said:

Simple and easy to setup were my thoughts when I first came up with this, but not too easy...

Wargame Idea 1:

2 linux boxes

1st box: you have access to the box at the start of the mission using SSH session.
On the box are several files which contain (when arranged correctly) a secret message.
the person must decode the message and then move on to hack the 2nd box.

2nd box: running local webserver that has clues to a password on the website.
the person must get the password to the root admin on the pc.

site idea: something to do with the admins love of dogs, with the password being
dog2010 or something.

this allows root access to the poorly secured server.


Completion is achieved when the person has gained root access and saved a file
as root with the message in it, also leaving a copy of his or her name with the message

The message must be saved in the root directory.

Simple yet fun :) This could easily be setup on hamachi I think. Virtualbox it then install hamachi on both boxes and connect to the same network. The people taking part would then connect and attempt it.

Sounds good! What sort of decoding do you mean

Yeah well that was the thing, just have the basic frame of an idea and you can switch in whatever you want. Decoding could be as _st4ck3D* says, some type of 'lookup on crypo.com' decode or soemthing much easier such as "veryh" "sis" "not" "ard" "thi" -> "thisisnotveryhard" split into 5 files. Anything really, but the rest I thought was pretty simple and would test people in the basics. If you did something like that you could use the webserver in other games for harder web app security challenges. Just swap the sites.

Well you could make a vulnerable website to exploit, something with a simple RFI or LFI vuln, then move to sql inejections... maybe borrow code from dam vuln web app?

Finding old software that can be exploited might be hard depending on what you want. Coding you own would take a while.

I wouldn't be worried about the OS if the 'attackers' are accessing the server via SSH gnome or KDE won't matter (just incase you were thinking about that lol). Memory Shouldn't be effected that much either unless someone fucks about with it. I'd try ubuntu like you said and if you want a webserver maybe lighttpd or apache. Depends what you feel more comfy using.

CLI as in configure everything using shell? Yeah, check out the readme. What I mean about the SSH etc is if you want the server to be exploitable, then install hamachi on the box and let others connect their pc's to the hamachi network and then they can portscan the vuln system or whatever based on the mission you set for them.

Yeah I know CLI, Was just wondering if you want to know if it had it's own CLI :S I know weird lol. ghamachi (gui) is supposed to be a bit crap, I don't know if you've tried it or not. If you need anymore help with ideas or help with the boxes let me know and i'll help as much as I can

I've downloaded ubuntu and i'm working on some more wargames at the moment as well, i'll let you know what I come up with and post the settings/files.