Skip to main content

Hack In The Box 2006

It has been a while since I update this blog .. too busy with stuff ...

on last 20-21 September I entered HackInTheBox competition (one of our reward for winning I-Hack CTF UITM) .. We went there on Tuesday 19th .. me and my teammate, yondie went early because we need to meet our additional team member who are from UITM Arau, Perlis .. we was one of the guy in the third place winner of I-Hack CTF .. UTP won both first and second place during I-Hack .. so both of the teams got chance to enter HiTB ... The second team is our seniors who are very experienced in this kindof stuff ... my team stay @ my house for the night and went to Westin Hotel early next morning .. I'm a n00b in this .. so expect the worst from me .. hehe

The first day of the competition .. we are given 1 server running Ubuntu 6.06 with 6 vulnerable services to protect .. after getting it .. i quickly configure iptables to filter out any packets from the same subnet of the server except from the reverse NAT gateway ... juz some quick fix so that our server wont be in the ip list of other attackers quickly ... besides that .. nothing can be done ... the score server that supposed to check our boxes couldn't check the running services ... and the game for the day is suspended until the next day ...

I'm a little bit disappointed with the suspension ... but however .. at least we got some time to enjoy ourself with the free foods at that hotel .. hehe .. At night, we stayed @ Ancasa Hotel near Puduraya station ... UTP sponsored our stay there .. and that hotel is a very nice hotel even though the outside of the hotel does not look that nice ..

The second day ... sumthing funny happened ... haha .. our seniors ... they slept late on the night before .. and they couldn't wake up to go to the competition .. 17 missed calls .. some knocks at their room door ... and they still couldn't wake up .. hahaha ... so me and my team went ahead to Westin .. hoping that those guyz will wake in time ... haha ..

On 9:30am . the real game begin ...the other teams are damn good (well what do you expect from security companies ) ... and my team can only maintain on defending our server ... attacking is something that couldnt be done by us .. *sigh* .. i need to learn more C programming and its vulnerabilities ... At first .. our team maintain a very high point in defending .. 3rd place in total points ... however .. around 2pm .. we done a little prelinking on the vulnerable binaries so that it will be more secure ... to my surprise ... prelinking made the binaries to be unable to exploit ... and the score server started to deduct our marks because of that ... *sigh* ... and at the end of the game ... can only satisfied with 5th place (or issit 6th ? .. forgot already ) ...

Better luck next year .. that time .. KageSenshi is no longer as n00b as last time .. hehe

Result of HiTB CTF Game
First place: dokdo-kor (South Korea)
Second place: zone-h (Italy)
Third place: Qb1t (Singapore)
Post a Comment

Popular posts from this blog

Adding simple popup to Plone frontpage

Here is a little guide for those who want to add a simple popup to the Plone frontpage for some purpose (eg: announcements, advertisements, etc).

Create a basic html file containing the content you want to appear in the popup. Upload it into $PLONE_SITE/portal_skins/custom (as Page Template) and for the sake of this example, name it popup.html

Afterward, create a Javascript file with your Pop-Up loader script. For example , this script:

function popup(mylink, windowname)
if (! window.focus)return true;
var href;
if (typeof(mylink) == 'string')
href=mylink.href;, windowname, 'width=220,height=400,scrollbars=no');
return false;

popup('popup.html', 'My Popup');

Also upload this file into $PLONE_SITE/portal_skins/custom (as Page Template too). For this example, name it as popup.js

Afterward, in $PLONE_SITE/portal_javascripts , add popup.js as a new script into portal_javascripts…

Tee'ing Python subprocess.Popen output

A little hack for python coders out there who wanted to have a functionality similar to the unix's tee command for redirecting output to multiple places.

import sys
from subprocess import Popen,PIPE
p = Popen(['put','command','and','arguments','here'],stdout=PIPE)

while True:
o = p.stdout.readline()
if o == '' and p.poll() != None: break
# the 'o' variable stores a line from the command's stdout
# do anything u wish with the 'o' variable here
# this loop will break once theres a blank output
# from stdout and the subprocess have ended

HOWTO: Mirroring Yum repositories using Yum-Utils

As promised before in one of my previous post, a Howto on how to mirror and manage yum repositories using some of the utilities in yum-utils.

The first step is, well, of course, is to get yum-utils from fedora repository
yum install yum-utils

Reposync is a utility for mirroring and synchronizing local copy of a yum/rpmmetadata repository.

This utility is very useful if you wanted to make a yum repository mirror. Before this, I used "wget -R -np -N" but this method is a little bit tedious and it doesnt work with repos that didn't use directory listing. Plus, it also download together additional site stuff that I don't need/want and it doesn't verify checksum of the downloaded packages.

Mirroring a repo using this utility is easy, just execute this command
reposync -r <repoid> -a <arch> -n
and the repo will be mirrored in a folder with the same name of the repoid in the directory you executed the command. Eg: you executed the command in /mnt/storage/mi…