Thursday, April 18, 2013

Ihack 2013: Image and Writeups.. Download VM

Sorry for the delay. I`m not well for the past few days. 3 Days with sleepless night makes my decision capability affected quite badly. Nevertheless we manged to setup everything with few hiccups..
Congratulations to the winner. Now the bad parts.


1.Quality versus Quantity

Setting up 31 team's Network with VPN plus few custom network rules/patches is not an easy task. Writing a scoreserver is also not an easy task (A team from UTP even found a undefined  reference bug to bypass challenge score server). Neverless I did oops we did our best to ensure the game run smoothly with few hiccups along the way.

So it's quite a disappointment when participants asked some question such as :

1. Camane nak setup ip static?
2. Camane nak run VPN?
3. Ada Internet ke tak?
4. Ada laptop/pc lebih tak? Kami tak bawak PC/laptop.


Those of you who fall under that category should rot in the limbo's of /dev/null..

2. Alliance and Downfall of the web.

Scores was not submitted until 9:00 pm on-wards due to some improper configuration that I did that didn`t delegate appropriate privileged to retrieve the flags. The TBDIan guys starts owning the web and nightmares' begin around  9:00 pm onwards.

Startegy. Just like in real world we choose the correct friend. In the cruel CTF world, choosing the right allied may help you to secured your place in the competition.

3. One bug to rule em all.

There are 3 interesting daemon in the  image. Majority people reused the exploit from the web.. Which is a local travesal exploit via php streamwrapper. 
But I`m gonna summarized em up.

1. VSFTPD  backdorored exploit (Writeup from Sindrosa )
2. Faggot daemon  leaked address exploit . (Daisuke write a nice writeup)
3. And the Web yeah even the All Girl teams (does it sound sexist? who cares) managed to use this one... 

Kudos to the winner and here is the link to download to the VM.. There are no root accounts so u need to reset it to rw init=/bin/bash to create a a new account... 
Image expired in 5 days.


 Updated link

DOwnload with mega

3 comments:

Anonymous said...

Cannot download image. Got a mirror??

Anonymous said...

Bro, VM image link already expired... can we get the new link? tq

Anonymous said...

are the 1st and 2nd image in the puzzle answer upload page actually hints?