Capture The Flag At Louisville Infosec Conference Details

[arch3angel at gmail.com (Arch Angel)]

Does the person competing have any local access to any of the boxes :-)

Not likely but figured I would ask :-P

Robert

On Wed, Sep 9, 2009 at 1:24 PM, Adrian Crenshaw <irongeek at irongeek.com>wrote:

> As many of you know, I've been busy setting up a hacker war game for the Louisville
> Infosec conference <http://www.louisvilleinfosec.com/> on Oct 8th. The
> Louisville Infosec website has information about the CTF event on their
> site<http://www.louisvilleinfosec.com/index.php?option=com_content&view=article&id=13&Itemid=13>,
> which should be updated shortly. If you would like to compete please email
> the Conference Chair <chair at louisvilleinfosec.com>. If you use the code
> "irongeek" you get $20 off the admission fee for the conference. I believe
> the time frame is 9am to 3:30pm, but the position of the event should allow
> you to watch the keynotes, eat the included lunch and still, compete.
>
> What are the prizes?
>
> First prize is a Wi-Spy 2.4x Wireless Scanner!
> The second prize is a WD 320GB USB Hard Drive
> Third Prize is a Pico Mini USB 4GB (small enough to carry in your wallet)
>
> Scenario (subject to some change):
>
> The admins try to run their network as a tight ship, but you have been
> brought in to do a pentest. You know the admins have a Truecrypt volume out
> there with Personally Identifiable Information (PII). Your goal is to find
> it, and decrypt its contents till you get a list of names and Social
> Security Numbers. Little hints will be given via a comment wall on one of
> the web servers. To win points bring proof to the judge that the particular
> flag task has be completed.These are the "flags", and their point values:
>
> 0. Attach to the Wireless network (hint:CTF is in the name) and show the
> judge how you got the SSID. 15 points
> (Name will be given if you can't find it, but you won't be able to get
> points for it.)
> 1. Find the IP of the of the Windows box named WinCTF owned by IronGCorp,
> and list 3 or more open ports. 5 points
> 2. Find the IP of the x86 based Linux box ran by IronGCorp, and list 3 or
> more open ports. 5 points
> 3. What box are the admins running their Intranet site on, and what is the
> web server type/version? 5 point
> 4. What is the Windows box's (WinCTF) Administrator password? 10 points
> 5. What is the x86 Linux box's Root password? 5 points
> 6. Copy PII.tc (a true crypt volume) to your box. 10 points
> 7. Password to the PII.tc file. 10 points
> 8. Password to a non x86 based Linux box. 10 points
> 9. Password to a 7zip archive. 10 points
> 10 The decrypted PII.csv file. 25 points
>
> Highest point score at the end of the game wins. If two contestants have
> the same points at the end of the game, the first to accumulate their point
> total wins. Obviously, if you play as part of a team you have to figure out
> amongst yourselves how to split the prize. The winner will get up on stage
> and explain what he did when he picks up his prize.
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090909/3716f78e/attachment.htm