Old Security / hacking challenges revived. Integrated with wechall.net

h57xiucj2z946q

Seems to be back online now.

h57xiucj2z946q

syklops wrote: »

The Honeyn3t challenges finished up about a week ago. I reckon a lot of people will get to these but are enjoying some Away-from-screen time. Come the end of the Honeyn3t CTF I had stopped working, stopped housework, etc. Still didnt make the top 10 though . Still apparently, no one person solved all the challenges. Thats some consolation.

I've done a lot of these before, but Id like to do them again to get me / keep me sharp. I also think I need to improve my traffic analysis skills.

I had applied to enter that, but I never got invite accepted. I think there was a large number of people playing.

This one is up next:
http://ctftime.org/event/list/upcoming
http://Hack.lu


I played CSAW 2013 with WeChall.net guys, was good fun: https://ctf.isis.poly.edu/

trout

Site's back up ... I'm going to crack on.

I'm on SC7 ... which should be simple enough

generate WEP key to decrypt packet capture.

Using airdecap-ng and the WEP key, I can decrypt the CAP file ... and see the traffic in the clear. For the life of me, I cannot figure out where the credentials are entered, or what values are used.

It must be simpler than reading 5000 packets?

h57xiucj2z946q

trout wrote: »

Site's back up ... I'm going to crack on.

I'm on SC7 ... which should be simple enough

generate WEP key to decrypt packet capture.

Using airdecap-ng and the WEP key, I can decrypt the CAP file ... and see the traffic in the clear. For the life of me, I cannot figure out where the credentials are entered, or what values are used.

It must be simpler than reading 5000 packets?

As far as I remember with this one, you only need to worry about http traffic. You should be able to filter with wireshark after you decrypted with airdecap-ng.

Khannie

How much time are you putting into these, folks? (let's say on average, per challenge)

I'd like to do some, but I'm squeezed for time.

trout

In lapsed time, I'd say between an hour & two hours for most of the challenges ... but I'm slower than mass

For stuff that's new to me, like

shellcode

... there's a learning curve, but the hints come quick & fast, and I'm really enjoying this.

h57xiucj2z946q

Khannie wrote: »

How much time are you putting into these, folks? (let's say on average, per challenge)

I'd like to do some, but I'm squeezed for time.

It all depends on experience really for a given area. As they are only "challenges", sometimes the idea of finding a key can be head-wrecking, especially if its not a real life scenario! (as you can see from trout's previous posts).

h57xiucj2z946q

Just bumping this. These are still online if any new comers wants to give them ago.

http://damienoreilly.org/ctf

trout

Damn you Damo!

*shakes fist*

I had forgotten all about this ... now I'll HAVE to finish them

syklops

trout wrote: »

Damn you Damo!

*shakes fist*

I had forgotten all about this ... now I'll HAVE to finish them

I was thinking the same. Why am I not in the hall of fame despite having done many of these already? Least I wont be bored this weekend(like there was any risk!).

h57xiucj2z946q

syklops wrote: »

I was thinking the same. Why am I not in the hall of fame despite having done many of these already? Least I wont be bored this weekend(like there was any risk!).

Oh I had reset the score board when I merged the web app challenges with the IRISSCON challenges and moved the scoreboard to different host, and integrated with wechall.net!.

syklops

yore.ma isnt working for the ssid in challenge 7. Is that a coincidence, or are you being sneaky?

Edit: Ok, tried it with a different ssid and it doesnt work with that either. Nevermind.

h57xiucj2z946q

syklops wrote: »

yore.ma isnt working for the ssid in challenge 7. Is that a coincidence, or are you being sneaky?

Edit: Ok, tried it with a different ssid and it doesnt work with that either. Nevermind.

Hmm it should work. Try

http://www.bacik.ie/eircomwep/