i-Hack 2010

18 out of 27. Fantastic achievement. LOL.

Represent UTP with the name of d0t, here come m0d0 (me), wadefak and zeff. We participated in Hacking & Defence categ. So, from the close source, this hacking & defence is totally different from previous H&D. This time, each team have a server where they need to defend it (prevent from attackers to get the flag) and at the same it, the need to attack other servers (get others flag) in order to get the point.

The whole system was based on topup system. Where to gain something, u need to buy. Initially, we have Y (yen)3000 to start with. 1st thing we bought was user password in our server in order to start daemons.

We have 3 daemons :
backdoor
echo
apache2

All daemons must be running while the scoreboard will check the service. Point will be deduct if the daemon is down. To make it short, in our server, we have jobberbase as a webpage. There is a flaw, which is in the upload section for applying jobs. Race condition.Google "php race condition".

However, we did try something about it but we did not aware of the race condition flaw. As matter of fact, most of the team did not aware of it. Exception to darkc0de,w0nderpets. Maybe?

Stegno was very effing hard. Kot? Hahaha. But, several guys manage find a way to solve it, and maybe miss two or 3 steps. Kudos to them.

Anyway, it was a very good competition. Fair enough to the committee, I guess. Just, we when ask something, they will reply "Jap eh, nak tanye org dulu". Y lar dat thing happen. I will happily to interact with the "org" directly. Just like previous i-Hack where all team were place in one big cold hall, and straight away we can see the sifus (SCAN) yang buat soalan.

As a team members, I will partially take the blame on the fall of the UTP legacy (lol). So, I did realize my mistake where I did not directly engage with the organizer after there were numerous time of our box is down. Kene attack ke? I don't think so.

Ni silap die, bile box tu down, on my behalf, aku x straight away put my hands up high in the air and asking them about the box (reboot ke..) . Yet, for the last 3 hours, I remain calm as buaya in the sungai waiting for food because lapar kaw2.

------------------------------------------------------------------------------------------------
As for the committee, I believe, there are significant things that you can learn from it. Aku rase, kalau taruk sume team dalam hall lagi better kot. Comfortable. Anyway, hacking and defense. LOL.

2nd, i believe, previous ihack ade buat name tag dekat participant punye card. apsal xtaruk dah? isk. kang sonot ade name situ. xde la tulis participant je. tulis la n00bies ke ape ke.

3rd, my teammate, teng aka wadefak, have serious problem with his connection. Switch problem ke, cable problem ke. This things happen byk kali throughout the fasting 12 hours. Kerepek sedap.xpe dimaafkan.

4th, 12 hours is too long la bang. sakit kepale den don tenung lappy tu. previous buat 2 days, sronok kot. maybe defcon macam tu. xtau la. tapi, if 2 days best sikit kot?
-------------------------------------------------------------------------------------------------
Conclusion, good event. Matlamat korang utk event maybe tercapai, maybe x, who cares. We as the participants, enjoy it. Good job.

For UTP team, GG :P

*stegno susah wei. (sebab n00b)
**mase mule2 ade network, sume pasang backtrack. haha. pakai ke backtrack tu for the H&D? tapi sounds bt cool lah. sebab ramai2 boot :P

Adios

Posted in: i-hack