UPDATE: The source repository for all this code is hosted here: https://github.com/antitree/bsidesroc2017ctf Check out the previous 1, 2, 3 and 4 for the other CTF challenges. Rebound Attack I admit this this was the most complex one which is why it was worth 500. The idea is I want you to exploit yourself in very specific ways. This is adapting a research project from years ago where I fingerprint people based on the DNS requets they make. Here’s how it works:
Check out the previous 1, 2, and 3 for the other CTF challenges. Hop Till You Drop The original plan for this one was to show how you can setup an exit node to allow single hop circuits – in other words, you don’t create a full 3 hop circuit on tor but just use the exit node as the one and only proxy. This is normally banned unless you allow it both at the exit and on the client.
This is a continuation of the previous posts talking about BSidesROC onion related CTF challenges. Port of Onion (PoO) I don’t think anyone got this one mostly because I think they were expecting that it was going to take too long. Here’s the clue: Sail with me on a 3 hour cruise A storm hits us hard but we must not lose Take any port in a storm Just to get some place warm There's only one there; which do you choose? bsidesrocxehooxr.onion Most picked up that my terrible poem was to try and guess which port the service was running on. I thought this would be an interesting challenge to either try to adapt a port scanner to use a socks proxy or script it. I think people assumed that they’d have to scan 65535 ports but it was hosted on port 1080/TCP which is above 1024 I know but I was hoping that it would be a common port that a scanner would hit.
This is a continuation of the previous post talking about BSidesROC onion related CTF challenges. Double Ontonion One team figured this one out. The point of this challenge is to exemplify a common problem with onion services. Basically, if you don’t configure the web server correctly, there are cases where an onion service might leak additional information about the host. For example, if you were hosting an onion web service on the same server as another web service, you could sometimes replace the Host header with something like “localhost” and have crushing results.
Now that BSidesROC is over and the CTF is closed, I can share some of the details about the Onions CTF category that I made. I think the feedback was that a lot of the challenges were too hard or they were straight-forward but they took too long to do. Setup Each of the services in the Onions category contained a vanity BSidesROC onion address. This was thanks to my friend who threw some GPU cycles at generating keys for services that either start with or end with “bsidesroc”.
Our little hacker conference that usually draws about 400 people is happening again on 4-21 and 4-22. If you want the song and dance about all the things we have planned, you can check out the website. I want to cover all the internal changes. Volunteers We’re getting old. What can I tell you. The longer you run something like BSidesROC (and Interlock and 2600 for that matter) the more likely your core people are going to have different priorities and interests. I think that if any organization wants to keep itself going, it should plan to phase out its core organizers. I’ve always had this plan for Interlock Rochester and for BSidesROC. This year we can really see those changes. People aren’t able to put in the time they once were able to and BSidesROC isn’t a priority. And that’s ok. Others pick up the slacki and I actually think this year is been running the smoothest… dare I say… ever.
I’ve made a scalable way of building a fully private functioning tor network using Docker. Why give any back story, if it’s useful to you, then here you go: Source: https://github.com/antitree/private-tor-network Docker Hub: https://hub.docker.com/r/antitree/private-tor/ Setup All you really need to do is clone the git repo, build the image (or download from Docker Hub) and then spin up a network to your liking. What’s nice about this is you can use the docker-compose scale command to build any size network that you want. Eventually, when in the next version of Docker you’ll be able to scale across multiple hosting providers. But the current RC is too sketchy to invest any time in.
It’s another year of BSidesROC, a local hacker con that we put together. Our sixth year actually. Not everyone really cares about how BSidesROC has changed over the years but it’s hard not to at least mention them for posterity and laugh at our failures. I think that BSidesROC has evolved with the times or at least updated their memes. Year one was all about the memes and just messing around and to be honest, we didn’t care if anyone even showed up. We were going to have fun and hang out whether people attended. Today, here we are with a big group of organizers, 3 tracks of presentations, and hopefully even a keynote. We’ve gone from un-conference to regular conference and I think that’s OK. It’s what people told us they wanted.
This post on hackernews got my attention. It’s a IoT based visualization showing your activities and health metrics. It’s very flashy and interesting looking, like you’re going to see it in an episode of CSI Cyber. The term “actionable” I’ve usually applied to government types discussing the latest threat intel but we can also take it to apply with our visualizations. Actionable visualizations, should provides the viewer with brand new information that could not have been easily concluded before. This was a common problem with threat intel practices in years past. You would collect tons and tons of information and render it into a beautiful graph and then look at it and go, “Yup, there’s a graph of all the stuff I already knew.”
I don’t remember the exact conversation, but Jason Ross inspired me to buy DRWND.com, as in Drone + PWND = DRWND. I’ve owned it for a bit waiting for some specific data so that I could use it as an informational site about DRWN attacks. As IANA web developer, this has been interesting and terrible but simple enough to share. www.drwnd.com I won’t assume the site makes any sense right now so I can summarize it like this: