InetSec 2 - Capture The Flag/05

Homepage
People
Research
Teaching
About
Blog
Twitter
Abstract
Topics
Prerequisites
Location
Dates and Times
Slides
Challenges
Hall of Ultra Fame
Hall of Fame
Ratings
Standings
Environment
CTF
09/10 CTF
08/09 CTF
07/08 CTF
06/07 CTF
05/06 CTF
04/05 CTF
Examination
Registration

Some Fun

Introduction

The UCSB Capture The Flag is a distributed, wide-area security exercise, whose goal is to test the security skills of students from both the attack and defense viewpoints.

This year, the UCSB CTF took place on Friday the 9th of December, 2005. Because of the time difference, most of the TU team was in the "CTF" lab from about 16:00 in the afternoon, until 02:00(!) in the morning. During this time, we managed to consume about 24 liters of Coke, 20 liters of mineral water and about 24 pizzas ;-)

"The Team"

The TU Vienna participated in the contest with the following great team and managed to take the second place! (great job guys!) :

Team Name: We_0wn_Y0u

Team Members (sorted by last name):

The "operation room" at 1600 hours was worth seeing ;-) This small room was crammed with notebooks and motivated guys sitting elbow to elbow (check out the pictures). We were worried at first that we would run out of oxygen in two hours would all pass out, but thankfully, we all survived... After a couple of hours into the competition, our main worry was that we were running out of coke (lesson for us: never underestimate how much coke can be consumed by students who are hacking and cracking stuff) ;-)

We spent the first hour trying to get connected and to set up the notebooks. The contest was originally scheduled to begin at 1700 hours... however, there was about 75 minutes delay. UCSB had a tough job trying to get everyone connected and also had to find an IRC channel that was able to support zillions of students and faculty who were trying to chat ;-) In any case, Giovanni's team did a great job and the infrastructure they built was truly awesome. Respect guys! SecLab / TU Wien was impressed.

After we received the e-mail from UCSB marking the beginning of the contest, there was a surprise: It was announced that unlike previous competitions, there would be no preparation time (i.e., "the hour" that allowed everyone to patch their services and write exploits would not be given this time)!. This put considerable pressure on all teams of course, but hey, this is a "hacking" contest so we did not lose any time whining and crying and started looking for vulnerabilities and ways to patch our services.

The first hour was a little chaotic for us. Because most of the people in the team did not know each other previously and were working together for the first (!) time, it took a while for the "ice" to melt and for everyone to function as a team. The blackboard, as usual, was handy in delegating responsibilities and for having some sort of ad-hoc organization ;-) Respects to the SecLab members who came forward and took some initial "managing" roles (yeah, management sucks, but someone has to do it).

We were quickly able to start a majority of our services which meant that we were gaining defense points... however, we became a little depressed when we saw that some of the teams had already started owning services and were gaining offense points. There was tense waiting until we were able to own a service for the first time... Well, it was surely a good feeling to see that "1" in the owned score column ;-)

During the first half of the contest, We_0wn_Y0u was able to write up some exploits that brought quite a lot of points. We quickly started moving to the first place in the score table and stayed there for a while. That, of course, gave us confidence and pumped up the motivation. The competition, after a while, became quite intense. Other teams also started owning services and the score board became lively and unpredictable.

Although we had made a nice start, at the beginning of the second half of the game, our "decline" started... Our team started moving from the top of the score board to the middle... We never went further south than the middle of the board, but did get any attack points for at least an hour or so. This period in the contest was a little depressive. Many people were working on difficult exploits, but it looked as if no progress was happening.

Finally, the exploits were written and were functional. We started scoring again in the final half of the contest and slowly moved to the first place on the scoring board... and we stayed there until the contest ended ;-)

Overall, our team managed to get the highest defense and "creativity" (i.e., breakthough) points. Creativity points were given to teams that were the first in announcing an advisory for a vulnerability and that were the first in providing a working exploit. We also managed to get the highest awarded points for a difficult binary exploit (In Giovanni's words, it was: "F...... awesome" ;-)).

As far as offensive points were concerned, we "secured" the third place. Our "exploitationless" period in the middle of the game, unfortunately, had its effect on the final score. However, we were able to "secure" the second place ;-)

Here is a screenshot of the trend scores at the end of the game. To be fair, this only shows the scoring trends of the teams in the latest rounds. However, note that if you are not in the top of this list, chances are not good that you will get a good overall score. In any case, we topped the list and if the competition had continued, would have probably caught Aachen (who were amazing BTW -- great offensive performance dudes) ;-) Here are the final scores. Yep, we rulez ;-)

Check out the pictures from the CTF.

You can also check out some press reports [in German] (yeah, we know, the press likes to exaggerate a little ;-) Nevertheless, we would like to thank them for taking note of this contest): We would like to thank our team for the fun and the truly great performance ;-). Well done guys. This InetSec 2 class will not be forgotten by us ;-)
Last Modified: Tue Jan 24 16:23:01 CET 2012


International Secure Systems Lab www.iseclab.org