Skip to main content

Hack In The Box 2006

It has been a while since I update this blog .. too busy with stuff ...

on last 20-21 September I entered HackInTheBox competition (one of our reward for winning I-Hack CTF UITM) .. We went there on Tuesday 19th .. me and my teammate, yondie went early because we need to meet our additional team member who are from UITM Arau, Perlis .. we was one of the guy in the third place winner of I-Hack CTF .. UTP won both first and second place during I-Hack .. so both of the teams got chance to enter HiTB ... The second team is our seniors who are very experienced in this kindof stuff ... my team stay @ my house for the night and went to Westin Hotel early next morning .. I'm a n00b in this .. so expect the worst from me .. hehe

The first day of the competition .. we are given 1 server running Ubuntu 6.06 with 6 vulnerable services to protect .. after getting it .. i quickly configure iptables to filter out any packets from the same subnet of the server except from the reverse NAT gateway ... juz some quick fix so that our server wont be in the ip list of other attackers quickly ... besides that .. nothing can be done ... the score server that supposed to check our boxes couldn't check the running services ... and the game for the day is suspended until the next day ...

I'm a little bit disappointed with the suspension ... but however .. at least we got some time to enjoy ourself with the free foods at that hotel .. hehe .. At night, we stayed @ Ancasa Hotel near Puduraya station ... UTP sponsored our stay there .. and that hotel is a very nice hotel even though the outside of the hotel does not look that nice ..

The second day ... sumthing funny happened ... haha .. our seniors ... they slept late on the night before .. and they couldn't wake up to go to the competition .. 17 missed calls .. some knocks at their room door ... and they still couldn't wake up .. hahaha ... so me and my team went ahead to Westin .. hoping that those guyz will wake in time ... haha ..

On 9:30am . the real game begin ...the other teams are damn good (well what do you expect from security companies ) ... and my team can only maintain on defending our server ... attacking is something that couldnt be done by us .. *sigh* .. i need to learn more C programming and its vulnerabilities ... At first .. our team maintain a very high point in defending .. 3rd place in total points ... however .. around 2pm .. we done a little prelinking on the vulnerable binaries so that it will be more secure ... to my surprise ... prelinking made the binaries to be unable to exploit ... and the score server started to deduct our marks because of that ... *sigh* ... and at the end of the game ... can only satisfied with 5th place (or issit 6th ? .. forgot already ) ...

Better luck next year .. that time .. KageSenshi is no longer as n00b as last time .. hehe

-----
Result of HiTB CTF Game
First place: dokdo-kor (South Korea)
Second place: zone-h (Italy)
Third place: Qb1t (Singapore)
Post a Comment

Popular posts from this blog

Consolidated community site infrastructure on Plone

In Inigo, we believe in helping out local FOSS communities and help them grow. We help out in community events where we can, present FOSS talks, and provide some platforms for local communities to grow. One of such platform is our consolidated community site infrastructure on Plone.

The system/infra and its components was originally developed for the Fedora Malaysia website, while keeping in mind to keep it generic enough so that other communities could use the same components for their own community sites. The infra is already at a usable state, and we can add new sites easily with just a few clicks.

Features in this consolidated infra are:
Document/Content management (Plone built-in)Calendar system (powered by solgema.fullcalendar addon)Conference/BarCamp system (powered by collective.conference addon, which was developed for FUDCon Kuala Lumpur 2012)Blog (powered by Products.Scrawl)Simple yet powerful theming engine (powered by plone.app.theming/ Diazo) - Check out Diazo, you'l…

Adding simple popup to Plone frontpage

Here is a little guide for those who want to add a simple popup to the Plone frontpage for some purpose (eg: announcements, advertisements, etc).

Create a basic html file containing the content you want to appear in the popup. Upload it into $PLONE_SITE/portal_skins/custom (as Page Template) and for the sake of this example, name it popup.html

Afterward, create a Javascript file with your Pop-Up loader script. For example , this script:


function popup(mylink, windowname)
{
if (! window.focus)return true;
var href;
if (typeof(mylink) == 'string')
href=mylink;
else
href=mylink.href;
window.open(href, windowname, 'width=220,height=400,scrollbars=no');
return false;
};

popup('popup.html', 'My Popup');


Also upload this file into $PLONE_SITE/portal_skins/custom (as Page Template too). For this example, name it as popup.js

Afterward, in $PLONE_SITE/portal_javascripts , add popup.js as a new script into portal_javascripts…

HOWTO: Mirroring Yum repositories using Yum-Utils

As promised before in one of my previous post, a Howto on how to mirror and manage yum repositories using some of the utilities in yum-utils.

The first step is, well, of course, is to get yum-utils from fedora repository
yum install yum-utils

Reposync
Reposync is a utility for mirroring and synchronizing local copy of a yum/rpmmetadata repository.

This utility is very useful if you wanted to make a yum repository mirror. Before this, I used "wget -R -np -N" but this method is a little bit tedious and it doesnt work with repos that didn't use directory listing. Plus, it also download together additional site stuff that I don't need/want and it doesn't verify checksum of the downloaded packages.

Mirroring a repo using this utility is easy, just execute this command
reposync -r <repoid> -a <arch> -n
and the repo will be mirrored in a folder with the same name of the repoid in the directory you executed the command. Eg: you executed the command in /mnt/storage/mi…