Laboratory "Test lab 5" at ZeroNights 2013
The launch of the penetration testing lab “Along and across” on ZeroNights'13 for PentestIT was a significant event, so our team prepared very carefully - for us it was another chance to show ourselves.
To get started is to talk a little bit about the event itself . The reports were extremely technical and interesting, the workshop pleased, the hacker atmosphere reigned at the sites and no intrusive advertising. In general, it was very, very cool! It's cool because we managed to meet almost all of our team and friends from different cities and countries.
Now about the laboratory. In total, about 35 people took part. Since “Along and across” was supposed to be available only to conference participants, we restricted registration only from the IP addresses of the networks available on ZN'13, however, any provider could be used to connect via VPN to the laboratory site itself and for good reason . There was free wi-fi at the conference, but considering the specifics of the audience, it was impossible to use it normally - only the lazy one did not launch Intercepter-NG . We did not take into account this fact, so in a hurry we began to look for a communication channel for the participants. The event administration promptly provided the 48-port switch and Wireless AP - after lunch we set up access to the network and started the laboratory. For the first 3 hours, no one could collect the first token - the atmosphere was heating up, the choice of all participants fell on the Cygnus server (on which the website was working with images containing the XSS vulnerability), although the attack was still accessed by the official site of the virtual company S-Lab, the bank server and terminal Linux server. Apparently, the colorful content attracted more attention from hackers. After 4 hours of unsuccessful and monotonous attempts to exploit the XSS, Omar Ganiev (Beched) was able to get the first token, thereby adding fuel to the fire to other participants. Honestly, the tasks in this laboratory were extremely difficult, and we were worried that for so long no one could take a single token. After receiving the first token, we calmed down and had already started betting whether any of the players would be able to complete at least half of the tasks.
')
It is worth noting that the participants practically did not leave our table, which was very surprising - a cool event, cool reports, and they pass the lab. Yes, we were very pleased. Viktor Alyushin (AV1ct0r, who won the third prize in the laboratory), in addition to passing, still had time to help other participants, which earned him respect from our team! In general, I do not want to delay, telling about the events, as a result, on the second day we were in for a surprise - Beched was able to complete all the tasks, which made our entire team a shock! We could not assume that in such a short time it is possible ... At 19.00 we solemnly presented diplomas and souvenirs to the winners .
Participants comments:
See you soon!
To get started is to talk a little bit about the event itself . The reports were extremely technical and interesting, the workshop pleased, the hacker atmosphere reigned at the sites and no intrusive advertising. In general, it was very, very cool! It's cool because we managed to meet almost all of our team and friends from different cities and countries.
Now about the laboratory. In total, about 35 people took part. Since “Along and across” was supposed to be available only to conference participants, we restricted registration only from the IP addresses of the networks available on ZN'13, however, any provider could be used to connect via VPN to the laboratory site itself and for good reason . There was free wi-fi at the conference, but considering the specifics of the audience, it was impossible to use it normally - only the lazy one did not launch Intercepter-NG . We did not take into account this fact, so in a hurry we began to look for a communication channel for the participants. The event administration promptly provided the 48-port switch and Wireless AP - after lunch we set up access to the network and started the laboratory. For the first 3 hours, no one could collect the first token - the atmosphere was heating up, the choice of all participants fell on the Cygnus server (on which the website was working with images containing the XSS vulnerability), although the attack was still accessed by the official site of the virtual company S-Lab, the bank server and terminal Linux server. Apparently, the colorful content attracted more attention from hackers. After 4 hours of unsuccessful and monotonous attempts to exploit the XSS, Omar Ganiev (Beched) was able to get the first token, thereby adding fuel to the fire to other participants. Honestly, the tasks in this laboratory were extremely difficult, and we were worried that for so long no one could take a single token. After receiving the first token, we calmed down and had already started betting whether any of the players would be able to complete at least half of the tasks.
')
It is worth noting that the participants practically did not leave our table, which was very surprising - a cool event, cool reports, and they pass the lab. Yes, we were very pleased. Viktor Alyushin (AV1ct0r, who won the third prize in the laboratory), in addition to passing, still had time to help other participants, which earned him respect from our team! In general, I do not want to delay, telling about the events, as a result, on the second day we were in for a surprise - Beched was able to complete all the tasks, which made our entire team a shock! We could not assume that in such a short time it is possible ... At 19.00 we solemnly presented diplomas and souvenirs to the winners .
Participants comments:
An interview with Omar is available here.
I like to spend half the time at the conference to solve problems. And not only at the conference ...
In this sense, another lab from the PentestIT team came in handy at ZeroNights. Started passing the evening of the first day.
Everything was organized clearly, the tasks pleased me again, and again practiced the speed of working with the tools.
This time in the laboratory there was a task even for a network attack on a DBMS client (I immediately realized that this kind of attack was needed in this laboratory, since I was going to lay it in the upcoming CTF competition with blackjack, prizes and hackers under the auspices Informzaschity " ).
All tasks turned out to finish (not without a hint of hints) only by the end of the second day.
As a result, only three people entered the S-Lab information system, all long-time acquaintances. Probably, it is necessary to actively promote such competitions, because many people are too lazy to study and make some efforts for professional development in this area.
Omar Ganiev (Beched), I place
At the recently held ZeroNights conference, I managed to speak as a speaker and take part in two competitions: “Break me” from Kaspersky Lab and “Down and across” from PentestIT.In conclusion, we would like to express our deep gratitude to the organizers of the Digital Security event and to our participants. It was very cool to get into a friendly hacker atmosphere and get away from work and business, even for 2 days.
Since the first competition is still underway, I will write about it later, and I will tell you more about the penetration testing lab “Along and across”.
The competition, in general, was very pleasant, and it is more fun to sit on the reports, and in the evening there is something to do.
There are not so many tasks - only 10 of them, just for two days of the conference. Very pleased with the presence of the storyline - the services are interrelated and each has a hint or password from the next service.
The network scheme helps a lot - you don’t need to guess where there are still unbroken services, though this time it’s wrong with the network map –– I didn’t check that the routing from one subnet to another is already configured, so only the third place.
The content of the tasks itself is very pleasing - and brute force, and SQL injections, and XSS attacks on the bot, and the use of exploits from Metasploit, however, as a reverser, I am a little upset by the lack of buffer overflow vulnerabilities or use after free - only once I saw laboratory "Profit-2013".
In general, I advise everyone to take part in the next laboratory, as well as Profit-2013, which is currently working, which is part of the contest held by the System Administrator magazine. I would like to wish all participants patience in brute force ssh passwords, ingenuity and resourcefulness in searching for tokens and passwords on servers, as well as pleasant mood and good luck!
Victor Alyushin (AV1ct0r), III place
See you soon!
Source: https://habr.com/ru/post/202386/
All Articles