HITB 2006 CTF Quick Summary --------------------------- For people who wants to know more about Capture The Flag teams, results and how we organized this year CTF at HITB Security Conference 2006 last 2 weeks. Here is a short summary: CTF Teams --------- 1.) F1r3wAll burn3r5 - SIG^2 SINGAPORE 2.) Team Zone-H - ITALY 3.) Qb1t - SIG^2 SINGAPORE 4.) Project Tango UITM - MALAYSIA 5.) Stealther - MALAYSIA 6.) FullDupl3x - MALAYSIA 7.) Tango Junior UITM - MALAYSIA 8.) Kickers - SINGAPORE 9.) DOKDO-KOR (PADOCON) - KOREA Result ------ Winner DOKDO-KOR (PADOCON) - KOREA Second Team Zone-H - ITALY Third Qb1t - SIG^2 SINGAPORE Challenges ---------- HITB 2006 CTF totally contains 6 customized challenges. Three at easy to medium level (challenge 3, 4, 6), three medium to hard (1, 2, 5). All daemons were running under different users. - Challenge 1 written by Julien Tinnes - Challenge 2 written by Philippe Biondi - Challenge 3 written by Wes Brown - Challenge 4 written by Nish Bhalla & modified by xwings - Challenge 5 written by me (rd) - Challenge 6 written by mel & xwings (actually, this challenge is similar to last year CTF connectback code but using randomized port) Team servers were running Ubuntu server edition 6.06, VA randomized enabled by default, /bin/*sh not executable by normal user. Kernel compiled with executable stack/heap/data. Score server checks for executable stack/heap/data frequently when checking for daemon flags and setting new flags. So if you use kernel with non-executable stack/heap/data enabled, your score will be deducted by score server. Same thing happen if you modify challenge binaries or 'runtime' process patching vulnerable binary code since score server also checks for SHA1 hash of binary and a part of process code segment. For detail how scoring works, please check this. Team servers also had apache, mysql, sendmail and mambo web application running on it (pound also, not sure since i didn't prepare vmware image). For the CTF result, it was disappointed to me that all 9 CTF teams were not able to identify vulnerabilities of challenges 1, 2 and 5. Even after we gave out source codes & *tips* in the beginning of the second day. Some teams were able to find out the vulerabilites of challenge 3 and 4, but no team was able to get working exploits for it due to the VA randomized and non-executable /bin/sh. The winner team (DOKDO-KOR from Korean) was able to get challenge 6's flags from other teams. As many people asked me to send challenge's binary and source code to them to try by themself. I upload it here. You can get challenge's binaries and source codes from the links below (try to play with binary first;). By the way, if you get working solutions for challenges, feel free to send it to me (rd at thc dot org) Binaries: http://www.vnsecurity.net/download/hitb06/flags.tar.bz2 Source codes: http://www.vnsecurity.net/download/hitb06/daemons_ctf2006.tar.bz2 For detail CTF write up & solution for challenges, please stay tuned .. too busy @work now & preparing for holidays back to my country. $rev 1.3$ $author: rd$