[EN] NDH 2010 : Results!
Second NDH for me and it got even better than last year! Kudos to Sysdream, HZV, the organizers and all the people who made this event be possible.
We arrived at the NDH boat around 15PM and starting to talk, drink beers and meeting people we only knew virtually on IRC. It was pretty awesome, we were surprised at how each others looks like but a it was pleasant surprise anyway.
Around 16PM, people started to queue up to enter the boat, we were greeted with 5 tickets for sandwiches or drinks (beeers! :) ). And a pass depending on wheter you were a speaker, a guest or a challenger.
Guest badge
Challenger badge
If I have two badges, it’s because of the CTF … more on that a little bit later.
I saw most of the conferences I was interested in in streaming so it was pretty much more like a huge bar with friends :) . The talks were pretty much of good quality.
GeoHot talk was awesome, I was impressed by the “coolness” of the guy … I mean, taking time to answer questions (even dumb ones), take pictures with the ones who want it and talk after the conference.
I wasn’t prepared at all for the CTF as I didn’t really intended to participate (and I was smoking dead and tired ><) but due to circonstances I had to replace a friend of ours in Beerware team. So I grabbed a Challenger Badge at the last minute ;). The challenge was pretty much frustrating since as soon as a challenge is validated, no more teams can validate it. So we found some loophole and solutions but submitted them after the firsts so we couldn’t validate some of the challenges. Most of the challenges we saw were Web Based with some customs servers written (in Python and C). The C server had a buffer overflow in it. Did some reversing, steganography, forensics, crypto and others stuffs as well. During the whole challenge there were DOS, I was disconnected every 5-10 minutes.
We had quite some opened ports :
- Windows 2003 Server VM
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Nmap scan report for 192.168.3.x2
Host is up (0.00099s latency).
Not shown: 984 closed ports
PORT STATE SERVICE
25/tcp open smtp
80/tcp open http
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
1027/tcp open IIS
1028/tcp open unknown
1029/tcp open ms-lsa
3306/tcp open mysql
3389/tcp open ms-term-serv
6666/tcp open irc
8080/tcp open http-proxy
12345/tcp open netbus
31337/tcp open Elite
Device type: general purpose
Running: Microsoft Windows 2003
OS details: Microsoft Windows Server 2003 SP1 or SP2, Microsoft Windows Server 2003 SP2
Network Distance: 1 hop
Debian (Lenny) Linux VM :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Nmap scan report for 192.168.3.73
Host is up (0.00097s latency).
Not shown: 988 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
82/tcp open xfer
113/tcp open auth
1234/tcp open hotline
2000/tcp filtered cisco-sccp
6666/tcp open irc
8080/tcp open http-proxy
8081/tcp open blackice-icecap
8083/tcp open unknown
8084/tcp open unknown
8090/tcp open unknown
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.15 - 2.6.27
Network Distance: 1 hop
There were also some management servers I found while sweeping the sub-network (didn’t have any rights to touch them or ban from the CTF) :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
Nmap scan report for dashboard.ndh2010.com (192.168.3.160)
Host is up (0.00053s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.15 - 2.6.27
Network Distance: 1 hop
Nmap scan report for 192.168.3.161
Host is up (0.00055s latency).
Not shown: 994 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
902/tcp open iss-realsecure
8009/tcp open ajp13
8222/tcp open unknown
8333/tcp open unknown
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.18 - 2.6.27
Network Distance: 1 hop
Nmap scan report for 192.168.3.162
Host is up (0.00059s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
3306/tcp open mysql
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.15 - 2.6.27
Network Distance: 1 hop
Nmap scan report for pfsense-1.ndh2010.com (192.168.3.254)
Host is up (0.00074s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
443/tcp open https
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING) : Linux 2.6.X (91%)
Aggressive OS guesses: Linux 2.6.29 (91%)
No exact OS matches for host (test conditions non-ideal).
I didn’t keep the other scans though.
We were quite lucky on this one, we avoided the first massive wave of DDOS. We got DOS during the whole challenge and particularly at the end (-6000 points in 5 minutes at some point), it got us downgraded from 1st to 2nd. Bye bye miami :(.
So the mid-results (was aroung 5:55AM) :
The CTF stopped at 6:45AM.
Final results : 1st : WWFamous 2nd: Beerware 3rd : Kowalski
We then received our prizes :
Our cup
The CTF participation certificate :
And our prize (ECSP - EC-Council Certified Secure Programmer formation) :
By the way, due to time limitation, I couldn’t talk about my analysis on Orange HADOPI Software v1. I will post my slides tonight as soon as I come back to my place ;).
Overall the NDH 2010 was pretty successful and enjoyable :) . See you next year I hope.
Cheers,
m_101
For French speakers : I will post a French version as soon as I can.