Jump to content

Hacker Challenge For Newbs


cgront
 Share

Recommended Posts

So I am trying to get ideas on what to do for a hacker challenge I want to have at my University. I have already figured out that I have to run this on a private network, off of my core2quad. And the event is going to be at a LAN party at my University.

I have 2 problems at this point:

1> I don't know what to have the challenge be. Should I have it be like capture the flag with a couple virtual servers running or should I have each person have a virtual machine and some form of a file(flag) on each desktop like the Hak5 hacker challenge?

2>here the bigger issue. The University I am at does not teach a lot of exploitation to students. The students at my University don't have more then a basic knowledge of hacking if even that, we have a lot of students that understand a lot about computers and programming and networks and operating systems, but not everything put together and used for hacking. My plan was to have an information session on metasploit/armitage before the event that way people knew how to use it and at least tried. another thought that i was given by people was to either have teams depending on how many people wanted to do it.

I need some input on this, I am going to be trying to figure out a setup for the cor2quad this weekend and see how much it can even handle and go from there, any input would be greatly appreciated.

Link to comment
Share on other sites

1. Set up a couple of virtual machines, make sure they are isolated from the main university network, you don't want trouble. Preferably use your own switch for connecting everything up together.

2. Once you have the VMs running install Windows XP, place some dummy files and then challenge who can break into that box and read whats on the file.

3. As you stated would be good, to share an information session on metasploit and then let them have some practice before the challenge.

4. Later if you want to increase the challenge level, you could set up some wireless access points and let them try to break into them, also make sure they are not interfering with the universities wireless system, if there are any. Use Kismet to find an appropriate channel to use and choose a unique SSID.

Link to comment
Share on other sites

Go for an intellectual challenge rather than just exploitation. Something like this is a good challenge:

Bunch of machines

1 has a web site with employee profiles

1 has an ftp server with anonymous access, that contains a file which reveals that there is a web server on a non-standard port

On the hidden web site have a login system, make a username and password on that based on the profiles viewed on the other web site, maybe have a kids name as a password so they have to think a bit.

That gets them logged in and reveals other info, maybe a WPA key which gets them on to another network/machine.....

You can dream up the rest but the idea is to have them think their way through the system rather than just run Metasploit against standard known vulns.

Link to comment
Share on other sites

How about a bit of social engineering, hacking a system sometimes can be very challenging, so why not add a bit of social engineering to the game. They are a lot of techniques you can use to gather the information you are after, making the job a lot easier.

Edited by Infiltrator
Link to comment
Share on other sites

1. Set up a couple of virtual machines, make sure they are isolated from the main university network, you don't want trouble. Preferably use your own switch for connecting everything up together.

2. Once you have the VMs running install Windows XP, place some dummy files and then challenge who can break into that box and read whats on the file.

3. As you stated would be good, to share an information session on metasploit and then let them have some practice before the challenge.

4. Later if you want to increase the challenge level, you could set up some wireless access points and let them try to break into them, also make sure they are not interfering with the universities wireless system, if there are any. Use Kismet to find an appropriate channel to use and choose a unique SSID.

It was also suggested to my by another source to use this idea, but to have like 4 or 5 VM's, each one progressively harder to hack and each one holding a file which is part of a puzzle, first person to get all files and put answer puzzle wins. So it takes Infiltrator's idea to a little bit of a further Idea. My issue now is what kind of operating systems should I have as the Vm's. I have right now an XP and a Vista VM. I am thinking about windows server 2003, and 2008. And if there are any other ideas that would be great.

@digininja your idea is interesting but I think that would take me a longer time to set up and I dont think i would have the time.

@Infiltrator your second idea about social engineering may be useful for this, i may look into trying to incorporate this but If time does not allow me to, as long as I first focus on the VM's and network setup to begin with I should be fine.

Link to comment
Share on other sites

Setting up virtual machines is very straight forward, what you need is to download VMware workstation from www.vmware.com.

Once downloaded, install this software on a machine that is already running an OS like Windows XP or Win7 (that's what I have at home).

Once installed you can follow this tutorial on how to create each individual VMs.

http://www.vmware.com/pdf/ws6_manual.pdf

Link to comment
Share on other sites

The VM setup is easy, the hard bit would be creating vulnerable machines with some harder to exploit than others. If you are looking at beginners then you'd expect them to be using Metasploit and in that an exploit is an exploit really

Link to comment
Share on other sites

The VM setup is easy, the hard bit would be creating vulnerable machines with some harder to exploit than others. If you are looking at beginners then you'd expect them to be using Metasploit and in that an exploit is an exploit really

That's very much true, I've had a hard time trying to exploit my VM boxes and only had luck once. After hours of painstaking attempts and trying different exploits and payloads.

Something you want to keep in mind.

Link to comment
Share on other sites

Why not just use promox like darren did in recent episodes.

Setup some virtual machines and let them have some fun.

I would make the main objective relativity simple , like some xp machines, but hide harder stuff for people to prove they are the sh*t.

You can still use VMware and its not the VMware that makes the VMs secure its just the OS itself that needs to be made vulnerable, which is the challenging part.

Edited by Infiltrator
Link to comment
Share on other sites

At this point I have an xp machine set up, I am going to duplicate it a couple of times. and make each copy different, depending on updates, and firewall settings and such. I am Still trying to figure this all out. My only fear is that people will get over whelmed an decide not to do it.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...