document your activities, and feel free to share exceptional hacking methods and tools, and extra credit points may be awarded.  Send a separate email for each victim hacked with the IP of the victim, the secret word, and any additional information such as exploit/payload/method/screenshots, etc. to the White Cell email address, as soon as it is hacked.  5 points will be awarded for each secret word, and there are a plethora of bonus points challenges as well.  There are objects designed to test your password-cracking, decryption, stegonography, forensics, language, and geek skills along the way.  Hopefully they will not test your patience.  There are over a dozen websites for exploitation and defacement.  Test your SQL-Injection, test your pivoting through different networks, test your IDS avoidance, test your client-side attacks, and try to avoid the honeypots.  

Based on score, players will be awarded N00b, Script Kiddy, Sk1llz, H@x0r, 31337, Ub3r-31337, or APT status.  After connecting to the VPN, put into your browser, and check your stats.   
There's a IRC to talk to other players also!  Instructions to set it up are on in the "News" tab of the website!
2) Connection information:  The VPN is a no longer a PPTP VPN!  I'll send you OpenVPN certs, and you just put them in a folder called 'keys' on your desktop, and run the script to connect!

3)  Rules of Engagement (ROE):
- Don't attack machines below x.x.x.100, as those are my operational machines and the machines of other players. 

4)  Gamesmanship:
- Be courteous to other players and leave machines in as pristine an operational state as you found it.  Unsportsman-like conduct, such as shutting a machine down to stop others from hacking it, patching a victim, changing the hackthis file secret word, or DoS'ing other players may result in a penalty or disqualification/ejection from the game.  Bragging/taunting via benign methods such as changing wallpapers, dropping text files, ASCII art, and comments in the hackthis file are not only allowed, but are highly encouraged.

5)  Problems:
- If a problem is encountered, such as you inadvertently shut a machine down, the VPN tunnel goes down (on my side), you blue screen a victim, etc., send me a text message on my phone if you would like immediate resolution.  Otherwise, send an email to the White Cell email address.

6)  Game Times/Players:
- Only known players are allowed at this time.  Games are pick-up, but if you would like me to host one please feel free to email me.
- When a game is hosted, players will receive an email with the domain, start/stop times, userid, password, and White Cell contact information.   

7)  Contributions:
- If you have an idea on how to make the game better next time, let me know.  If you would like to contribute victim machines, tips on building them, vulnerable application code, special tools/scripts, or any tips to enhance the game, I'm all for it.  email me!

8)  Terms of Use:
- In connecting to the CTF VPN you are allowed to have Internet connectivity as well.   This is a convenience to allow research, downloading tools, etc.  Please don't use my ISP as a jumping off point to conduct illegal activities such as surfing kiddy porn, commanding your Bot Army, or hacking the Chinese. 

9)  Have fun!  Feedback is appreciated!  Check out the CTF_Admin website when you get on, for up-to-date network status information, player stats, and news.  Just put in your browser after you log in.
Since I don't want this to be a VPN hacking CTF, here are the connection settings:

I used to have a PPTP VPN... In case I go back, here are instructions on how to set up PPTP VPNs for various OSs.... But for now (and probably forever), I'm running OpenVPN, so these instructions are only here for reference.

- Ubuntu (which I recommend trying out at first):
- Add a VPN adapter, the gateway is (I'll provide)
-username and password (I'll provide)
- Advanced settings are: 
- use only MSCHAP (not MSCHAPV2, PAP, CHAP, etc)
- use MPPE
- the rest should be defaults (allow BSD data compression, allow deflate data compression, use TCP header compression, and don't check the send PPP echo packets checkbox)

- Windows: 

On your PC do Control Panel -> Network Connections -> Create new Connection. Select Connect to Network at my Workplace, then select Virtual Private Connection, give it a name (home link). Select what applies, dial up or LAN. Type the domain of the CTF, and you're basically done.  Then at connect window, type your username and password.

-Backtrack 4:  
1>> apt-get install pptpd pptp-linux network-manager-pptp kvpnc
You many choose to use Synaptic or Yumex package manager.
2>> Restart (pptpd daemon should be running)
3>> Start ...->Internet->Kvpnc
4>> Choose Profile -> new profile wizard -> Microsoft pptp-> check Require MPPE and leave rest blank -> Authorization method is MSCHAP.
5>> Enter username and password
6>> next ->next -> next -> next 
7>> profile name (whatever you want), Description (whatever you want), VPN Gateway (my domain)
8>> next -> finish
(note, there is a bug with kvpn so you can't disconnect from the VPN.  So you'll have to ps -A | grep kvpn to find its PID, then kill it)
[Also, if you run into issues where you can ping the router at, but can't ping anything else, you may have to adjust your route with something like:
root@bt:~# route add -net netmask ppp0
root@bt:~# route add default gw]
[Lastly, if you can ping the router, and victims, but can't reach the Internet, then when you added the default gw route above, you probably added it in ADDITION to your normal route, and not INSTEAD of it.  So your machine may be confused.  To fix this, you probably need to do the following:
sudo route del default gw (IP of the other gateway)]--- Remember, a simple 'route' command will show you your routes.  

- Backtrack 5 R1 (recommended):   This is the easiest, most reliable setup.  Instructions are similar to the above, which is basically 2 steps to remember:
1) apt-get install pptpd pptp-linux network-manager-pptp kvpnc
2) after your kvpnc profile is made (and before you connect), change your authentication from MSChapV2 to MSChap.

- Macintosh: (I tested this on my Hackintosh, leopard OS X, but you may have to adjust)
1) Apple > System Preferences > Network
2) click on "+" button in the lower left pane, and you will be presented with a pop-up
3) For Interface select VPN
4) for VPN type put PPTP
5) for Service Name put whatever you want, and click "Create"
6) under Configuration select default
7) under Server address put the domain from your email
8) under account name put your username
9) under Authentication Settings select 'Password' and enter your password, and click OK
10) I select "Show VPN Status in menu bar" just to see what is going on, but that is it.


  1. Ive been told to email bebo to get access to the ctf. Does anyone have the address?


Post a Comment

Popular posts from this blog

atftpd vs tftpd-hpa

Recently I was trying to tftp files from a Windows computer to a Kali box.   One version of Windows worked, but another didn't.    After much troubleshooting, here were my symptoms:

I could tftp a file from-to any Kali box from-to another Kali box
I could NOT tftp files to a specific Windows 7 box from any Kali box
I could NOT tftp files to a Chrooted-Ubuntu-Chromebook box from a Kali box

After MUCH troubleshooting, going through every setting in atftpd, it seemed like it literally was a client OS problem.  Different clients simply would not download files---unacceptable.

Thus, I switched to tftpd-hpa.   To install:
apt-get install tftpd-hpa

files go to/come from /srv/tftp, but it needs to be a tftp user. Thus, I needed to:
chroot -R /srv/tftp

Also, if you want to be able to put files ON the tftp server (from a client), you need to modify /etc/default/tftpd-hpa:
change "TFTP_OPTIONS="--secure" to "TFTP_OPTIONS="--secure --create"

I also changed the IP li…

ADS-B plotting with Kali (and other SDR goodies)

Recently I wanted to try some Software Defined Radio stuff.   
I had a RTL-SDR, FM+DAB, DVB-T USB Stick Set with RTL2832U & R820T. that I got from:
But, even though this dongle would break out FM radio stations, and ATC frequencies (like the local Ground Control, tower, and even ATIS), which was cool, it wouldn't break out ADS-B.   
Thus, I bought a Vantech Green Mini RTL2832U R820T DVB-T SDR DAB FM USB DIGITAL TV Tuner Receiver RTL-SDR Project + DAB dongle Tuner MCX Input from Amazon, and tried this.  
This dongle was able to listen to the 1090MHz frequency required for ADS-B (as it goes from 25MHz to 1700MHz).  There were tons of Windows programs out there for breaking out and plotting ADS-B Mode S broadcasts, but not many for Linux.  
For Kali Linux, here's how I got it running and plotting planes around my home:
0) before you start, you should do an apt-get update to ensure you hav…

Temper Temperature monitor on a Beaglebone Black

Beaglebone Black as a temperature monitor:

Recently I wanted to monitor the temperature of my shed.  I thought I'd use a small computer such as a Raspberry Pi or a Beaglebone or Odroid.

My Raspberry Pi boxes were all in use, so I grabbed my Beaglebone, which was doing nothing.

I flashed it with the Debian9.32018-03-054GB SDIoTimage, but that seemed like it was running lots of bloatware and the ethernet interface wouldn't take a static IP with /etc/network/interfaces.

So I went with the Debian9.32018-01-284GB SDLXQTi image instead.  I still had the same problem, that lots of junk was running, and I couldn't configure my interface by modifying /etc/network/interfaces

So my first step was to get rid of all the bloatware.  If you're using a Raspberry Pi or something, you can skip this and just go to the second step below

STEP 1--Remove Blotatware from Beaglebone Black:

With some searching, I came across this post:…