2004-12-18 01:18

by Vasil Kolev

It’s over.

The morning began with an interview for “Horizont”, and I was half-asleep – I kept forgetting the question that they’ve just asked me… I hope I didn’t sound too bad.

Then I got to hall 6, when we started assembling and organizing. As usual, it was hell – first Vlado was late with about hour and a half, then we assembled the rack (for which we didn’t have some parts of the kit, called to get them delivered, and they delivered ANOTHER (smaller rack) to us) (btw, a romanian rack – in it’s documentation it’s called dolap 19″), then we made some cables (for which Bobson really did help, one big thank you), and Vlado created a new olympics event – 8 times 6 meters of pulling of UTP cable), we arranged the tables, configured the projectors (in the end we were with only one, the second was really bad, and kept dying by itself), etc, etc. I can guess how we looked to the people outside… We managed to be 45 minutes late for the beginning and with 30 for the second part, we finished at 19:45.

So, the event began. The first stage was installation of the machines and configuration of the networking. Here the first problems began to show – there was a clause that the machines had to accept ICMP echo requests from the gateway, to be able to see if someone’s machine gets crashed by someone else, and most of the people weren’t able to configure it on the first try, and in the end a team lost 5 points, because I had to explain echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all to them. Not to mention how bizarre for them was that all the internet they could use was through proxy. There were some other funny moments – like a team of two contestants, where one of them was bridge-ing the other and was a firewall for him.

Then the event began, where all of the contestants showed how bad they were. For two hours them were able to crack 2 services out of 9, and only because of some hints from the jury, and a lot of fun moments…

The situation was as follows – 3 servers – itanium (IA64, Debian GNU/Linux), win (dual Xeon/3Ghz, Windows 2000 server service pack 1), and fbsd (Xeon 2.8, FreeBSD 4.10-RELEASE).
On the intanium there were 3 services – a PHPNuke, version 3 years old, with the default administrator password (the first cracked service after the hint that we have a default password somewhere), a blog (wordpress) which had wp-config.php~ , readable for everybody (and install.php, which I had forgotten, and Zhoro accidentally found) which had the password for the database (which could be used from anywhere, and which one team tried to use to login in the blog itself), and the last one was to create a file from some pieces – the first 2048 bytes of the current kernel, a module, /etc/passwd, and a file, described in the local postgresql database. NOBODY even tried to login as the user postgres, to see that the password is the same as the login…
On the windows machine there was an IIS 5, one WarFTPD 1.65 (old and with holes), and a tiny personal firewall, which filtered the access of the contestants to ports 135 and the similar ones (but not the access of the servers. If anybody got to the intanium , from there the windows was WIDE open). The three tasks were to write files in two directories, and to add a rule to the firewall. Nobody was able do to anything, some people put files in a wrong directory, because they thought that they had to do it through the anonymous ftp…
On the fbsd there was a thttpd with the source (visible in the webroot) with one hole put there by me, and nobody tried even to look at it, a ssh 1.2.26, which can be cracked with a look, and the final task was to add a vhost to the thttpd, which was reading its config from the mysql database on the itanium (and for which the connection options were left in the source). The only thing done was that one of the teams managed to kill the thttpd (which I should check how they did it).

In the end there was one team in the first place (the ones that got in in the last moment, on the exhibition), another team from Plovdiv was second, and nobody got third place (e.g. the score was 20,10,0,0,0,-5). I explained to everybody the configuration and what were the possibilities for penetration, and in the end the contestants agreed with me, that it was easy – a lot of them justified themselves with the excuse that they got embarassed… At least the people liked it – the sponsors, the contestants, even the jury (Nikolay, Zhoro, and Alex Stanev) (I wasn’t happy, but I’m not in the people:) ).

I’ll have to upload somewhere the logs of the traffic from the contest, I’ll just have to clear them from the flood that the one from the teams did…

There were a lot of journalists at the event, Nedyalkov got interviewed for bTV (they even showed us in the evening news), Ani from some television show (something they thought that I knew, but I don’t wan’t TV and don’t really care) wnted to talk to the contestants, all kinds of these people were running around…

Then it was over, we gathered all the equipment, and finished the night in “L’incontro allegro” – a really good place, at “Shipka” near to the channel, after a hour of looking for a pub. I almost fell asleep there – after a day of staying straight, waking around and doing errands I was almost dead, even now my knees hurt.

(damn, I wrote out myself :) )

Leave a Reply