bamed.org

Well, I just finished typing a long post about putting together a Root War and I ended up getting some kind of database error and I lost it all. So I’m trying again, thought this one may not be as detailed:

We need a good Root War(RW)! I haven’t participated in one in a while. I believe a lot of the Church IT people out there could benefit from learning to do some penetration testing, and a RW is a good way to learn.

What is a RW? I was first exposed to the concept of RW by my fried darkuncle who was a volunteer here at CHCC until he moved back to California. He’s the one who helped me setup our OpenBSD router/firewall/conent filter and got me hooked on OpenBSD, the most secure operating system in the world. Darkuncle is the Network Admin for Toorcon, a network security/hacking conference held every year in San Diego. When I found out about his connection with Toorcon, I checked out the website and discovered the thing called Root Wars. A RW is essentially a hacking competition. At Toorcon it’s quite advance, complete with a RW Engine that keeps score called OpenInfreno. I’ve never competed in anything quite that advance, and I’m sure I would be out of place amongst a group of elite “network security specialists.” I have, however, competed in some informal RW put on by LearnSecurityOnline.com. In these RW we meet in IRC a half hour before the scheduled start time, then break up into teams, then we’re given an IP address and each team is given a username/password we use to SSH into a remote network of VM’s. each teams username/password gives them asscess to a VM they will use to launch their attacks from. We’ve played a few different scenarios, the simplest one is where each team tries to gain access to the other team’s system. We’ve also played through a scenario where our team system has been compromised and is full of rootkits. We then had 30 minutes to clean up all the rootkits, and after that 30 mins. we had to try to gain access to our opponents system. We’ve also played speed root, where we are given access to a network of several VM’s, each with a different OS on it and each team tries to gain root to as many systems as possible in the least amount of time. Once a system is rooted it’s shut down, and we play till all systems are shut down.

What I’m thinking about doing, is setting up a VM network of my own to be used for a RW among us Church IT people. If there’s enough experience people interested we could make it a RW competition, but if not we can just walk through it all together and use it for training. I was thinking about starting with something simple, like a few 2000, XP, 2003 systems w/ and w/o any SP’s. An unpatched version of Windows is VERY easy to root. Once everybody’s got the hang of it we can start locking down the VM’s. The purpose would be first of all to demonstrate how vulnerable an unpatched Windows machine really is. Then we can implement some of the security features we all use to see if they help or not.

I have a server I will be retiring in a couple of weeks that I can setup for this purpose, but if anyone has an extra computer with enough RAM to run several VM’s on (4 or 5), and would be willing to do the work to set it up and give other’s remote access to it let me know. Otherwise I’ll have something setup in a couple of weeks.

This entry was posted on Friday, March 2nd, 2007 at 10:15 am and is filed under Church IT, Just Plain Geeky. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.