Monthly Archives: December 2008

UCSB iCTF 2008 Notes Before Sleeping

Another UCSB iCTF is over, and I'm once again wishing that the earth was flat.  It is a fun competition, but entering from Australia is a pain when the competition starts at 2:00AM AEST.

Thanks to the guys at UCSB for a very different image, and competition again.  The imagination and effort that goes into creating the images is always great.  The delivery of a PCDos image to start the competition off was a nice touch.  It was somewhat frustrating that the preparation work put in by our network infrastructure team went to nothing, but the idea of each team having an independant network to work on was good.

My biggest lesson for the night was that google is a great tool for looking up the sources for md5 hashes. google: md5hashstring will often return the source string for the md5 hash.

My other discovery was the power of nc, and just how bad allowing shell code to be executed is (php exec combined with system and nc allows really nasty attacks — especially when the server is configured to allow them).

A combination of firefox plugins, and Java with HTTP Client were my primary attack tools this year. I was pretty happy with the setup, missing one or two plugins that some others on my team had, but overall it worked pretty well for me.

Overall it was a good night out.  I'm shattered now, and off to bed.  I might either update this or post a followup after getting some sleep.