Skip to main content
Right of Boom
January 30, 2025

CTF Day 3 Competition – Sponsored by CyberFish

In this video, Bryson, Dave, Duncan, Ahmed, and John discuss the intricacies and challenges of their CTF competition, comparing it to a three-day college binge where the enthusiasm tapers off by the third day. They delve into the technical challenges faced, like scaling issues with bots and server maintenance, while providing hints for unsolved tasks and encouraging participants to embrace the learning process. The team also shares their excitement for upcoming events like the Houston Bsides CTF and expresses gratitude for the support and participation in their efforts to enhance skill levels in cybersecurity.<ul><li>The CTF (Capture The Flag) event faced unexpected challenges due to scale, with almost 300 participants registered, leading to server performance issues.</li><li>Day two winners were announced as the CNWR team, earning $400, adding to their previous day's win of $350.</li><li>The CTF event aimed to provide maximum training value, challenging participants to solve complex tasks and enhance their cybersecurity skills.</li></ul>

Guests

Andrew Morgan

Video Transcript

All right. Welcome everybody back for D final day, day three, and we've got the crew here, Bryson, Dave, Duncan, and Ahmed. Thanks. Uh, thanks so much for tuning in with us. You know, um, when I look at the number of people on at this minute, um, it's pretty much gone down a third each day, and kind of, I equate it to, it's like, you know, when you have a drinking binge and you're in college, it's a three day drinking binge.

You know how like everybody's there day one, the, the morning, day two, you know, it, it gets a little bit tougher. And we're on day three right now. Not that any of you know or remember what that's like, right. What day. Never Dave. Right. What day is it? They all blur together. Exactly. Um, but, uh, so let, I'm gonna turn to Bryon. Just real quick to summarize, yesterday it looked man like, oh, there's John, I've been looking for you. It's John Hammond on.

And, uh, you know, Bryson looked like a, again, this is way beyond my pay grade watching what everybody's doing out there, but it man did not look easy. And relative to the Cybercom, man, you guys have put all different spin on it this time. Fair? Yeah. Yeah, definitely. Uh, it, it ended up being, uh, even more challenging than I thought it would be. Um, we, we ended up, as the day went on, kind of dialed back some of the difficulty, I think some of the issues we had was just a matter of scale.

Uh, we, we've got almost 300 people registered for the, the CTF itself right now. Wow. And that, uh, uh, we were all, all, this was based on an IRC bot that, you know, some real bad actors are using, but I don't think they really planned for this type of scale for the, for their botnet. So, uh, it, it went a little, little crazy. Um, and, and I did end up making a few things a little bit more obvious.

Uh, after about two or three hours of just a lull where you look at the scoreboard, it's just a flat line where nobody got anything. Uh, the bots were looking for very specific things for users to look this very specific way. And there was one special bot, uh, when, if, if you, if you looked at it, the only difference between it and the other bots was like a single character that kind of made it stand out. I, I thought it was obvious, but I guess it wasn't.

So I ended up making it more obvious and made it a little more responsive just because we had like, so many more people involved than I, than I originally thought we would.

And, and after that, the flood gates opened and it was, it was, uh, I ended up having to remember how to do some system admin stuff to just keep the server up and, uh, deal with performance issues from all these people, launching all these reverse shells and buying shells and, um, and, and just, uh, bringing Apache down, uh, I think most of the afternoon, just, just keeping this server up and running and, and killing bots and restarting them because the bot code, it's, it's not super efficient.

Uh, it does end up spawning a lot of different threads and leaving them open and, and, uh, it was, it was, it was pretty crazy. There's, there's still a couple of challenges that haven't been solved yet, so if there's a winner, it's me because I, I beat you guys. So, uh, there's, there's one of the crack means that nobody's solved yet. Um, and, and then there's one that, uh, I don't think anybody's even really found where it was. So, uh, I, I did promise to give a little bit of a hint.

Uh, there is a video that I shared and I shared it in a couple of places. And if you, you may have found a copy of the video on the server, uh, what I'd recommend is find the different places that video has been shared and one of those is gonna look different. Uh, uh, very different. Um, well, it's, I I wanna specify the diff in different, uh, the, the video itself will look the same, but the file itself will be different.

So figure out how the file's different and, and then one more bit of clue once you get the relevant data from that, um, uh, think about true print. So I guess those are, those are my two clues. There's, there's a different video and true, and, and I will tell you that the video that you found on the server is not the right video. So if you spend all your time working on that, then you, you're just going down the rabbit hole and going the wrong way.

So I hope that will give somebody a chance to, to figure that one out before we, we finally get to the end tomorrow. Good. Good. Dave, I saw you shaking your head and did you wanna say any, anything there? Not, no, No. Just, just agreeing. It was, it was a good challenge. And, and, and yeah, the, the couple that I'm, I'm still banging my head away at a couple of the ones that aren't solved, so. Okay. Um, yeah, definitely a lot of fun. Looking forward to it. Yeah. Yeah.

Duncan, any thoughts from your side? Um, no, I mean, I hope that the difficulty hasn't turned many people off Because It should be an opportunity to grow and learn and, you know, maybe next time have this as a, as a tool in your kit. Yeah. Um, so ho hopefully that hasn't scared too many people off, just a little bit harder than maybe they were expecting it to be. Fair. Fair.

John, do you see in your competitions, are there times, uh, you know, because you guys play at a pretty high level, not saying no offense to anybody out there, but like, when you're, you know, at a very, like the Defcon thing you just did as an example, are there times people don't finish? Yeah, absolutely. Um, it's funny, I think back to like, uh, one of the cheesy military terms, you know, like e embrace the suck. Like, it's definitely a struggle. It's always, it's always a challenge.

But, uh, I think kind of Bryson, as you said, it's absolutely a win for the CTF organizers and the creators and the hosts because like, our goal is to provide the maximum training value and like, give you the best experience. So if you're, if you're trying hard, if you're putting in as much effort as you can to learn something new, then hey, we succeeded. So that's great. Right, right, right. Got it.

Well, with that, um, Amit, thanks for coming on for day really day, even though it's day three, it's day two for prizes and awards. Um, how are things going before we get into that? How are things going? Are are, are people taking a look at, at Cyber Phish? What are you seeing over the first few days here? Yeah, so, um, yeah, a lot of entering cyber Phish.

Um, a lot of, uh, a few deployments, a lot of, uh, demos that we already scheduled and a lot of people are, are having an interest in what we are doing, understanding the need, talking with us, great atmosphere, great support, everything is great. Okay, fantastic. And, um, yeah, very excited. Excellent. Yeah, very excited.

So it is, uh, almost seven o'clock where you are, so, um, I know I'll, I think we'll see you before we, we can tell everybody on the one o'clock call who won, but why don't you tell everybody out there, uh, who our day two winner is? Yeah. Day two winners, CNWR team as of today. Wow. Wow. Way to go, Jason. Very impressive. And guys, another guy. Yeah. Yeah. Very impressive. 400 bucks time and added to the three 50 from yesterday. So, doing well. And then, yeah, great job. Great job. Awesome.

Well, congrats Jason and team. Um, fantastic job. Um, I was talking to Jason offline and he said, Bryson, he'd like to you to have the overall $500 if he wins the overall challenge. So I, I, that was really kind of you, Jason. Wow. Um, you Know, Um, I'm sure we'll get a chat in here shortly. Okay. So Bryon, let's talk about day three here and, uh, um, what should everybody expect? Okay, so it'll, it'll be live as soon as we're we're done with this call.

Um, if you manage to get, uh, a shell on the server yesterday, you probably found a P cap. Um, and that P cap will, it, it has just a short little conversation between, um, the quirky falcon and one of the bots. And in that he's commanding the bot to send some data back to the server. Now, I've, uh, I will make that P cap available, uh, again, as soon as this is over, there'll be a date link on the CTF D site. That's a CTF dot purchase security.com if you haven't been there yet.

Um, but there'll be a day three link that PCAP will be available. And so the, um, the IP that the bot is supposed to send the data to, that's, that's your target. Uh, there's a little bit of info in that PCAP that might help you figure out how to communicate with that server. Uh, this, this is all, uh, at least for the initial access and, and everything that's a, uh, custom code that Ross from our, uh, the purchase SOC put together. So this isn't a, um, existing CBE of vulnerability.

We can make use of, you're gonna have to figure out what this code that you wrote one does, but what does this, uh, what commands will it accept? And hopefully there's, there's enough in the PCAP to, to get you started to help you kind of understand how it works. Um, as far as scope goes, uh, the IP address that the data was commanded to be sent to, uh, that's, that's your target. That's the only remote, externally accessible IP that's in scope. Uh, if you find anything else on the land though.

So anything else that's got like an internal RSC 1918 ip, uh, that also is in scope, but as far as any, um, publicly available external ips, it's just the one that is the, uh, the target in that command. So the goal is to get route on that final box, uh, if you can find it so you can get into it. Uh, and there'll be some flags you find along the way.

And this one's a little more traditional of getting a, getting access and then working on privilege escalations to get all the way up to Very good. Very, very good. Um, Bryson, uh, by the way, comments from the team there? Anything? Okay. Um, Bryson on another note, and, and, and again, feel free to put this in the, in the Slack channel where everybody is. 'cause again, there's not a lot of people relative on right now, which is absolutely fine.

Um, tell everybody about what you're doing in October with BSides because, um, you were saying offline that you didn't think John Hammond could hang in the CTF. So it was, I thought there was a challenge thrown out there. It's actually in September, so it got a little bit less than a month. September The first, Saturday in September. I think it's the fifth. It's, uh, Houston BSides. Okay. Those of you who aren't familiar with, with BSides, um, it's, it's a, uh, smaller scale conference.

It originally started, uh, I think it was either from DEFCON or Black Hat where a bunch of people couldn't get into one of those. Mm-Hmm. But it was sort of a community organized, but like a, if, if, if any of you're old enough to remember, um, tapes ca set tapes, you know, you had the A side and the B side and there'd be extra stuff on the B side. Uh, that, that's, that's kinda where the, the, the title for BSides come from. So it's a community organized event.

Um, several of people at per are in the planning committee for the Houston BSides, uh, as well as, uh, some other people that a a lot of us at PERC used to work together at a former company. And so the other, well, Dave's, Dave's actually got a cassette tape. I'm, I'm impressed. I'm not sure I can find one. Wow, Dave. Um, yeah. So do You have a 45 there by any chance as well? No, not, not at my desk. I Can run downstairs and get One.

Oh, then you, when you said the B side though, sorry to interrupt Bryson, it made me think of, and, and I'm dating myself, we used to take the, you know, the 30 threes like the Led Zeppelin in the eighties. And remember, I dunno if you remember this Duncan, you're shaking your head, you'd try and spin it in reverse to hear like the, you know, all the devil type, you know, All the my sweet Satan and all that. Yes. There you go. Oh yeah, sorry, basic. Go ahead. Sure.

So, um, yeah, ju just, I was just saying that, uh, a lot of people per involved in the planning of, of Houston b sites this year because, uh, we're we're, you know, trying not to have large groups of people meet in one place. Uh, what, what the, uh, planning team decided to do, rather than hosting a virtual conference is actually just gonna be the CTF.

So the Houston BSides this year, September 5th, is going to be the CTF that, um, myself and hopefully some other people from Percher are gonna be putting together. Uh, as soon as this event is over, we'll, we'll start working on that. I haven't, haven't started yet, so I don't know what to tell you to expect. I've been a little, little busy with the current event, but yeah, Appreciate again what you, Dave and Duncan and, and John and all the folks are, are, are doing to, to make this possible.

I know there's been an immense amount of work behind the scenes. Uh, we had weekly planning calls, so I know I really appreciate everything you did so that we can help everybody out there improve their skills. Um, so that's, that's huge. And Ahmed, again, thank you so much from, uh, the Cyber Fish team supporting it. Again, John, thanks for coming on and giving your level of expertise and insights of this.

Um, so Bryson, you'll keep everybody, uh, informed on when that registration's open in that Slack channel, I'm assuming? Um, yeah, sure. Once, uh, I don't think registration's open yet, but, but once it is, I'll, I'll, uh, I'll share you with that. Sure. Okay, perfect. Alright, well, should we say let the games begin? Bryson? We will, we will end this call and let you queue everything up. Yep. Sounds good. Alright, well, we'll see you guys, uh, tomorrow, by the way, here.

If you don't come that's, that's cool too. We'll let everybody know. But we'll come here back here at 1131 final time and announce day three. Winner and overall winner. Alright. Hey, good luck everybody today. Have an awesome day. See you guys. See you. Have fun. Bye-Bye bye.

Related Videos

CTF Day 3 Competition – Sponsored by CyberFish | Right of Boom