DEF CON "Capture the Capture The Flag" Data

pablos writes "Each year DEF CON hosts the famed Capture The Flag contest. Hackers from all over the world duke it out on the network for 72 hours, hacking for the title. The Shmoo Group diligently logs every packet for posterity, we "Capture the Capture The Flag." Now is your chance to download by far the most interesting, 'sploit ridden, 5.8GB of intrusion collusion ever published. Free for the bandwidth endowed, this is the ultimate IDS testbed."

Making waves...

[hyrdra]

Hmm...my favorite was the sinusoidal IP address spoofing. Anyone else?

They cheated us.

[vulgarDPS]

At defcon 8 DPS was at defcon and Burrows straight up social engineered his way into the server room and rooted the main box. So technically we had just won but they disqualified him cuase they wouldn't acknowledge social engineering as valid. Before defcon 8 DPS (dead [protocol] society) had pretty much dominated the social engineering contests but defcon 8 was the first year they decided to stop doing the social engineering contests so we were forced to improvise.

Re:They cheated us.

[Effugas]

Ghettohackers quite brutally owned my laptop. One of 'em started chatting with me, asked if he could check his email...though I watched the screen, it's always polite to look away when someone types in their password.

Except when that password is

notepad c:\flag.txt
ghi

Now, at the time I damn near killed someone over that...but I realized pretty quickly it was a damn slick hack. Ask, and ye shall receive. Even from me.

--Dan

Re:They cheated us.

[Hard_Code]

ahahahaahahahahaaah!

Wait, wtf are you talking about?

Re:They cheated us.

[Derek+Pomery]

What morons would ever check their e-mail on someone else's computer at a "hacker" convention?
1:9 there is a keystroke logger in place.

Granted, you were asking for it by not having /flag.txt be -rw------- 1 root root

Oh, wait. Was that a C: ? };->

Re:They cheated us.

[Effugas]

*laughs*

"But...but...it's the client pool...you're not supposed to be attacking the client pool...whine whine...bitch bitch...goddamn fuckers that was a good hack...whine whine..."

I did some serious penance for bringing a WinXP beta laptop to hack against Ghettohackers. Lets just say *my* Caesar's Challenge involved swimming on the bathroom floor and puking off of balconies the night before my big talk.

Man, that night was fun.

--Dan

Re:They cheated us.

[Effugas]

They dropped a flag in my root directory, thus "rooting" me and getting massive points.

Q: How do you hack someone's desktop?
A: Ask someone to let you check your mail.

--Dan

Where do I download...

[G-funk]

...The .pak files?

*ducks*

Site is slashdotted (almost), so here are mirrors.

[thesolo]

Well, since the site is getting hit pretty hard, here is a direct link to all the mirrors:

Capture the Capture The Flag Mirrors

If you have a mirror up, please let me know.

If you're using wget to pull the data, please use the following command:
&nbspwget -r -nd --no-parent -R "=A","=D" http://site/path/

US - Wisconsin (100Mbit):
http://www.wi2600.org/mediawhore/mirrors/shmoo/cct f-defcon9

US - Colorado (100Mbit):
http://www.ucar.edu/temp/shmoo-defcon9-ctf/

US - Pennsylvania (T1):
http://www.bitsend.com/defcon9-cctf

US - Alaska (DSL):
http://cctf1.shmoo.com

Please be sure to read the license.

Well I hope they Capture the Slashdot Effect.

[Raindeer]

Putting a couple of Gigs data on the net and then having the bad luck to be posted on Slashdot is going to mean that their link will be unreachable for most of the day. :-) But hey it will probably make for neat graphs.

Bandwidth Cost

[JohnHegarty]

How are they going to pay for the bandwidth cos on this...if evan just 1000 people download it (and it has been slashdotted) then it will 5.8 Terabytes of information to be downloaded.

This won't exaclty be payed for by a banner ad.

Re:Bandwidth Cost

[Lozzer]

Did you read who these people are? I don't expect acquiring bandwidth is much of a problem, if you know what I mean.

Re:Site is slashdotted (almost), so here are mirro

[ConsumedByTV]

Their site may be but I got a blazingly fast 11.9 MB PER SECOND!

It feels damn good to take over a 1/10 of a major pipe :)

Mirror in the making

[siliconincdotnet]

Mirror in the making at http://deimos.siliconinc.net/cctf

Its currently chugging away at about 250 kbps, so it should be done within a few hours. There is already 1+ gig of data up there for your browsing pleasure, and its chugging away at around 250kbps. Enjoy. If it breaks email me or something.

n-ctf sucked this year, I hear...

[Gainax]

from what I hear, n-ctf SUCKED this year...

From a friend whom was on one of the teams:

We set up some 'reflectors', using the MIRROR target of the Linux netfilter and almost got booted of the net by the judges for this unique solution.

Bleh.

Re:Social engineering is the way forward

My favorite trick to get into the server room was to put on an old hard-hat and a fluorescent jacket.

Yes, my favorite way to get into the server room is to dress up as a member of the Village People, and then wait for some random person to agree to take me into the closet.

a bit of hyperbole

[evenprime]

The Shmoo Group diligently logs every[*] packet for posterity

I don't know about defcon 9 (2001), but I seem to recall them only being able to get part of the traffic at defcon 8 (2000).

[*] my emphasis, not theirs

even better

[evenprime]

the shmoo group's data gives an idea of the type of attack tools that are most commonly used in intrusion attempts, but if you want to know the tools and techniques that are the most likely to succeed, it would be good to talk to Caezar or some other member of the ghettohackers. After all, they are the ones who win at capture the flag year after year....

Re:even better

[BasharTeg]

Don't forget this year it wasn't just GH. I certainly had my share of points in the final score. This year I was running under the flag of Digital Revelation, although that's not my group. The final team was Ghetto Hackers merged with Digital Revelation, and without our admin points, GH wouldn't have won. It was a real team effort.

Here's some pics:

My speech on behalf of Digital Revelation
Ceazar's speech on behalf of GH

And damn it was alot of fun this year.

Re:Social engineering is the way forward

[well_jung]

I find most SysAdmins got their jobs by "Social Engineering" during the interview.

Dan...

[evenprime]

Microsoft's email client caused some people on the wireless network almost as much grief during blackhat this year. ;-)

-Joey

Re:Site is slashdotted (almost), so here are mirro

[Alan]

I think you mean "a free site that simply runs off banner ads and donations" ... but is backed by a large linux company (VA) that has lots of ca$h money to throw at popular linux "products" such as /. for servers and whatnot.

CTF Rules

[Rizz0]

The rules for CTF at DC9 were, unfortunately, not well tested prior to the actual event. The intent of the rules were to provide more targets to attack, by shifting the burden of providing targets to the competitors. However, with the rules as written at the beginning of the contest, it turned out to be (pointwise) not worth attempting to hack. The net effect of the rules were that most groups were simply putting up a server, getting the points and pulling it down. While this is a valid strategy for that ruleset, it doesn't make for much of a hacking competition. This constant churning of servers also made hacking difficult, with targets disappearing by the time you could identify them through the standard CTF network instability.

We (the GhettoHackers, with the much appreciated help of Jennifer Grannick) managed to slowly, over the course of the competition, convince Miles to change the rules to a set more conductive to an actual hacking competition. When teams began merging due to the rule changes, we merged with Digital Revelation, to both group's benefit. We gained their server points, and they gained our capture points.

Besides winning CTF, the GhettoHackers / Digital Revelation team also had the highest average Blood Alcohol Level of any group (check out http://cow.pasture.com/~tcroc for more details). As announced at the awards ceremony, we, the GhettoHackers, have retired from CTF after DC9. To help foster more competiton, and for a different application of our expertise, the GhettoHackers will be helping to run CTF at DC10.