Does the person competing have any local access to any of the boxes :-) Not likely but figured I would ask :-P
Robert On Wed, Sep 9, 2009 at 1:24 PM, Adrian Crenshaw <[email protected]>wrote: > > As many of you know, I've been busy setting up a hacker war game for the > Louisville > Infosec conference <http://www.louisvilleinfosec.com/> on Oct 8th. The > Louisville Infosec website has information about the CTF event on their > site<http://www.louisvilleinfosec.com/index.php?option=com_content&view=article&id=13&Itemid=13>, > which should be updated shortly. If you would like to compete please email > the Conference Chair <[email protected]>. If you use the code > "irongeek" you get $20 off the admission fee for the conference. I believe > the time frame is 9am to 3:30pm, but the position of the event should allow > you to watch the keynotes, eat the included lunch and still, compete. > > What are the prizes? > > First prize is a Wi-Spy 2.4x Wireless Scanner! > The second prize is a WD 320GB USB Hard Drive > Third Prize is a Pico Mini USB 4GB (small enough to carry in your wallet) > > Scenario (subject to some change): > > The admins try to run their network as a tight ship, but you have been > brought in to do a pentest. You know the admins have a Truecrypt volume out > there with Personally Identifiable Information (PII). Your goal is to find > it, and decrypt its contents till you get a list of names and Social > Security Numbers. Little hints will be given via a comment wall on one of > the web servers. To win points bring proof to the judge that the particular > flag task has be completed.These are the "flags", and their point values: > > 0. Attach to the Wireless network (hint:CTF is in the name) and show the > judge how you got the SSID. 15 points > (Name will be given if you can't find it, but you won't be able to get > points for it.) > 1. Find the IP of the of the Windows box named WinCTF owned by IronGCorp, > and list 3 or more open ports. 5 points > 2. Find the IP of the x86 based Linux box ran by IronGCorp, and list 3 or > more open ports. 5 points > 3. What box are the admins running their Intranet site on, and what is the > web server type/version? 5 point > 4. What is the Windows box's (WinCTF) Administrator password? 10 points > 5. What is the x86 Linux box's Root password? 5 points > 6. Copy PII.tc (a true crypt volume) to your box. 10 points > 7. Password to the PII.tc file. 10 points > 8. Password to a non x86 based Linux box. 10 points > 9. Password to a 7zip archive. 10 points > 10 The decrypted PII.csv file. 25 points > > Highest point score at the end of the game wins. If two contestants have > the same points at the end of the game, the first to accumulate their point > total wins. Obviously, if you play as part of a team you have to figure out > amongst yourselves how to split the prize. The winner will get up on stage > and explain what he did when he picks up his prize. > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
