It has been a while since I update this blog .. too busy with stuff ...
on last 20-21 September I entered HackInTheBox competition (one of our reward for winning I-Hack CTF UITM) .. We went there on Tuesday 19th .. me and my teammate, yondie went early because we need to meet our additional team member who are from UITM Arau, Perlis .. we was one of the guy in the third place winner of I-Hack CTF .. UTP won both first and second place during I-Hack .. so both of the teams got chance to enter HiTB ... The second team is our seniors who are very experienced in this kindof stuff ... my team stay @ my house for the night and went to Westin Hotel early next morning .. I'm a n00b in this .. so expect the worst from me .. hehe
The first day of the competition .. we are given 1 server running Ubuntu 6.06 with 6 vulnerable services to protect .. after getting it .. i quickly configure iptables to filter out any packets from the same subnet of the server except from the reverse NAT gateway ... juz some quick fix so that our server wont be in the ip list of other attackers quickly ... besides that .. nothing can be done ... the score server that supposed to check our boxes couldn't check the running services ... and the game for the day is suspended until the next day ...
I'm a little bit disappointed with the suspension ... but however .. at least we got some time to enjoy ourself with the free foods at that hotel .. hehe .. At night, we stayed @ Ancasa Hotel near Puduraya station ... UTP sponsored our stay there .. and that hotel is a very nice hotel even though the outside of the hotel does not look that nice ..
The second day ... sumthing funny happened ... haha .. our seniors ... they slept late on the night before .. and they couldn't wake up to go to the competition .. 17 missed calls .. some knocks at their room door ... and they still couldn't wake up .. hahaha ... so me and my team went ahead to Westin .. hoping that those guyz will wake in time ... haha ..
On 9:30am . the real game begin ...the other teams are damn good (well what do you expect from security companies ) ... and my team can only maintain on defending our server ... attacking is something that couldnt be done by us .. *sigh* .. i need to learn more C programming and its vulnerabilities ... At first .. our team maintain a very high point in defending .. 3rd place in total points ... however .. around 2pm .. we done a little prelinking on the vulnerable binaries so that it will be more secure ... to my surprise ... prelinking made the binaries to be unable to exploit ... and the score server started to deduct our marks because of that ... *sigh* ... and at the end of the game ... can only satisfied with 5th place (or issit 6th ? .. forgot already ) ...
Better luck next year .. that time .. KageSenshi is no longer as n00b as last time .. hehe
Result of HiTB CTF Game
First place: dokdo-kor (South Korea)
Second place: zone-h (Italy)
Third place: Qb1t (Singapore)