2010-09-07 14:18:39 -06:00
|
|
|
Ideas for puzzles
|
|
|
|
|
=================
|
2010-09-18 21:56:57 -06:00
|
|
|
* Bootable image with FreeDOS, Linux, Inferno? HURD?
|
|
|
|
|
* Bury puzzles in various weird locations within each OS
|
|
|
|
|
* Maybe put some in the boot loader, too
|
|
|
|
|
* Perhaps have some sort of network puzzle as well
|
|
|
|
|
* Network treasure hunt
|
|
|
|
|
* DHCP option
|
|
|
|
|
* Single TCP RST with token in payload
|
|
|
|
|
* Multiple TCP RST with different payloads
|
2010-10-21 16:06:24 -06:00
|
|
|
* http://10.0.0.2/token
|
2010-09-18 21:56:57 -06:00
|
|
|
* PXE boot some sort of points-gathering client
|
|
|
|
|
* Init asks for a team hash, and starts awarding points
|
|
|
|
|
* Broken startup scripts, when fixed award more points
|
|
|
|
|
* Lots of remote exploits
|
2010-10-21 16:06:24 -06:00
|
|
|
* "qemu -net socket" vpn thingy and then...
|
2010-10-22 11:30:58 -06:00
|
|
|
* sfxrar packed with upx. Change an instruction so it won't actually
|
|
|
|
|
execute.
|
2010-10-28 16:59:35 -06:00
|
|
|
* pwnables: have scp log passwords somewhere
|
2010-10-21 16:06:24 -06:00
|
|
|
|
|
|
|
|
Capture the Packet
|
|
|
|
|
------------------
|
|
|
|
|
|
|
|
|
|
* Jim Meilander could teach a class about Bro
|
|
|
|
|
* Use qemu -net socket,connect=10.0.0.2:5399 for capture the packet
|
2011-02-12 20:25:34 -07:00
|
|
|
|
|
|
|
|
|
|
|
|
|
From Jed Crandell
|
|
|
|
|
-----------------
|
|
|
|
|
|
|
|
|
|
* Have password easily read, must determine username with stack
|
|
|
|
|
examination (like in printf category)
|
|
|
|
|
* Use %600000u%n to write an arbitrary value to a location in
|
|
|
|
|
stack, then jump to that location somehow.
|
