Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on [email protected] for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact [email protected]

HackEire 2011 Challenges

  • 06-04-2012 7:47am
    #1
    Closed Accounts Posts: 24 markofu


    Folks,

    We will be releasing some of the challenges from HackEire 2011 (some just aren't feasible sadly as they require a full system and network).

    Check out http://twitter.com/hackeire for the link to the first challenge (reverse-engineering).

    Damo2k has already been playing with it and seems to like it.

    The objective is to find the code/answer. There are links to learning about reverse-engineering here -> http://www.hackeire.net/2011/10/useful-links-for-reverse-engineering.html.

    Time permitting, I'm going to release the challenges once a month (there should be 5 or 6, providing I can find them all).

    Any questions, PM me or contact me on Twitter (@markofu), which will be most likely quicker.

    Hope you enjoy it!

    Cheers, Mark

    P.S. If you're wondering why I've changed my mind, it's a long story.


Comments

  • Closed Accounts Posts: 2,267 ✭✭✭ Zayd Limited Dough


    Done. Very good challenge. I recommend people try this.

    Cheers markofu for that pointer.


  • Closed Accounts Posts: 2,267 ✭✭✭ Zayd Limited Dough


    Did anyone else try this ?


  • Closed Accounts Posts: 3,981 ✭✭✭[-0-]


    I haven't tried it yet. I don't have access to my windows VM for another week or thereabouts. I'll give it a bash then. :)


  • Closed Accounts Posts: 2,267 ✭✭✭ Zayd Limited Dough


    Next one please :-)


  • Registered Users Posts: 126 ✭✭infodox


    I know it is likely a silly question, but will there be a HackEire 2012 does anyone know? Have been working on some rather nice stuff here, mostly "embedded" and webapp stuff. Same question about CampusCon (2013?) (the server is down BTW)


  • Advertisement
  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    No plans for CampusCon, but I could pose the question to the lads :) Potentially another con however at some point, but I can't say anymore about it yet.


  • Closed Accounts Posts: 24 markofu


    Next one please :-)

    Got distracted with a few other things, I'll try to get it sorted soon.

    I can give out the other reverse-engineering challenge, which is harder, or I can try to track down the packet capture challenges????

    Re. HackEire 2012, long story but it's not looking likely. A few discussions to be held over the next month I hope. All updates are posted on Twitter (hackeire or markofu) and www.hackeire.net.

    AFAIK, IrissCon 2012 will be happening.


  • Closed Accounts Posts: 2,267 ✭✭✭ Zayd Limited Dough


    markofu wrote: »
    I can give out the other reverse-engineering challenge, which is harder, or I can try to track down the packet capture challenges????

    Either, or. Packet capture ones might be fun!


  • Closed Accounts Posts: 24 markofu


    @Damo2k

    I'm up to my t*ts with work at the minute so haven't got around to finding the pcaps, I'll get them for you in a couple of weeks hopefully. Sorry for the delay :(

    @Infodox

    HackEire isn't on this year, the Iriss-Cert team are planning on developing their own challenge. I'm not involved so your best bet is to drop them an email.


  • Registered Users Posts: 226 ✭✭GismoBaby


    I have the pcap's and the accompanying question sheet... :D

    If anyone still wants them ill post them...


  • Advertisement
  • Closed Accounts Posts: 24 markofu


    Sorry for the delay Damo, here ya go....

    3 pcap challenges (hopefully I've got them in the right order). A question sheet accompanies the pcaps. Link is https://www.dropbox.com/sh/l48wjkuaqnu5yt1/V_YEiLD6tS.

    The first challenge was sent out two days previous to HackEire 2011 and the others were on-the-day challenges so the first should be a little harder.

    Enjoy! Any problems, let me know (PM or Twitter is best).


  • Registered Users Posts: 126 ✭✭infodox


    c1.pcap and c3.pcap are mixed up by the looks of things.

    However, VERY grateful for this, and will be documenting my progress over on my site and posting here whenever I make some decent progress :D This is exactly the kind of thing I was looking to have a crack at!

    Will have to give the Iriss guys a shout again sometime...


  • Closed Accounts Posts: 24 markofu


    Yep, nice spot :) I've deleted the files and re-uploaded everything correctly! Let me know how you get on.


  • Closed Accounts Posts: 2,267 ✭✭✭ Zayd Limited Dough


    markofu wrote: »
    Sorry for the delay Damo, here ya go....

    3 pcap challenges (hopefully I've got them in the right order). A question sheet accompanies the pcaps. Link is https://www.dropbox.com/sh/l48wjkuaqnu5yt1/V_YEiLD6tS.

    The first challenge was sent out two days previous to HackEire 2011 and the others were on-the-day challenges so the first should be a little harder.

    Enjoy! Any problems, let me know (PM or Twitter is best).

    Cheers will look at these.


    Did anyone else take a look at the first challenge?


  • Registered Users Posts: 226 ✭✭GismoBaby


    wasnt rushing u markofu thats why i didnt post them in my original post! thought id save ya a job! anyone care to post their findings on this challenge when they have it completed? only ever had a purely educational knowledge of wireshark so gave up pretty quick when confronted with such a huge file (or 2!). only had a hunch about what to look for. would love some feedback on this


  • Registered Users Posts: 226 ✭✭GismoBaby


    infodox wrote: »
    c1.pcap and c3.pcap are mixed up by the looks of things.

    However, VERY grateful for this, and will be documenting my progress over on my site and posting here whenever I make some decent progress :D This is exactly the kind of thing I was looking to have a crack at!

    Will have to give the Iriss guys a shout again sometime...

    Link to your site infodox? would like to follow your progress!


  • Registered Users Posts: 126 ✭✭infodox


    GismoBaby - http://insecurety.net is where I will be posting progress. I only have given them a "first pass examination" in Wireshark today, but tomorrow will start posting my analysis of one of the pcap files (whichever I do first).

    I already KIND OF have a hunch about the first one - the client side exploit one - and can answer some of the questions on the second one (the port scan one). The ICMP one needs closer examination.

    I will be using XPLICO and Wireshark mainly, though I may also use a couple of other tools as I see fit. Will basically be documenting everything I can.

    Warning for other challenge attempters - my blog posts on this will be spoiler riddled as they will document my solution/attempts.

    PROTIP: USE WIRESHARK FILTERS! Will save you a SERIOUS amount of time.

    // Note: The malicious web server seems to be operating on a non standard port. Metasploit maybe?
    // The port scanner is very common one. I had guessed before I opened the file. Have hard evidence now though :3


  • Registered Users Posts: 226 ✭✭GismoBaby


    infodox wrote: »
    GismoBaby - http://insecurety.net is where I will be posting progress. I only have given them a "first pass examination" in Wireshark today, but tomorrow will start posting my analysis of one of the pcap files (whichever I do first).

    I already KIND OF have a hunch about the first one - the client side exploit one - and can answer some of the questions on the second one (the port scan one). The ICMP one needs closer examination.

    I will be using XPLICO and Wireshark mainly, though I may also use a couple of other tools as I see fit. Will basically be documenting everything I can.

    Warning for other challenge attempters - my blog posts on this will be spoiler riddled as they will document my solution/attempts.

    PROTIP: USE WIRESHARK FILTERS! Will save you a SERIOUS amount of time.

    // Note: The malicious web server seems to be operating on a non standard port. Metasploit maybe?
    // The port scanner is very common one. I had guessed before I opened the file. Have hard evidence now though :3

    Thanks infodox! look forward to getting a look at how you do things! was at hackeire and it was a real eye opener on how little is taught on this stuff in college!!

    Ps nice site! just had a gander there!


  • Closed Accounts Posts: 24 markofu


    No problem, I've been out of the country hence the delay so it was a nice prompt!

    Regarding security education in universities in .ie, I've found it to be very poor in general and the last few HackEires have confirmed that to me. I don't believe most lecturers have real-life experience.

    If you want to learn Wireshark specifically, check out some of Laura Chappell' stuff (google her name for books, site etc).

    As infodox said, filters help significantly and experience teaches you how and what filters to use. My experience comes from being sent 500mb-2gb pcaps and been told to find the problem :)


  • Registered Users Posts: 126 ✭✭infodox


    Well, I have an initial report on it up - http://insecurety.net/?p=75 - will be editing it as I progress, so some of the data might change as I doubt my 4am analysis was the best. Will move to the second challenge once satisfied I have everything from the first :)


  • Advertisement
  • Closed Accounts Posts: 24 markofu


    Wrong user agent :)


  • Registered Users Posts: 126 ✭✭infodox


    Knew I had to have something wrong somewhere, will be going over it some more :)

    I was trying to use pcapcat - http://blog.kiddaland.net/dw/pcapcat - to dump the data but it segfaults. Likely a broken Perl installation on my box, so I will be looking into this.

    The :8080 and :4444 are definately a hint to those familiar with using the tools though, and I will be updating the post later.

    BTW, nice one on the "obfustication", had me bloody frustrated :D


  • Closed Accounts Posts: 2,267 ✭✭✭ Zayd Limited Dough


    Hi, I havn't looked at any of the packet capture challenges yet.

    But do you have any of the other reversing challenges handy ? I enjoyed the first one: http://t.co/iqstI5Yh


Advertisement