security competition

[ameshockey]

Hello,

I am at a college and every year we do security competitions to learn/have fun. My college just started bringing in high school kids as a "career advantage" so they can get college credit and if they go to my college they get first year classes out of the way. While i starting a set up for my security competition they happen to be in the same room and now they wish to do one where "hackers" attack there network.The teacher liked the idea and now we are setting them up for it as well. I was asked to be part of the "hackers" side and to help them set up because i had done 3 security competitions against other schools. The only thing about being a "hacker" is that i have not really explored this area much, i just kept my attention on defending my network/computers that i was setting up.I just started exploring some tools on hak5 and i looked at the introduction page to this form. I was wondering if you guys/girls could point me to more places on then on the intro page here or provide scripts(yes i know i will be a "script kitty" person but all i have wrote are basic programs in C++).

Any help would great, Thank you for you're time

[Wetwork]

what exactly are you looking for?

[ameshockey]

I am looking for tools/scripts, or at least a website to help.

[Wetwork]

as the hacker what is the goal here? This will dictate what direction we can advise you to research. Every hacker/penetration tester has a goal in mind for what they want to achieve

Is it just to break into the opposing teams system to download file x from server y? Is it to get a list of IP addresses or names of systems? is it to deface or change content on an existing web page? is it to get a list of user names and passwords for the defenders systems?

an outline of overall goals would be helpful

[ameshockey]

sorry,

The goal is to get the user names and passwords, it take flag files off there computer, and at the end just crash the system or cause as many issues as possible.

[Wetwork]

do you have physical access to the systems or is it over a network?

is there any type of IDS or firewalls that would prevent access?

[Wetwork]

sorry for all the questions but its the best way to advise you for where to start

if you have physical access to the systems check out the hacksaw USB hacks here in the fourms all you would need is a USB drive and a little creativity

[ameshockey]

No, i dont mind the questions it is stuff you need to know, firewall and IDS is up to the team. I am assuming that they will use a firewall(it must be a free firewall so i would assume smoothwall,etc) over a IDS because they are in high school and my have never heard or used IDS. feel free to ask other questions.

[ameshockey]

I dont believe we will have physical access to the computer(we are working out the rules still) i am basing this off of what we have decided to do so far.

[Wetwork]

my suggestion is to cheat! the eaisest way would be get phyiscal access to the box and use the usb hacksaw that will dump the SAM files to a remote access terminal and that way you can get all the user names and hashes for passwords from there its cake to get the password files and thereby win the comp

hackers circumvent the rules for whatever works to attain the goals

[digininja]

I was wondering if you guys/girls could point me to more places on then on the intro page here or provide scripts(yes i know i will be a "script kitty" person but all i have wrote are basic programs in C++).

Sorry to butt in but I have to point out that it is kiddy, not kitty. Kerby is the script kitty!

[VaKo]

Lie, Cheat, Steal, Bribe & Threaten. There is more to hacking than computers.

[Wetwork]

your ability as a social engineer is one of the best tools in a hackers toolkit. Find out who a member of the opposing team is and bribe him with sex, chocolates and pantyhose to do whatever you need to do to win!