Experiences are valuable assets that we gain in our life. Some are very rare and memorable like one that I have gained while participating in InCTF. Without saying what is InCTF, I don’t think there is any meaning in continuing with this post. InCTF is a national level Capture the Flag ethical hacking competition organised by Amrita university and TIFAC CORE which is conducted every year during the month of Feb and Mar. The contest mostly span three months and are conducted in three rounds. A team should consist of minimum of 2 and maximum of 5 members in it. It is really important that you have 5 members in your team. The main aim of the contest is to create awareness among the students about cyber security.
Participation in Hacking contests becomes more fun when your teammates are masters in it. I am very proud to say about my teammates Anand,Savio,Sujeesh and Javad(team leader) who are really awesome in there own area. Our team’s master mind Javad was a real inspiration. His experience in InCTF 2010 which he shared with us was really helpful.
Now let me move to technical side of the contest. This will be useful for all those who wish to participate in any Hacking contests that will mostly follow the CTF(capture the flag) style.
The round 1 is learning round, this is very important for those people who have not participated in any of the hacking competitions, I recommend the beginner to be well ahead in this round. Tasks given in this round were mostly from Linux, networking, PHP & mysql etc, tasks are mostly in the form of questions. They also give us tasks, on completion, we got an awareness about cyber security. We had to make a pdf document with answers to all the question that they have asked. Make sure that it is done in the correct manner, because your performance in this round will be considered for the final ranking. Try to practice maximum missions on http://www.hackthissite.org, this has helped us in doing well in the 2nd round. We could do all the questions except question on Binary Exploitation.
This was very crucial round, because we had to contest with all the team around India and have to make sure that we are among the top 30 teams. The questions were really tough and if all the tasks in the first round were completed properly then this round should be really easy. We had question from Reverser Engineering, Binary Exploitation and Trivia. Each member in the team has to work on different sections, like in my team I was working on Binary Exploitation. The question where put my Zubin Mitra( on binary exploitation). Only one team among 41 teams could crack the binary exploitation questions that too only 2 from 5. There is a provision to contact the organisers through IRC chat at #InCTF node were we can clear doubts. In Reverser Engineering section we couldn’t solve any of the questions. We had little experience in this area and the standard of the question was really high. Anand and Savio was working on Trivia and Web. They had done a great job. They made our team in 1st position in the ranking list for almost 1 hour. The round lasted 5 hours. The long 5 hours went like seconds and we could secure 10th position amongst the 41 teams.
The real capture the flag begins here and it is important that you know about VPN (Virtual Private Network) and how to set up network connections. All the teams who are participate have to be connected to a Game Server through VPN with a Vulnerable Debian Image installed in there Virtual Machines (Image will be provided). All the connection set up was done by ourselves and I think that if we do it our self we can learn a lot of things like connecting many computers into a network,setting IP and GATEWAY, connecting to a VPN etc.
The requirements are
You should have 6 computers out which 1 should have 2 LAN cards, Switch and the required LAN cables.
- One machine will be your gateway, connection from the Internet will be coming to this system. We have to do the VPN configuration in this system. It should have 2 LAN cards, one card will be having the connection from the Internet and the other card will be connected to the Switch which connects other 5 computers.
- You should have 6 IP addresses. The details about the IP address range will be given during the contest. One Computer should have a virtual machine installed in it. The vulnerable image will be installed inside this virtual machine, one IP out the six will be given to this Virtual Machine so that other computers connected to the network can ping the vulnerable OS inside the virtual machine.
There are lot more to say about the contest, explaining it will elaborate my post.
In the finals, I was work on the vulnerable web application. It was known as BLOB, Blob is a mircoblogging application created by Avinash Joshi one of the organiser. He has done a great job. It was really nice application, we could learn a lot about web security.
The Team InCTF has done a great job. Thank you very much.
Team effort is very important because of which our team could achieve 4th position in the contest. There is not shortcut to success; only hard work can take you there. All the best.