Results tagged “challenge” from Just Another Hacker

Post mortems - Wargames

|
With smpCTF looming I thought I would link to these excellent "post mortems" from
CCDC 2010 and Reiners exploiting past sql filters, something we have seen in the last two codegate and owaspeu10 challenges...
CCDC 2010 - Part1
CCDC 2010 - Part 2
Reiners - Exploitiing hard filtered sql injection article
smp Capture The Flag (CTF), 2010 Hacker Olympics, is a contest designed by "hackers" and "security enthusiasts" for the like to battle it out against each other over a highly sugar induced weekend. In the smpCTF Hacker Olympics teams and individuals are put up against other teams from around the globe in the same environment with the same objectives and a mission to accomplish.

Do you have what it takes to compete...?

More details at http://www.smpctf.com/ dates and times have not yet been decided.

Security roulette

|
I had some spare time, so I created a little game. I've called it security roulette. The object is to find as many web application security flaws as you can in a given number of websites in a limited timeframe.The number of websites is determined by google and the time limit is self imposed or agreed to if you are challenging someone.

I wrote a quick mashup to help you play. The scorecard could probably use some tweaking. My suggested house rule is "no browser plugins or third party applications allowed".

Security roulette

|
Security roulette is a simple game I have made up, the instructions are provided once you start. Use the form below to get started.

Netwars

|
I have no idea why I didn't hear about this until I heard about the Ethical Hackers SSHliders challenge.

Unlike your average run of the mill challenges where you visit some third party server or website and exploit your way through some (usually) fake or not credible binaries or website. In this challenge you download and execute a virtual machine image and you have to overcome a local hindrance to gain entrance to the game. The round is unfortunately over, but you can still complete the challenge. I have been far to busy to get started yet, but I hope to complete as much as I can before round 2 starts.

Since it's coming from sans I expect there is a decent variety of difficulty and types of challenges as they have some very good brain to draw on for ideas.

Take the challenge now at http://www.sans.org/netwars/
The Ethical Hacker guys have recently released a new challenge called sshliders
To compete, head over to http://www.ethicalhacker.net/content/view/279/2/ read the details, work out some answers and submit your entry.

There will be three winners:
  • Best technical answer
  • Most creative entry that is also technically correct,
  • Random draw. 
Even if you don't know all the answers or can only guess, submit an entry with what you do have, and you'll be entered in that random draw. Winners will receive signed copies of the book, Counter Hack Reloaded. All entries are due by November 23, 2009

I picked this one up via twitter. It informs me that I solved #14, not #08. Which I don't doubt it correct. I solved it at like 3am after having had a pretty full on day starting at 6am or so. Anyway, it's a great write up and contains much of the actual challenges as well as the attempted solutions.I made a local mirror at codegate2009.pdf. I still think my description of problem #08 (#14, whatever) is more in depth, but it was a pretty simple challenge.
As usual I'm a little behind on the blogging. The results from the first round of codegate are up, you can see them at http://hacking.beist.org/. On of the CLGT members posted a post event summary from his perspective at http://vnsecurity.net/Members/lamer/archive/2009/03/11/codegate2009/

I noticed that I got blog hits from people looking for clues or solutions through google et al. I didn't get a team and had several other commitments, so I thought I would post the only challenge I got around to solving...#8. Solution after the break.

Codegate 09 is great!

|
I started late, don't have a team and won't have time to attempt everything due to commitments. So far the challenges have been great. Solved some, completely stumped on others and staying up far too late. I will definitely be there for the next one!!! I hope the challenges will stay up for a while so I can attend the harder ones at a better pace. The challenges are currently open via http://hacking.beist.org/

Codegate is on March 6 2009

|
This one sneaked up on me. I'm not sure if I've got time, but should I get an invite to a team I will try to make some.
No Clean Feed - Stop Internet Censorship in Australia
Creative Commons License
This weblog is licensed under a Creative Commons License.