Test Lab 5 at ZeroNights 2013
The launch of the Up and Down Penetration Testing Laboratory at ZeroNights'13 for PentestIT was a significant event, so our team prepared especially carefully - for us it was another chance to show ourselves.
First, it’s worth a little talk about the event itself . The reports were extremely technical and interesting, the workshop pleased, the hacker atmosphere and no intrusive advertising reigned on the sites. All in all, it was very, very cool! Cool also because we managed to meet with almost all our team and friends from different cities and countries.
Now about the laboratory.In total, about 35 people took part. Since “Up and Down” was to be available only to conference participants, we restricted registration only from the IP addresses of networks available on ZN'13, however, any provider could be used to connect via VPN to the laboratory site itself and for some reason . There was free wi-fi at the conference, but given the specifics of the audience, it was impossible to use it normally - only the lazy did not launch Intercepter-NG. We did not take this fact into account, so in a hurry we began to look for a communication channel for the participants. The administration of the event promptly provided a 48-port switch and Wireless AP - after lunch, we established access to the network and launched the laboratory. The first 3 hours no one could collect the first token - the atmosphere was heating up, the choice fell on the Cygnus server (on which the site with images containing the XSS vulnerability worked), although the official site of the virtual company S-Lab, the bank, had access to the attack server and terminal Linux server. Apparently, colorful content attracted more attention from hackers. After 4 hours of unsuccessful and monotonous attempts to operate XSS Omar Ganiev(Beched) was able to get the first token, thereby adding oil to the fire to other participants. Honestly, the tasks in this laboratory were extremely difficult, and we worried that for so long no one could take a single token. After receiving the first token, we calmed down and have already begun to bet whether any of the players will be able to complete at least half of the tasks.
It is worth noting that the participants almost did not leave our table, which was very surprising - a cool event, cool reports, and they are going through a lab. Yes, we were extremely pleased. Victor Alyushin(AV1ct0r, who won the third prize in the laboratory), in addition to passing, he still managed to help other participants, which earned respect from our team! In general, I don’t want to drag out talking about the events, as a result, on the second day we had a surprise - Beched was able to complete all the tasks, which shocked our entire team! We could not imagine that in such a short time it is possible ... At 19.00 we solemnly presented diplomas and souvenirs to the winners .
Comments of participants:
See you soon!
First, it’s worth a little talk about the event itself . The reports were extremely technical and interesting, the workshop pleased, the hacker atmosphere and no intrusive advertising reigned on the sites. All in all, it was very, very cool! Cool also because we managed to meet with almost all our team and friends from different cities and countries.
Now about the laboratory.In total, about 35 people took part. Since “Up and Down” was to be available only to conference participants, we restricted registration only from the IP addresses of networks available on ZN'13, however, any provider could be used to connect via VPN to the laboratory site itself and for some reason . There was free wi-fi at the conference, but given the specifics of the audience, it was impossible to use it normally - only the lazy did not launch Intercepter-NG. We did not take this fact into account, so in a hurry we began to look for a communication channel for the participants. The administration of the event promptly provided a 48-port switch and Wireless AP - after lunch, we established access to the network and launched the laboratory. The first 3 hours no one could collect the first token - the atmosphere was heating up, the choice fell on the Cygnus server (on which the site with images containing the XSS vulnerability worked), although the official site of the virtual company S-Lab, the bank, had access to the attack server and terminal Linux server. Apparently, colorful content attracted more attention from hackers. After 4 hours of unsuccessful and monotonous attempts to operate XSS Omar Ganiev(Beched) was able to get the first token, thereby adding oil to the fire to other participants. Honestly, the tasks in this laboratory were extremely difficult, and we worried that for so long no one could take a single token. After receiving the first token, we calmed down and have already begun to bet whether any of the players will be able to complete at least half of the tasks.
It is worth noting that the participants almost did not leave our table, which was very surprising - a cool event, cool reports, and they are going through a lab. Yes, we were extremely pleased. Victor Alyushin(AV1ct0r, who won the third prize in the laboratory), in addition to passing, he still managed to help other participants, which earned respect from our team! In general, I don’t want to drag out talking about the events, as a result, on the second day we had a surprise - Beched was able to complete all the tasks, which shocked our entire team! We could not imagine that in such a short time it is possible ... At 19.00 we solemnly presented diplomas and souvenirs to the winners .
Comments of participants:
Interview with Omar is available here.
I like to spend half the time at the conference on solving problems. And not only at the conference ...
In this sense, the next laboratory from the PentestIT team came in very handy at ZeroNights. I started the passage in the evening of the first day.
Everything was organized clearly, tasks again pleased, again trained the speed of work with the toolkit.
This time, the laboratory even had a task to network attack a DBMS client (I immediately realized that this attack needed some kind of attack because I was going to lay it in the upcoming CTF competition with blackjack, prizes and hackers under the auspices of “ Information Protection ” ).
It turned out to finish all the tasks (not without hints of clues) only by the end of the second day.
As a result, only three people entered the S-Lab information system, all long-time acquaintances. Probably, it is necessary to more actively popularize such competitions, because many are too lazy to study and make some efforts for professional development in this area.
Omar Ganiev (Beched), I place
At the recent ZeroNights conference, I managed to speak as a speaker and take part in two contests: Break Me Down from Kaspersky Lab and Up and Down PentestIT.In conclusion, we want to express our deep gratitude to the organizers of the Digital Security event and our participants. It was very cool to get into a friendly hacker atmosphere and distract from work and business, albeit for 2 days.
Since the first competition is still in progress, I will write about it later, and I will tell you more about the penetration testing laboratory “Along and Bars”.
The competition, in general, really liked it and it’s more fun to sit on reports, and in the evening there is something to do.
Tasks are not very many - only 10 pieces, just for two days of the conference. The presence of the storyline is very pleasing - the services are interconnected and each has a hint or password from the next service.
The network diagram helps a lot - you don’t have to wonder where the services that have not yet been broken remain, though this time it made a mistake with the network map - I did not check that the routing from one subnet to another was already set up, therefore only the third place.
The content of the tasks itself is very pleasing - both brute force, and SQL injections, and XSS attacks on bots, and the use of exploits from Metasploit, but I, as a reverser, are a little upset by the absence of vulnerabilities like buffer overflow or use after free - I only saw laboratories "Profit-2013".
In general, I advise everyone to participate in the next laboratory, as well as Profit-2013, which is currently operating, which is part of a contest held by the System Administrator magazine. I want to wish all participants patience in bruteforce of ssh passwords, ingenuity and resourcefulness in searching for tokens and passwords on servers, as well as a good mood and good luck!
Victor Alyushin (AV1ct0r), III place
See you soon!