Author Topic: 24 Hour Hack - 99 000'th post  (Read 1997 times)

0 Members and 1 Guest are viewing this topic.

Offline Ice_Dragon

  • I made the 99000'th post
  • /dev/null
  • *
  • Posts: 7
  • Cookies: 3
    • View Profile
24 Hour Hack - 99 000'th post
« on: February 16, 2016, 04:10:50 pm »

Ok, so one of the things i would do back in the day, was run events such as these.

Essentially, a 24 hour hackathon, of a preselected target. The team with the most access at the end of a set 24 hour period wins.

I suggest we do something similar, on a server of our own.

How will it work?
- Depending how many people sign up, will depend on how many teams we have.
- Each team will have a leader, and a deputy leader, preferably in different time zones.
- Each team will have their own IRC channel from which they can communicate.
- On a set date/time, the target is given to each TL and DTL from their respective teams.
- At the end of the 24 hours, each team documents their findings, and also how they did it.
- Forum Staff? Or another group of people can judge each teams performance, and a winning team will emerge.


Why should we get involved?

- It seems that this forum has a lot of new members, who aren't exactly sure on how to get started in the hacking world, this will allow such members, to join teams and take part and learn some basics. The entire purpose of this is to A) Have fun and B) Hopefully learn some new skills.

- That is why at the end of the 24hrs, each team must DOCUMENT their findings, this material can then be made available, and if possible tutorials and guides can be created from actual hacks, rather than just theoretical scenarios.

Is this legal?

- Good question, and the answer for this is a resounding YES.
- The target machine will be created by, well myself and hopefully some other people wanting to get involved. Giving you a completely safe environment to hack away.

This sounds awesome, what will it take to make this happen??

- Participants; teams consisting of roughly 6 people in each.
- Organizers; People to help out with the project, and get things setup and ready.
- Judges; People to vote on the winning team



Please feel free to contribute ideas, post saying you're wanting to join in, as this project really can only take place if there are people willing to take place in it!

Best regards,
Ice_Dragon
« Last Edit: February 16, 2016, 04:22:31 pm by Stackprotector »

Offline khofo

  • EZ's Swashbuckler
  • Knight
  • **
  • Posts: 350
  • Cookies: 25
  • My humor is so black, it could go cotton picking.
    • View Profile
Re: 24 Hour Hack - 99 000'th post
« Reply #1 on: February 16, 2016, 06:26:54 pm »
Well imo that's a good idea, I like it and seems fun.


On the other hand I would like to ask since I am not familiar with this kind of challenge.


- What would be the target ? Is it like getting into a website or a server, finding a certain file on that server or just raping every hole that server may have.
I am not sure how to phrase that actually but more details on the main event would be great
Quote from: #Evilzone
<Spacecow18> priests are bad ppl
<Insanity> Holy crap
Of course God isnt dead. He's out there partying with the Easter Bunny, Santa Clause, Tooth Fairy, and the Man on the moon...
Some of my work: Introduction to Physical Security

Offline Ice_Dragon

  • I made the 99000'th post
  • /dev/null
  • *
  • Posts: 7
  • Cookies: 3
    • View Profile
Re: 24 Hour Hack - 99 000'th post
« Reply #2 on: February 16, 2016, 06:31:30 pm »
Depending how we want to do it, it may just be a case of:

- Here's a VM, we know it's vulnerable because we made it that way. So go hack it.

However, since it would be a good idea to make this beginner friendly, i may think of a way to have tiers of access, or to make things a little easier.

Maybe:

- Host 3 websites all on the one server, attached to three different databases.
- Each website has it's own vulnerabilities, in a different way. SQLi, RFI or whatever.
- Maybe have some protocol vulns on the FTP/SSH server etc.

Working with some of the more experienced people on the site it would be cool if we could create something like this that would benefit the majority of the users involved. Making it so even the new guys can get involved, and learn learn some new skills.

This will be a completely team-based game, no individual users just going off on their own. Communication must be made over IRC with the rest of the team and ensure everyone's involvement.

Again like i say, happy to listen to any suggestions/requests.

Offline Biohazard

  • /dev/null
  • *
  • Posts: 14
  • Cookies: 4
    • View Profile
Re: 24 Hour Hack - 99 000'th post
« Reply #3 on: February 17, 2016, 12:47:39 pm »
Are you thinking about making this a regular event, or just a one off?

Sounds like it would be fun and a good learning experience, depending on your time line would definitely be interested.   

Hope to see some support from the more experienced board members.

Offline Trap_lord

  • /dev/null
  • *
  • Posts: 19
  • Cookies: -20
    • View Profile
Re: 24 Hour Hack - 99 000'th post
« Reply #4 on: February 17, 2016, 09:02:36 pm »
That sounds like an awesome idea, I would definitely participate.

With the VMs (depending on how much space and power your hardware has) you should make a network-like system. You can find router Vms for free online and use them to make interesting configurations with multiple operating systems and virtual servers. I'm sure there are tutorials online that can make the set up much easier and this would provide a more realistic situation for teams (especially beginners).

If this works and enough people join this should definitely be a yearly event.
Can't wait.
This is your life and it's ending one minute at a time - Fight Club(1999)

Offline Sherlock3d

  • /dev/null
  • *
  • Posts: 6
  • Cookies: 0
  • Nada resulta más engañoso que un hecho evidente.
    • View Profile
Re: 24 Hour Hack - 99 000'th post
« Reply #5 on: February 17, 2016, 09:24:58 pm »
It sounds fantastic I really enjoy those types of challanges and I usually play vulnhub machines so I would be proud to take part into your hackaton.
Thank you for taking your time doing the challange and best luck everybody.
Sherlock3d
Lo que sabemos es una gota de agua; lo que ignoramos es el océano.

Offline dimi

  • Serf
  • *
  • Posts: 37
  • Cookies: 2
    • View Profile
Re: 24 Hour Hack - 99 000'th post
« Reply #6 on: February 17, 2016, 10:48:47 pm »
Im interested too. Maybe create different kinds of levels or mix the groups

Offline Kurajber

  • Serf
  • *
  • Posts: 43
  • Cookies: 7
  • Don't Drink and Root
    • View Profile
Re: 24 Hour Hack - 99 000'th post
« Reply #7 on: February 18, 2016, 12:03:51 am »
This could be great. Call if you need any help, I and I'm sure few others would be happy to help if we can.

If I understood correctly, you want to host this?

The only suggestion is to not make it 24 hour hackathon, but some other way. Eg. few hours but with more rounds if needed or something. Most of us have shit to do on workdays and spend weekends drunk and/or drugged so consider that also.
0000010100100000

Offline th3l4st

  • Serf
  • *
  • Posts: 21
  • Cookies: -2
    • View Profile
Re: 24 Hour Hack - 99 000'th post
« Reply #8 on: February 18, 2016, 10:25:24 am »
From a beginner point of view I say that's cool, really! I'm interested so keep a seat for me in case the thing goes on ;)

I also have to say Kurajber is right about the rounds thing, most of us are busy during workdays, me included... Though there's to say that, unless the server is really easy exploitable, I don't think a few hours are enough, at least from my perspective. And I like the thrill of hacking at night (kind of gives that "prohibited" feel).

Can't wait to see how this goes, if this experiment goes the right way it could become a really useful experience for newbies :p
"Privacy is like bacon, it makes everything better." Zoz, DEFCON 22

"Timeo danaos et dona ferentes" Laocoön, Aeneid

Offline Ice_Dragon

  • I made the 99000'th post
  • /dev/null
  • *
  • Posts: 7
  • Cookies: 3
    • View Profile
Re: 24 Hour Hack - 99 000'th post
« Reply #9 on: February 18, 2016, 01:56:56 pm »
Quote
Are you thinking about making this a regular event, or just a one off?

I have hopes it come become a semi-regular thing, changing each time. But lets just start with this one and see how it goes.

Quote
Im interested too. Maybe create different kinds of levels or mix the groups

Different levels are something i'm interested in doing yeah, trying to keep people involved.

Quote
If I understood correctly, you want to host this?

I have a VPS i can put forward for this yeah. It will do for basics.

Quote
With the VMs (depending on how much space and power your hardware has) you should make a network-like system. You can find router Vms for free online and use them to make interesting configurations with multiple operating systems and virtual servers. I'm sure there are tutorials online that can make the set up much easier and this would provide a more realistic situation for teams (especially beginners).

And interesting concept, but still fairly difficult to do with one VM/VPS/Server. If we had access to a hypervisor or something we could create a network.. but probably not for this one, maybe in the future.

The current specs of the server are:

2.4 GHz CPU
4 GB RAM
20 GB SSD

More than what we need for an initial challenge, i can upgrade later if need be etc.

Glad this idea is getting some traction, i'll begin working on the server :)

Anyone who would like to get involved, PM me, or grab me on IRC, we can setup a group to create the tasks etc.

Thanks,
Ice_Dragon

Offline Trap_lord

  • /dev/null
  • *
  • Posts: 19
  • Cookies: -20
    • View Profile
Re: 24 Hour Hack - 99 000'th post
« Reply #10 on: February 18, 2016, 03:46:30 pm »
If this really picks up we should start crowd funding to have nice hardware so we can support a full network. Also do you guys wants this to be only for evilzone users or open for more forums and such?

If you guys want to inlude other forums we can have full teams in no time.
This is your life and it's ending one minute at a time - Fight Club(1999)

Offline dimi

  • Serf
  • *
  • Posts: 37
  • Cookies: 2
    • View Profile
Re: 24 Hour Hack - 99 000'th post
« Reply #11 on: February 18, 2016, 04:14:10 pm »
I have a, for the moment, unused vsphere server. It has a octacore atom processor, very low power usage. Problem is it is attached to my network and since it is a hacking game, i don't want my other computers to be hacked 😃.

So, i'm willingly to let this be used in the future, but some guys must help me setting up the dmz 😃.


Offline Infinital

  • /dev/null
  • *
  • Posts: 6
  • Cookies: 1
    • View Profile
Re: 24 Hour Hack - 99 000'th post
« Reply #12 on: February 18, 2016, 06:30:00 pm »
I have some 10 year old Dell Poweredge servers sitting by my desk not being used. 

Most are dual cpu single core xeons, RAM amounts vary. 

Most are SCSI drives, which the place I got them from took all the drives to be destroyed.  I don't use anything with SCSI drives.  There are two that take Sata drives, which I have plenty that could be used

The nicest one that takes SCSI drives, is a poweredge 2850  (dell service tag 5SBP981)

Dual 3.6 Single Core Xeon (not VT-x CPUs)
8GB Ram  (can take up to 16 if needed)
two network cards
6 drive bays

The one left that takes Sata is

Single 2.13 Dual Core Xeon (VT-x yes)
2GB RAM( can take up to 16 if needed, but would need the RAM back at some point.  The other sata server is at my house for pen-test lab)

I'd be able to put one on a network, but it would by a dynamic IP, but can setup a DDNS it.

However, the setup would likely go away at some point as I am planning to not have this job in 6 months or so.

Upload/Download Rate at the office is only like a 12down/2 up though.
« Last Edit: February 18, 2016, 06:39:04 pm by Infinital »

Offline Trap_lord

  • /dev/null
  • *
  • Posts: 19
  • Cookies: -20
    • View Profile
Re: 24 Hour Hack - 99 000'th post
« Reply #13 on: February 22, 2016, 08:23:14 pm »
So is this still happening?
If someone needs to organize this I can.

You can private message me if you want to host a vulnerable network or if you want to participate.

For participation send your handle and your skill level (beginner, intermediate or advanced). This is to better organize the teams based on skill.

For hosting send your handle, hardware specs and skill level for the server / machine.

I will post the teams and servers once they are all set up and teams are made.
This is your life and it's ending one minute at a time - Fight Club(1999)

Offline Ice_Dragon

  • I made the 99000'th post
  • /dev/null
  • *
  • Posts: 7
  • Cookies: 3
    • View Profile
Re: 24 Hour Hack - 99 000'th post
« Reply #14 on: February 23, 2016, 03:27:14 pm »
So is this still happening?
If someone needs to organize this I can.

You can private message me if you want to host a vulnerable network or if you want to participate.

For participation send your handle and your skill level (beginner, intermediate or advanced). This is to better organize the teams based on skill.

For hosting send your handle, hardware specs and skill level for the server / machine.

I will post the teams and servers once they are all set up and teams are made.

I'm currently working on the server which will ultimately be used in the challenge. As you can probably guess it will take a little while to complete, that as well as i work 50 hour weeks or so doesnt leave me a huge amount of time, but it'll get done.

As for the organisation, i'd rather get that done once we have some solid work done on the server, that way we know exactly what we're going to require.

Cheers
Ice_Dragon