Carolinacon 2008 - Capture The Flag
Capture the Flag is being run a little different this year. It is meant to simulate a real vulnerability assessment.
You will need a wireless network card that is supported by the OS you choose to use. We also recommend BackTrack which is available here:
BackTrack should have anything you need and a lot of stuff you don't.
To connect to the CTF network, configure your NIC for DHCP and connect the wireless network with the SSID of CC08-CTF. The flag box's IP address is 192.168.1.5
Situation and Task:
You have been hired by a very small company to perform a penetration test on their entire network. The owner of the company has tasked you with evaluating all technology procedures and has asked you to document any improvements you can suggest. You have decided to start your pentest with a server in the IT Department. Through the initial interview process with the head of the IT Department, you have learned that this server is used as an FTP server to create and redeploy systems throughout the company. The department head has also explained that due to the small size of the company that this machine has been re-purposed. It used to be a server that was used to store customer information. All customer information has been deleted off the system during the redeployment of this server.
Document everything you find along with steps for remediation and submit your report to: [email protected]
The deadline to have your report submitted is: 3/29/08 8:00pm
Winners will be determined by submitting the best report. Ties will be decided by who submits their report first. If you modify your submission and resubmit your report, the time of the resubmission will be used in the event of a tie breaker. Best reports will be added to this page after the contest is over.