Once again, Kenshoto hosted the 2008 DefCon (WarGamez) Capture-the-Flag Contest. It ran for three days, and we got only passingly useful sleep: Aug 8th 10am-8pm, Aug 9th 10am-8pm, and Aug 10th 10am-2pm.

This year duplicated last year and remained a return to classics (FreeBSD, firewalling, network-based token delivery). The major difference was the lack of SSH access to created accounts on target systems.

Sk3wl0fr00t laid down the reverse-engineering foo, were quick to automate attacks, and rocked the whole game. The real battles seemed to be for 2nd, 3rd, and 4th place, with several teams duking it out until the last minutes of the game. We (Team 1@stPlace: @tlas, Doc Brown, JROD, Mezzendo, Plato, Apu, Psifertex, Shiruken, and Wrffr) managed to hold 3rd (or should I say 3st) Place. Teams competing were:

• Sk3wl0fr00t
• Routards
• 1@stPlace
• Taekwon-V
• Guard@MyLan0
• Shellphish
• Pandas with Gambas
• WOWHACKER

It really rocks to have such a diverse group of teams. Besides the US, there were teams from Korea, Spain, France, and Italy.

Check back here for a possible write-up. CTF is much larger than the quals, so it may take some time (and masochistic tendencies) to do a detailed walk-through of the entire contest. In the meantime, here are also all the binaries that were found on the server:

• Shakespearean Challenge
• antipasto binary
• ASP binary
• bakalakadakaChat binary
• barista binary
• catdoor binary (write-up from KOrUPt)
• duckshoot binary
• EmergencyBrake binary
• grimcreeper binary, "left behind" source (write-up from z0nKT1g3r @ WiseguyS)
• hashpipe binary
• iMagick binary
• kdnsd binary
• kmaild binary
• kmsgd binary
• kryptod binary (write-up from Pandas)
• lockstep binary
• moatd binary
• roflcode binary
• sockring binary
• supd binary
• superd binary
• phpr (need to gather this collection of PHP scripts...)

Some fun CTF news and pictures links:

• Sunday Scoreboard

1. Keep services up at all times. Who cares if someone is stealing your keys?! Service Level is a direct multiplier of all other points.
2. Write sneaky shellcode. Try to do your attack entirely via the connection to the service. Doing connect-back or listener shells can easily be firewalled.
3. Automate attacks. Spend your time developing new attacks, not running old ones.
4. Automate key management. Spend your time stealing new keys, not shuffling old keys.
5. Reflect attacks. If there's an attack on the wire, capture it and use it against the other teams.