InetSec 2 - Capture The Flag/09

Homepage
People
Research
Teaching
About
Abstract
Topics
Prerequisites
Location
Dates and Times
Slides
Challenges
Hall of Ultra Fame
Hall of Fame
Ratings
Standings
Environment
CTF
08/09 CTF
07/08 CTF
06/07 CTF
05/06 CTF
04/05 CTF
Examination
Registration
Mailing List
Introduction

The UCSB Capture The Flag is a distributed, wide-area security exercise organized by our sister lab in Santa Barbara, whose goal is to test the security skills of students from both the attack and defense viewpoints.

As in the previous years, the UCSB iCTF contest took place on the first Friday of December (Dec 4th this year) from 08:00 to 17:00 PST (that's 17:00 to 02:00 CET) and this year saw the biggest contest to date, with an unbelievable number of 56 teams from 13 countries spread across 5 continents. Kudos to the UCSB team for organizing such an epic event and making sure that everything runs smoothly and doesn't keep people from doing what they came to do, and that is have fun and HACK HACK HACK!!! :-)

"The Vienna iSecLab Team"

Team Name: We_0wn_Y0u

Team Members (sorted by last name):

"The Story"

Since the previous year showed a negative trend, this year's goal was quite clear: Stop this trend and try to end up on a top three position. With this ambitious goal in mind, we started advertising the iCTF very early in this year's "Advanced Internet Security" course.

Luring with free pizza and an amazing night full of nerd-talk, we managed to acquire a quite large crowd for the competition night (Friday, December 5th). Around noon, we began to set up a network, installed virtual machines, lay some cables, and started to brew coffee - after all, we knew it was going to be a long night.

Around 4pm, students and lab members started to show up in the TI-Lab (kudos to Heinz for allowing us into this perfect environment again) and prepare themselves for the competition. As always, speculations about the possible contents of the (rather small) image provided this year came up almost immediately: is it going to be Windows after all this year? Do we need to host an image locally? Or is it finally going to be FreeBSD? Everyone had an opinion, but no-one really had a clue, though.

Eventually - with a small (expected) delay - the challenge started around 5.30pm. After an initial shock - realizing that our chosen VM solution could not open the decrypted image provided by the organizing committee of the UCSB - Thorsten "the guy with the Mac" Holz put the smiles back on our faces by opening one of the provided files inside the Mac presenter application and playing additional MP3 files downloaded from the UCSB homepage.

After watching the presentation over and over again, the smiles left our faces again, and questions like "no, wait, we are clients now?" or "no, we have to set up a web-server? where is the image for it? there is no image? WTF?!" could be heard here and there. But we decided to just go for it, assuming that we will get into it along the way. Soon, some more information "inadvertently" leaked by the organizing committee that clarified some of the confusion and showed that we were on the correct track.

We set up a web server and watched clients browse our site, started to log communication, and analyzed the incoming traffic. Soon, we got the hang of it and understood that we have to exploit the clients using drive-by downloads. This enabled us to then steal money from the unsuspecting users, who happened to simultaneously surf on their online banking sites. Impressed by this new and cool (and additionally up-to-date and realistic) scenario, we began to search for vulnerabilities in the individual browsers, which could be identified by their user-agent string. We were then able to gain access to the user's machines by exploiting the identified vulnerabilities, or simply stealing information by taking advantage of some identified security holes.

Simultaneously, some of us took a look at the additional challenges presented to the playing teams. As always, the topics, levels of difficulty, and creativity inspired us to dig deep into the binaries, cryptographic messes, twisted sentences, and xkcd comics trying to make some sense of it. Here and there, we heard sudden outbursts of joy as the points on the scoreboard projected to the far wall in the TI Lab increased after solving one challenge or another.

Hours later, long after the pizza-delivery guy had come and gone, after the coffee was up, and all coke was empty, the score board showed a pleasant second place for the We0wnY0u team Vienna, just behind the 1337-hacker team CInsects from the University of Hamburg. Although we even beat them in two of three criteria Mulah (the stolen money) and L33tnezz (challenges solved), CInsects' P0wnwership score (number of clients/browsers exploited) clearly put us in second place behind them.

Altogether, we were exhausted and happy to have achieved our goal by getting a great second place this year. As always, this had to be celebrated - thus, a bunch of satisfied nerds pilgrimaged to the next open pub to talk about crazy services they exploited, challenges they solved, and that notorious little problem that kept them from exploiting "that one browser".

The UCSB iCTF team, lead by Giovanni Vigna, once again proved their creativity and put an unbelievable amount of effort into this year's challenge. We want to thank the organizers and all co-playing teams - it was a lot of fun and a great evening. We cannot await the next opportunity to wrestle for 1337ness points in the UCSB arena!!

A few more links
Last Modified: Mon Sep 6 10:14:11 CEST 2010

International Secure Systems Lab www.iseclab.org