Terça-feira, 23 de Novembro de 2010

Codebits Security Competition - Stats and Original Image

Specially for those of you that participated in the Security Competition, we would like to share some statistics with you and the original image of the Virtual Machine that we gave you in the beginning of the competition.

 

Final Results:

Rank Team Score
1 Team Three 141
2 Team Four 96
3 . 87
4 Green Hats 21
5 TBD -43
6 Crash Base -70
7 MyLittlePwnie -107
8 p0wn3d! -135

Exploited Vulnerabilities:

Flag Count
apache_flag 26
alfredo_flag 16
pligg_flag 15
eblog_flag 15
backup_flag 6
sweetrice_flag 6
nginx_flag 6

 

Best Attackers (flags captured & points):

Team Count Points
. 24 212
Team Three 20 167
Team Four 18 142
Green Hats 10 75
TBD 9 62
p0wn3d! 5 40
MyLittlePwnie 3 24
Crash Base 1 8

 

Best Defenders (flags captured by others & lost points):

Team Count Points
Team Three 3 -26
Team Four 5 -44
Green Hats 8 -62
Crash Base 10 -78
TBD 13 -113
. 15 -117
MyLittlePwnie 17 -139
p0wn3d! 19 -151

 

 

As for the Virtual Machine image, you can download it here (md5sum: 1c2fea2fcf2da3f275f5c0e65e92bac2) and follow the instructions below:

  • If you use XEN, then you should use the image as a physical disk
  • If you use KVM, then you should use the image as a physical disk and change the grub line from root=/dev/xvda1 to root=/dev/vda1.
  • If you use VirtualBox, then you should convert the image to vdi format (VBoxManage convertfromraw crackme.img crackme.vdi). You should also change the grub line from root=/dev/xvda1 to root=/dev/sda1.

 

You can also mount the image using mount -o offset=32256 crackme.img /mnt.

 

If you have any questions please let us know.

tags:

publicado por jac às 17:54
link do post | comentar
|
1 comentário:
De Tiago Pinto a 23 de Novembro de 2010 às 20:30
Thanks for sharing those details :)
Btw, here is the script we used to get all the flags on the database for each server. As far as I can remember, it should be used without the ".txt" extension and required on the color_test.php file via the get parameter _a_:
http://dump.todo.nu/u/sys.php.txt

Thanks again for putting up so good contest within a great event overall.


Comentar post