1 / 20

Unleash Root-Fu: Hacker Challenge Evolution

Delve into the world of hacking challenges, from classical skills to modern exploits. Root-Fu combines known vulnerabilities with real-world scenarios to test skills. Discover the game's layout, scoring system, and types of games, including DCX and interz0ne. Witness the battle between script kiddies and experienced hackers, tackling distractions and developing defense strategies. Explore the fast-paced, teamwork-driven gameplay and delve into the roots of hacking challenges for an exciting experience.

ringo
Télécharger la présentation

Unleash Root-Fu: Hacker Challenge Evolution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Root-Fu ; Rise of the Ninjas • Introduction to Root-Fu • DCX -> interz0ne -> DC11 • Show me the sploitage! • Rants, Raves, and Moving Forward

  2. Introduction to Root-Fu • What is a hacker challenge? • How it used to be… • What is Root-Fu?

  3. What is a Hacking Challenge? • What is a hacker? • Deep knowledge • Finding exploits • Breaking in • Fixing • Classical hacking • Lock picking • Dumpster diving • Social Engineering • Phreaking

  4. What is hacking challenge? How to test this in 2-3 days? • No script kiddy bull shit • Finding and developing exploits • Teamwork (WTF?) • Integration of classical hacking • Fast paced game

  5. What it used to be… • Single network on switch/hub • Teams hacked into random shit • Goons scored game by hand, paper “flags” • DOS, DOS, and DOS some more • Bust out that script kiddy y0j0 • Palante BOFH, only fun part of CTF (8 million ;)

  6. What is Root-Fu?Goals of the Game • Exercise multiple skills associated with hacking • Mix known exploits with on the spot analysis, development, and usage of unknown vulnerabilities • Try and follow “real world” if possible • Detection of attacks • Plugging security holes • Work in classical skills

  7. 1 common server distro Gogo vmware Not platform dependent 8 NAT’d networks Physical interfaces galore Scoring system Automated scoring Keep those distro’s up people! Scoreboard server Neet’o visual representation WTF does it all mean anyways? What is Root-Fu?What does it look like?

  8. What is Root-Fu?The layout(add pics) Green Orange Yellow Proj. Router Score Board Red Cable DNS Score Sys

  9. DCX -> interz0ne -> DC11 • Type of game • Script Kiddie vs. Hacker • Distractions

  10. Type of Game: DCX • From FreeBSD to Redhat in 24 hrs • Distro Leaked? • Known exploits ruled the day • Planted stuff largely over looked • Distractions • Dumpster diving • Lockboxes • Information destruction • BSA audit • Teamwork??

  11. Type of Game: interz0ne ii • Re run of DCX game with new distro • Unofficial game • Didn’t hit 4 team minimum • Stock distro as forth team • Digital Revelation telecommutes • Infrastructure issues • This is not the bandwidth you are looking for…

  12. Move away from stock vulnerabilities OpenBSD Unknown software Introducing vulnerabilities Application Centric What distractions? Multiple roots per server Morphing flag keys Unknown ownership Even more cryptic scoring State kills the reboot Type of Game: DC11

  13. Show me the roots Prior to Root-Fu, max roots 6-7 DCX – 15 wins the day DC11 – 42 wins, 12 average Actual on the spot exploit development occures (dc11) Defense From rebooting to securing Immunix ports to secure linux Patching in production Auditing of applications Script Kiddie vs. Hacker

  14. Distractions • Dumpster diving • Hard drive destruction • Lock picking • BSA Software audits • Where did they go @ DC11?

  15. What we saw • Exploits • DOS • Team Strategy

  16. Exploits • Syslogd - Owning everyone, but no “root”s? • Sql injection? • Heh, I like mudz • >> INSERT MORE CONTENT <<

  17. DOS • Bandwidth • Deleting mysql dbs • Rm -rf / • Tracking ‘em down…

  18. Team Strategy • Getting there… much improvement from DCX • A security team could still rule

  19. Rants, Raves, and Moving Forward • Is this hacking or admining? • Nice graphics, but what does that thing say? • Can we trust GHI to run a fair competition? • Where are we going with this?

More Related