Wargame: "Challenge the staff" [Idea] - Competitions / Projects

Sh3llc0d3

Ok, randomly came up with the idea of having a one on one wargame where people can sign up to challenge a staff member who volunteers for the wargame.

Requirements: two .iso's identical to eachother, both having a webserver with a site and several processes running. Both boxes will have files with unique encrypted passwords that can be stolen and decrypted to instantly win the wargame (they can only be access as root). The decrypted message must be sent to a referee as soon as possible.

Example mission: both receive a mission statement, stating that the defender must,

A) keep their webserver online and all pages intact
B) all their original processes must stay active and functioning without problems at the end of the wargame
C) Defend from incoming attacks

Attacker must:

A) Attack and try to disrupt two key functions
- The webserver
- processes running on the box
B) Although the attacker's mission is to attack he/she can also be attacked so defence is also a task.

Attacker gains points for attacks such as defaces, root access etc and loose points for deleting files impeding the running of the box itself, dos attacks etc. When a target number of points has been reached before the timelimit runs out the attacker has won.

Either person can try to gain root access and try and find the file mentioned earlier, however they will not be in the same place.

This Idea is nice and simple and pretty simple to run. Just make copies of iso's, no need to download multiples and install the tools that you (the organisers wish before hand, on both machines of course).

Random idea and not sure if you'll all like it but it's something different :)

chroniccommand

Sounds like a pretty sick idea actually.

Xin

I like it :) il start write away. Lets run it on Ubuntu server as it will be lightest. Only probably is if its challenge start, the devs cant compete. But thats no problem.
Anyway i think
- Webserver with hidden RFI and LFI vulnerabilities
- Poorly configured FTP server allowing anonymous access and a vulnerable .c file that can be exploited to get root.
- Other things i havent thought of yet as im tired.

Sh3llc0d3

Yeah I thought so, staff could offer to 'referee' member games too, could be a perk of having the upgraded account.

EDIT: sorry Xin, slow typing on my part, great ideas on the ftp and vuln's. Think RFI and LFI are going to be the nicest and easiest to do for the webserver :)

Xin

said:

I like it :) il start write away. Lets run it on Ubuntu server as it will be lightest. Only probably is if its challenge start, the devs cant compete. But thats no problem.
Anyway i think
- Webserver with hidden RFI and LFI vulnerabilities
- Poorly configured FTP server allowing anonymous access and a vulnerable .c file that can be exploited to get root.
- Other things i havent thought of yet as im tired.

Il host one if not both the boxes on my PC and we can use hamachi to link them. As im not competing.
We should also award points for quietness, i will deduct points for IP's being caught in the logs a lot

Xin

said:

said:

I like it :) il start write away. Lets run it on Ubuntu server as it will be lightest. Only probably is if its challenge start, the devs cant compete. But thats no problem.
Anyway i think
- Webserver with hidden RFI and LFI vulnerabilities
- Poorly configured FTP server allowing anonymous access and a vulnerable .c file that can be exploited to get root.
- Other things i havent thought of yet as im tired.

Il host one if not both the boxes on my PC and we can use hamachi to link them. As im not competing.
We should also award points for quietness, i will deduct points for IP's being caught in the logs a lot

We can also give one player on each team allowing him to iptables drop any rival ips he catche, although that could get out of hand so maybe not.

Sh3llc0d3

That would be a sweet setup, getting logged would be a big no no, maybe extra points for editing logs and covering tracks?

Howdy, Stranger!

Top Posters

Who's Online (0)