building the 44con ctf

15
Building a CTF ... actually kinda tricky Wednesday, 21 November 12

Upload: 44con

Post on 05-Dec-2014

1.861 views

Category:

Technology


4 download

DESCRIPTION

Building the MWRLabs 44CON CTF for 2012.

TRANSCRIPT

Page 1: Building the 44CON CTF

Building a CTF... actually kinda tricky

Wednesday, 21 November 12

Page 2: Building the 44CON CTF

WHO

Me.. Some times known as ‘skapp’, I do various things for 44CON, security tester, breaker of things, played and run a few CTFs way back

TTYsig, Some times known as ‘Dean’, also a security tester and breaker of things, played and has run some before.

Wednesday, 21 November 12

Page 3: Building the 44CON CTF

The 2012 Idea

44CON MWRLabs CTF 2012, Evolution

A CTF that tested skills of the contestants

to find vulnerabilities in applications and systems

defend a system from attack (the other teams)

identify other interesting things in the CTF environment

We also wanted to see if the player could communicate what they found

Wednesday, 21 November 12

Page 4: Building the 44CON CTF

So The Result

Each team had a VM, with custom services running on it

Identify what was running on the system

Identify any vulnerabilities in those services

Try and fix/mitigate these vulnerabilities

Using this knowledge to attack the other teams

Wednesday, 21 November 12

Page 5: Building the 44CON CTF

DETAIL

Each VM had four services

Two in Ruby (REST Service and SMTP/POP3)

One in C (Custom Service)

Web App in PHP

Each had a couple of vulnerabilities

Each required different levels of expertise to exploit

Wednesday, 21 November 12

Page 6: Building the 44CON CTF

CTF Network

5 other standalone systems to attack

Each with different Operating Systems and Software installed

Each had a known compromise path

Couple of the systems where ones we used for the 2011 CTF that no one managed to compromise

Wednesday, 21 November 12

Page 7: Building the 44CON CTF

BIG BROTHERWe were watching

In 2011 we had a Netwitness (a 2011 Sponsor) Full Packet Capture system watching the network.

In 2012 we went Open Source

Security Onion based setup using SNORT + SNORBY + Full Packet Capture (DaemonLogger) + SQUIL to watch and alert on traffic

Proper enterprise switching that allowed us to monitor the CTF VLANs instead of homegrown TAPs we’d used previously

Wednesday, 21 November 12

Page 8: Building the 44CON CTF

BIG BROTHERWe had attacks

captured by SNORT rules for

analysis

Highlevel stats

such as this rule break

down

Wednesday, 21 November 12

Page 9: Building the 44CON CTF

BIG BROTHER

More ways to visualize the captured data

Wednesday, 21 November 12

Page 10: Building the 44CON CTF

more INFRASTRUCTURECisco 3xxx series switches for the core and distribution of the network

Wired network to the CTF network and an isolated Wireless Network via our Wireless LAN controller

ESX server running the 5 standalone systems on the CTF network, a standalone system running the scoring server and a standalone system with lots of disk for the monitoring

Firewall to prevent the players attacking ‘out of scope’ systems

Wednesday, 21 November 12

Page 11: Building the 44CON CTF

SCORING

Wednesday, 21 November 12

Page 12: Building the 44CON CTF

SCORINGModified version of an open source CTF Scoring Server

Defensive points

If a player was able to defend their system from attack and prevent the other teams stealing their flags they got defensive points.

Offensive points

Attack the vulnerabilities on the other players systems and gain offensive points

Wednesday, 21 November 12

Page 13: Building the 44CON CTF

SCORINGAdvisory Points

Here we accepted advisories for the vulnerabilities within the services, these where marked out of 10 by the Judges

Reporting style as well as content was important

We used the same system for reporting standalone system compromise

Good Behavior

Everyone was given 100 points, if they breached the rules we deducted points

Wednesday, 21 November 12

Page 14: Building the 44CON CTF

RESULTS

So none of the 2012 Standalone systems got compromised, our two 2011 systems didn’t get popped, they will be back

Someone with Nessus managed to get close, but they didn’t follow through on their scan....

The VM got a good bashing, although not all the vulnerabilities were identified.

Wednesday, 21 November 12

Page 15: Building the 44CON CTF

RESULTSWe published everything for the CTF here

http://44con-networking.net/mwrlabs-ctf-2012

Final Scores and Advisories Posted here

http://44con-networking.net/mwrlabs-ctf-2012/results/

http://44con-networking.net/mwrlabs-ctf-2012/results/adv/adv.html

Each Vulnerability in the services has a write up here

http://44con-networking.net/mwrlabs-ctf-2012/mwrlabs-ctf-2012-vulnerable-services-vulnerabilities

Wednesday, 21 November 12