Saturday, March 26, 2011

Honeynet Project Public Conference

Last week was held the first-ever Honeynet project public conference in Paris at ESIEA. Great speakers, interesting conferences (slides online, CV+O notes) and nice people to meet at the social event.

During the conferences was also a small capture-the-flag (CTF) competition, which I played. It was composed of 8 challenges by Mark Schloesser and Felix Leder, including a forensic one by Guillaume Arcas. This is how the challenge board looked:

Challenges (files mirrored if you want to try):
  1. Crack Me 1 (100 pts): windows crackme
  2. Crack Me 2 (300 pts): windows crackme
  3. Crack Me 3 (500 pts): windows crackme
  4. Wargame (200 pts): multiple-level web challenge
  5. Advanced Injection (400 pts): web challenge
  6. File Transfer Daemon (300 pts): we were given the source code and IP/port of a running FTP daemon, and instructed to retrieve the secret file of another user without knowing its password
  7. File Transfer Daemon, advanced (600 pts): same context, but we had to retrieve a secret file in the ftp users home directory
  8. Forensic Challenge (800 pts): we were given a network dump file and asked to answer to the following questions:
    • What's wrong with
    • Who plays blackjack?
    • Where's Marvin the Martian?
    • What is the name and type of the file which MD5 sum is 854237a305da92fef796431848d3eaad?
    • What happened at Fort Lauderdale?
    Answers had to be sent by email to Guillaume who would then rate the answers and give points accordingly.
    Note: the network capture is using Wireshark's pcap-ng format, not yet recognized by tools like NetworkMiner. Workaround is to open the capture with a supported version of Wireshark and export it in classic format.
Update 2011-03-29: solutions removed upon request of Mark (0ldEur0pe), who also wanted to thank HackerDom for the FTPd challenge and is sorry for not asking about reusing the code.

Challenges were adapted to the short time (ie: not too complex) and pretty fun. 60 people registered for it out of the ~130 people who attended the conference, and 20 scored at least one challenge. In the end, I was happy to see myself in the 1st place followed by sh4ka, bik3te and tr4nce. We left with a signed edition of Virtual Honeypots by Niels Provos & Thorsten Holz:

and an awesome Honeynet mug:

Thank you very much guys! See you at the next event :)


  1. Can you post solutions now?

  2. I'm afraid not, Mark asked me not to post them. Sorry :( good luck!