Root-Fu ; Rise of the Ninjas

• Introduction to Root-Fu

• DCX -> interz0ne -> DC11

• Show me the sploitage!

• Rants, Raves, and Moving Forward

Introduction to Root-Fu

• What is a hacker challenge?

• How it used to be…

• What is Root-Fu?

What is a Hacking Challenge?

• What is a hacker?– Deep knowledge– Finding exploits– Breaking in– Fixing– Classical hacking

• Lock picking• Dumpster diving• Social Engineering• Phreaking

What is hacking challenge?

How to test this in 2-3 days?– No script kiddy bull shit– Finding and developing exploits– Teamwork (WTF?)– Integration of classical hacking– Fast paced game

What it used to be…

• Single network on switch/hub

• Teams hacked into random shit

• Goons scored game by hand, paper “flags”

• DOS, DOS, and DOS some more

• Bust out that script kiddy y0j0

• Palante BOFH, only fun part of CTF (8 million ;)

What is Root-Fu?Goals of the Game

• Exercise multiple skills associated with hacking– Mix known exploits with on the spot analysis,

development, and usage of unknown vulnerabilities

– Try and follow “real world” if possible• Detection of attacks• Plugging security holes

– Work in classical skills

What is Root-Fu?What does it look like?

• 1 common server distro– Gogo vmware

– Not platform dependent

• 8 NAT’d networks– Physical interfaces

galore

• Scoring system– Automated scoring

– Keep those distro’s up people!

• Scoreboard server– Neet’o visual

representation

– WTF does it all mean anyways?

What is Root-Fu?The layout(add pics)

Red

OrangeYellow

Green

Router

DNSScoreSys

ScoreBoard

Proj.

Cable

DCX -> interz0ne -> DC11

• Type of game

• Script Kiddie vs. Hacker

• Distractions

Type of Game: DCX

• From FreeBSD to Redhat in 24 hrs– Distro Leaked?

• Known exploits ruled the day• Planted stuff largely over looked• Distractions

– Dumpster diving– Lockboxes– Information destruction– BSA audit

• Teamwork??

Type of Game: interz0ne ii

• Re run of DCX game with new distro

• Unofficial game– Didn’t hit 4 team minimum– Stock distro as forth team

• Digital Revelation telecommutes

• Infrastructure issues– This is not the bandwidth you are looking for…

Type of Game: DC11

• Move away from stock vulnerabilities– OpenBSD

– Unknown software

– Introducing vulnerabilities

• Application Centric• What distractions?

• Multiple roots per server

• Morphing flag keys– Unknown ownership

• Even more cryptic scoring

• State kills the reboot

Script Kiddie vs. Hacker

• Show me the roots– Prior to Root-Fu, max

roots 6-7

– DCX – 15 wins the day

– DC11 – 42 wins, 12 average

• Actual on the spot exploit development occures (dc11)

• Defense– From rebooting to

securing

– Immunix ports to secure linux

– Patching in production

• Auditing of applications

Distractions

• Dumpster diving

• Hard drive destruction

• Lock picking

• BSA Software audits

• Where did they go @ DC11?

What we saw

• Exploits

• DOS

• Team Strategy

Exploits

• Syslogd - Owning everyone, but no “root”s?

• Sql injection?

• Heh, I like mudz

• >> INSERT MORE CONTENT <<

DOS

• Bandwidth

• Deleting mysql dbs

• Rm -rf /

• Tracking ‘em down…

Team Strategy

• Getting there… much improvement from DCX

• A security team could still rule

Rants, Raves, and Moving Forward

• Is this hacking or admining?

• Nice graphics, but what does that thing say?

• Can we trust GHI to run a fair competition?

• Where are we going with this?