Sorry for the delay. I`m not well for the past few days. 3 Days with sleepless night makes my decision capability affected quite badly. Nevertheless we manged to setup everything with few hiccups..
Congratulations to the winner. Now the bad parts.
1.Quality versus Quantity
Setting up 31 team's Network with VPN plus few custom network rules/patches is not an easy task. Writing a scoreserver is also not an easy task (A team from UTP even found a undefined reference bug to bypass challenge score server). Neverless I did oops we did our best to ensure the game run smoothly with few hiccups along the way.
So it's quite a disappointment when participants asked some question such as :
1. Camane nak setup ip static?
2. Camane nak run VPN?
3. Ada Internet ke tak?
4. Ada laptop/pc lebih tak? Kami tak bawak PC/laptop.
Those of you who fall under that category should rot in the limbo's of /dev/null..
2. Alliance and Downfall of the web.
Scores was not submitted until 9:00 pm on-wards due to some improper configuration that I did that didn`t delegate appropriate privileged to retrieve the flags. The TBDIan guys starts owning the web and nightmares' begin around 9:00 pm onwards.
Startegy. Just like in real world we choose the correct friend. In the cruel CTF world, choosing the right allied may help you to secured your place in the competition.
3. One bug to rule em all.
There are 3 interesting daemon in the image. Majority people reused the exploit from the web.. Which is a local travesal exploit via php streamwrapper.
But I`m gonna summarized em up.
1. VSFTPD backdorored exploit (Writeup from Sindrosa )
2. Faggot daemon leaked address exploit . (Daisuke write a nice writeup)
3. And the Web yeah even the All Girl teams (does it sound sexist? who cares) managed to use this one...
Kudos to the winner and here is the link to download to the VM.. There are no root accounts so u need to reset it to rw init=/bin/bash to create a a new account...
Image expired in 5 days.
Download Ihack 2013 vulnerable image.
3 comments:
Cannot download image. Got a mirror??
Bro, VM image link already expired... can we get the new link? tq
are the 1st and 2nd image in the puzzle answer upload page actually hints?
Post a Comment