Monday, July 29, 2013

Cyberlympics 2013 Round 2 summary and results

Cyberlympics Round 2 is now over :). I think it was a bit less fun than last year, but it was also better this way cause it was more realistic.

European Round 2 results were:

1. SectorC – Netherlands
2. Hack.ERS – Netherlands
3. gula.sh – Hungary
4. nanosloopers - United Kingdom
5. Pruts.ERS – Netherlands
6. PRAUDITORS – Hungary

Congrats to all teams, again, especially to PRAUDITORS! We have 2 Hungarian teams in round 3! :)

I was willing to make a nice write-up this time as well, but since we only saw our current points and made fixes in parallel, sometimes it was not possible to figure out what gave us points and what didn't.

We had one Windows 2003 and a Fedora 16 box and we had to harden those after signing in with the CyberNEXS client.

For the Windows 2003, what we did:

  • Setting password policy
  • Setting audit policy
  • Installing Windows updates
  • Killing listening processes
  • Stopping unnecessary services
  • Getting rid of suspicious programs, like:
    • PHP-shell (http://mgeisler.net/php-shell/): C:\Inetpub\wwwroot\iis\index.php
    • Best Free Keylogger: C:\Program Files\Common Files\Services\Windows Updater\wusched.exe
    • netcat, pwdump:  C:\WINDOWS\dll.zip
    • Netcat:  C:\Inetpub\wwwroot\images\letmein.exe and C:\Documents and Settings\Administrator\Local Settings\Temp\1.exe
    • ??? (we don't know what was it, but looked suspicious):  C:\Documents and Settings\Administrator\Local Settings\Temp\2.exe
    • MSIZAP (not sure) : C:\msizap.exe
    • ProRAT (not sure): C:\Program Files\Mozilla Firefox\firefox.exe

For the Fedora 16:
  • Changing root and toor user password
  • Removing backdoor user (username was bd, or something like that)
  • iptables rules
  • sshd settings
  • sysctl.conf settings
  • rsyslog settings
  • samba settings
  • Disabling vsftp, anonymous ftp, stopping the services
  • Stopping 3rd party irc service (/opt/Unreal3.2, possibly backdoor) and deleting it
  • Removing netcat bakcdoor from rc
  • Disabling telnet 
  • Disabling sudoers nopasswd
  • Setting up a groub password
  • Fixing /etc/shadow* files' world readable/writeable rights
  • Full system upgrade

End results were: 19/20 for WIN2003 and 9/11 for Fedora, so it was quite good. :)

I think I am not telling big news, but every team we have talked tried to reverse engineer some way the CyberNEXS client too :) I guess it's just a normal way of thinking in a hacking competition ;)

No comments :

Post a Comment