Defcon 19 Capture the Flag Results

European Nopsled Team wins!!

Packets and other such things will follow as time permits.

Final Rankings:

1. European Nopsled Team
2. Routards
3. Hates Irony
4. IV
5. int3pids
6. lollersk8ers
7. Plaid Parliament of Pwning
8. PLUS@Postech
9. Shellphish
A. ACME Pharm
B. VelociROPtors
C. sutegoma2

Qualifications Results

Summary below, grab the raw results here.

The top teams listed below should have received email invitations to compete at the DefCon 19 CTF in Las Vegas beginning August 5, 2011 at 9AM.

Potentially Qualified Teams:

1. Hates Irony (CONFIRMED!)
2. sutegoma2 (CONFIRMED!)
3. lollersk8ers (CONFIRMED!)
4. IV (CONFIRMED!)
5. European Nopsled Team(CONFIRMED!)
6. Routards (CONFIRMED!)
7. Plaid Parliament of Pwning* (CONFIRMED!)
8. Shellphish (CONFIRMED!)
9. VelociROPtors (CONFIRMED!)
10. ACME Pharm** (CONFIRMED!)
11. int3pids (CONFIRMED!)
12. PLUS@Postech (CONFIRMED!)
13. GoN (CONFIRMED - alt. pending above)
14. WOWHACKER (CONFIRMED - alternate)
15. Robot Mafia (CONFIRMED! - alternate)

* pre-qualified
** returning champions(qualed as six men came to kill me one time)

Qualifications Completed

The list of qualifying teams and more news will be available soon.

Validation

This is how we know we're doing it right, the people that know how to pwn are quiet, working hard and putting score up on the board. The people who aren't, well, they have a couple things to say:

00:05 <user7a> I fucking hate you ddtek... ARGH
01:43 <user8> ddtek, please step down for next year's ctf, there's still hope for the future
01:43 <user8> that is all
04:41 <user10> Joseph LaGrange wants you to fucking die ddtek bastards
18:36 <user11> you suck at making shit we can solve
19:09 <user12> seriously creator of _INSERT_CHALLENGE_NAME_HERE_ should die
19:59 <user13> tasks are great fun, absolutely, but you guys suck at sysadmin stuff :( Sorry to say
19:59 <user14> BLACKHOLE
20:00 <ddtek> hahahah user13 you have no fucking idea.
20:00 <user13> ddtek: I guess, maybe because I work daily with highly loaded systems.
20:01 <ddtek> buhbye user13
20:01 <user13> godlike..right.
20:02 <ddtek> we'll see how long we play lol connecting through proxies with user13
20:04 -!- user13 has quit [Read error: Connection timed out]

Qualifications

Much lulz were had. Read what our victims had to say:

18:18 <user0> this is defcon ctf quals, there is no tutorial, there is no help, there is only zuul
19:07 <user1> For godsake ive spent a whole year learning non stop and still can't hack shit
21:16 <user1a> ddtek, how long did it take to put together the board?
21:16 <ddtek> about 5 minutes
21:16 <ddtek> we actually contract with kenshoto
21:17 <ddtek> they do it all
21:17 <user1a> Are you kidding?
21:17 <ddtek> no
21:17 <ddtek> they got tired of running the competition in vegas
21:18 <user1a> Who makes most of the contests? Visigoth?
21:18 <ddtek> yeah, visi is the man
21:18 <ddtek> except on thursdays
21:18 <ddtek> that's cross dressing day
21:20 <user1a> So kenshoto puts it all together but ddtek runs it?
21:24 <ddtek> yep
21:25 <user1a> Visigoth makes most of the challenges or do other people as well?
21:25 <ddtek> mostly visi, metro too
21:27 <user1a> Nice
21:30 <user1a> What does visi and metro do for a living?
21:31 <ddtek> they run this website and others related: http://is.gd/BTrKkg
21:34 <user1a> Always a bonus
21:37 <user2> I use nessus for ctf and I have 0 points!
21:53 <user3> here's a hint: work harder
21:55 <user3> it's the olympics of hacking competitions, it's not supposed to be easy
22:15 <user4> Certified Sheep Shearer is awfully close to CISSP
22:19 <user5> CISSP - Certified Interspecie-ial Sheep Shearing Professional
23:03 <user7> Vulcan, CCSP - Crisco Certified Sheep Penetration Tester
23:54 <[ddtek]vulcan> we are considering inverting the difficulty next year,
                      so almost everyone solves all the 500 pointers and very few
                      solves all the 500 pointers and very few solve the 100 pointers
23:54 <[ddtek]vulcan> that way everyone feels better about themselves
23:54 <[ddtek]vulcan> "no hacker left behind"
02:01 <user9> from the beginning I know I wasn't looking for the literal waldo
02:01 <responder_to_user9> you don't understand what to look for to fap to?
02:02 <user9> i'm really all fapped out

Tutorial Time:

This year during quals some people volunteered to tutor other participating persons.

01:15 <tutorialm4sta> pheerlesshax0r..   you wanna role-play a challenge ?
01:16 <pheerlesshax0r> sure ... gb200 ?
01:16 <tutorialm4sta> ok...
01:16 <tutorialm4sta> you putting on the wizard-hat or am i ?
01:16 <pheerlesshax0r> yur choice
01:17 <tutorialm4sta> nice...    I put on my wizard hat and robes...
01:17 <tutorialm4sta> you seen how we do tutorials in here before ?
01:18 <pheerlesshax0r> yes, haven't seen anyone get out of it happy, but ....
01:18 <tutorialm4sta> ok..  thats true..   I have never reached climax either...
01:18 <tutorialm4sta> ok GB200
01:18 <pheerlesshax0r> hahaa
01:18 <tutorialm4sta> what you done so far
01:19 <pheerlesshax0r> just telnet into it .... no answer ... nomatter what I send
01:19 <tutorialm4sta> ok...  lets role-play it...
01:19 <tutorialm4sta> ok..  I am the IT manager of a large corp...
01:20 <tutorialm4sta> you...   a Hacker trying to lay the shit down on one of my servers....
01:20 <tutorialm4sta> with me ?
01:20 <pheerlesshax0r> yep
01:20 <tutorialm4sta> ok..  so  you keep trying to fuck that sheep..  to the point that you are
                      both raw...
01:21 <pheerlesshax0r> I got the password for the sheep, but I dn't know where to put it ....
01:21 <pheerlesshax0r> :P
01:21 <tutorialm4sta> so its like having the biggest cock in the world.. 
                      and not knowing what to do with it ?
01:22 <tutorialm4sta> ok.. so you keep trying to put shit down on my servers
01:22 <tutorialm4sta> and you finally get frustrated enough
01:22 <tutorialm4sta> cuz maybe its just you are not hard enough
01:22 <pheerlesshax0r> yep, that is why I feel ...
01:22 <tutorialm4sta> so you call my helpdesk
01:22 <tutorialm4sta> RING
01:22 <tutorialm4sta> large corp IT helpdesk..  how can I help you
01:22 <pheerlesshax0r> hello, heldeskp ?
01:23 <pheerlesshax0r> Hi, I need some support ...
01:23 <tutorialm4sta> what are you trying to do ?
01:23 <pheerlesshax0r> I want to connect to your XWindows with my AD password ...
01:23 <tutorialm4sta> WAIT..  you are trying to do WHAT ?
01:24 <pheerlesshax0r> hehe, I know, it is ingenious :P
01:24 <pheerlesshax0r> hahah
01:24 <tutorialm4sta> sorry bro..  you might be thinking about another challenge..  this is GB200
01:24 <tutorialm4sta> oh..  so ur sticking with the ingenious line   ok  i like it kinky...
01:25 <tutorialm4sta> i'll play along...
01:25 <pheerlesshax0r> GB200 is on port 6000 (I lnow it is not an XWindows) .... and you give a password
01:25 <tutorialm4sta> so your AD password is trying to connect to my servers...   
                      what are you trying to get off my servers ?
01:26 <pheerlesshax0r> for now, anything back ..
01:26 <pheerlesshax0r> but whatever I send, it disconnects me ...
01:26 <tutorialm4sta> and I say..   that service is designed that way..
                      what are you trying to do with it ?
01:27 <tutorialm4sta> ahh  shit..   my wand just fell on the floor...
01:27 <pheerlesshax0r> root@x:/Work/DefCon2011/rr200# telnet pwn522.ddtek.biz 6000
01:27 <pheerlesshax0r> Trying 40.XXX.XXX.107...
01:27 <pheerlesshax0r> Connected to pwn522.ddtek.biz.
01:27 <pheerlesshax0r> Escape character is '^]'.
01:27 <pheerlesshax0r> blah
01:27 <pheerlesshax0r> Connection closed by foreign host.
01:27 <tutorialm4sta> i suggestively BEND OVER
01:27 <pheerlesshax0r> I dont see your 6000 open .. :S
01:27 <pheerlesshax0r> (not wide enough)
01:28 <tutorialm4sta> you saying my ass is not wide enough ?
01:28 <tutorialm4sta> WAHT ?   ur trying to fuck me in the ass ?    
01:28 <tutorialm4sta> ok..  that was fun..
01:29 <tutorialm4sta> here is the hint for GB200...
01:29 <tutorialm4sta> didnt reach climax though..   sometime tonight i need to have a
                      tutorial that I reach climax..
01:29 <tutorialm4sta> anyway..  the hint...
01:31 <tutorialm4sta> YOU ARE A HACKER..  TRYING TO "HACK INTO" A SERVICE I AM RUNNING... YOU
                      DONT CALL ME UP AND ASK ME.. "Hey, my busted-ass code is not exploiting your
                      server;  Can you help me figure out why I cant hack your servers?"
01:32 <tutorialm4sta> my response every time would be the same:
01:33 <tutorialm4sta> FIGURE IT OUT

Defcon CTF moves to the Rio for 2011 and HBGary is awarded contract to clean CTF sheep stalls!

FOR IMMEDIATE RELEASE

1 APRIL 2011

DEFCON CTF QUALIFIER ANNOUNCED

Defense Diutinus Technologies Corp (ddtek) is pleased to announce the round of qualification for DEFON 19 CTF.

Bigger, badder venue = bigger, badder CTF.

DDTEK <3 pwnage[1]

Get your supply of Tiger Blood Chronic handy and get your {va,man}jeen ready to be pwned...the competition for these coveted spots will be held over 53 non-stop hours 3-5 June (US time zones).

The qualification round will yet again be in the style of game board, but answers need not be in the form of a question.
Categories will require teams to demonstrate the superiority of hacking across a vast realm of security knowledge and practice, and their ability to form coherent questions.

Quit "playing" with your shake-weight on leatherchapsroulette.com long enough to visit ddtek.biz to register. Only those that pre-register for quals are permitted entry. Each individual should register, first team member to register will receive a team code to share with other mates before they register.

Registration site: https://www.ddtek.biz/reg/dc19_reg.jsp
Registration opens: 01 Apr 2011 00:00:00 UTC
Registration ends: 03 Jun 2011 00:00:00 UTC

Qualifications open: 03 Jun 2011 19:00:00 UTC
Qualifications ends: 06 Jun 2011 00:00:00 UTC Qualifications ends: 06 Jun 2011 01:00:00 UTC

In hysteretical fashion ACME Pharm will be automatically be permitted contest entry. NEW THIS YEAR! We are also pre-qualifying teams from two other worldwide CTFs! We have scientifically chosen the iCTF and Codegate contests as potentially worthy qualifiers for 2011. The winners of said competitions have reserved seats at this years show. As always, pre-qualified teams that don't participate in quals should be ashamed by their weakness and apply to be a CEH or SANS instructor / cyber security poser. Depending on how these teams fare, future winners of these contests may or may not be invited again, so you bitches better represent!

It wouldn't be fair to reduce the number of spots available to the public at large, so we're upping the number of tables in Vegas to 12 total. Yes, when the dust clears the _12_ best will be invited to join us this summer in sin city for the annual DEFCON deathmatch.

Also, DDTEK is tired of this bullshit[2] and has decided to fix it by jumping on the certification band wagon! Be sure to swing by the CTF room to attempt to obtain the GIAC-OFFENSIVE certification in person. It is _certainly_ the only cert anyone wants to be affiliated with. HR panties and manties are definitely gonna get wet over this one.

More infoz will follow via your registered email address.

Vulc@n
Difensiva Senior Engineer, GIAC-OFFENSIVE
Diuntinus Defense Technologies, plc., Co., Gmbh., Inc.

[1] obviously not as much as ddtek <3 sh33pS
[2] https://www.youtube.com/watch?v=FgWT-ba9q0E&hd=1

Sasha has too much time on her hands

Stay tuned