During the conferences was also a small capture-the-flag (CTF) competition, which I played. It was composed of 8 challenges by Mark Schloesser and Felix Leder, including a forensic one by Guillaume Arcas. This is how the challenge board looked:
Challenges (files mirrored if you want to try):
- Crack Me 1 (100 pts): windows crackme
- Crack Me 2 (300 pts): windows crackme
- Crack Me 3 (500 pts): windows crackme
- Wargame (200 pts): multiple-level web challenge
- Advanced Injection (400 pts): web challenge
- File Transfer Daemon (300 pts): we were given the source code and IP/port of a running FTP daemon, and instructed to retrieve the secret file of another user without knowing its password
- File Transfer Daemon, advanced (600 pts): same context, but we had to retrieve a secret file in the ftp users home directory
- Forensic Challenge (800 pts): we were given a network dump file and asked to answer to the following questions:
- What's wrong with awempire.com?
- Who plays blackjack?
- Where's Marvin the Martian?
- What is the name and type of the file which MD5 sum is 854237a305da92fef796431848d3eaad?
- What happened at Fort Lauderdale?
Note: the network capture is using Wireshark's pcap-ng format, not yet recognized by tools like NetworkMiner. Workaround is to open the capture with a supported version of Wireshark and export it in classic format.
Challenges were adapted to the short time (ie: not too complex) and pretty fun. 60 people registered for it out of the ~130 people who attended the conference, and 20 scored at least one challenge. In the end, I was happy to see myself in the 1st place followed by sh4ka, bik3te and tr4nce. We left with a signed edition of Virtual Honeypots by Niels Provos & Thorsten Holz:
and an awesome Honeynet mug:
Thank you very much guys! See you at the next event :)
Can you post solutions now?
ReplyDeleteI'm afraid not, Mark asked me not to post them. Sorry :( good luck!
ReplyDelete