Nov 09 22:46:15 <Perseid> (19:18:10) Perseid: matjas: you can look up the correct string in an old traffic capture
Nov 09 22:46:15 <Perseid> (19:19:51) Perseid: matjas: Oh, I have it open here anyway (and it is in your source code, too). Option one: "You begin your march around the lake. There is a small hut on the side of the lake. Before you reach it, you bump into an invisible wall, though. It seems to stretch from the wall until as deep in the water as you dare to go.", Option two: "You begin your march around the lake. There is a small hut on the side of the lake."
Nov 09 22:46:22 * leex has changed the topic to: WE ARE WORKING ON IT!
Nov 09 22:46:38 <leex> :D
Nov 09 22:48:01 * vladum_ (~v@198.0.203.21) has joined #rwthctf
Nov 09 22:48:49 <rep> back online
Nov 09 22:48:54 * rep has changed the topic to: should all be back online nicely
Nov 09 22:49:01 <oxff> vos: grats to MSLC for firstblood on trafman
Nov 09 22:49:06 * vladum_ has quit (Client Quit)
Nov 09 22:49:24 <FluxSqall> IDA does not work with trafman :(
Nov 09 22:49:34 <oxff> haha
Nov 09 22:49:36 <fd0> teheh
Nov 09 22:49:37 <FluxSqall> I have no clue about ARM ... this will be a lot of reading
Nov 09 22:49:37 <vos> oxff: w00t
Nov 09 22:49:45 <fd0> oxff's anti-debugging-stuff? :P
Nov 09 22:49:50 <oxff> no
Nov 09 22:49:54 <oxff> anti-static-re
Nov 09 22:49:55 <FluxSqall> oxff: ARM anti debugging trick for IDA?
Nov 09 22:49:58 <fd0> hehe
--
Nov 10 02:27:03 <strb> really look at it
Nov 10 02:27:08 <oxff> you mean listen
Nov 10 02:27:12 <strb> even though you might think you don't need it
Nov 10 02:27:16 <strb> oxff: that, too
Nov 10 02:27:38 <oxff> i'm going to bed, may trafman be with you
Nov 10 02:28:00 <hellman> oxff: we are stealing trafman, but board shows no one steals flags
Nov 10 02:29:03 <strb> hellman: youre MSLC right?
Nov 10 02:29:15 <vos> strb: yeh
Nov 10 02:29:30 <strb> we can see your trafman flag captures in the database
Nov 10 02:29:34 <strb> you should be scoring
Nov 10 02:29:54 <oxff> allow for some little delays
Nov 10 02:29:59 <strb> however, keep in mind there's a delay from when flags are submitted to when they are scored
Nov 10 02:30:24 <jojo-> hellman: which team?
Nov 10 02:30:26 <vos> strb: can you double check it? we see 0 captures for trafman on the scoreboard (for all the teams we are stealing from)
Nov 10 02:30:33 <vos> jojo-: id 6
Nov 10 02:30:34 <fd0> wow
Nov 10 02:30:44 <fd0> 25mb/s outgoing for ~15mins now...
Nov 10 02:31:03 <strb> vos: i can see them in the backend
Nov 10 02:31:10 <strb> you _should_ be getting scores
Nov 10 02:31:14 <vos> did they get added to the scores already?
Nov 10 02:31:15 <k3mp> out trafman doesnt start
Nov 10 02:31:20 <FluxSqall> oh
Nov 10 02:31:20 <k3mp> our trafman doesnt start
Nov 10 02:31:23 <FluxSqall> we got the lead :)
Nov 10 02:31:29 <vos> fcuk the scoring :P
Nov 10 02:31:31 <strb> i'm not sure. jojo- has to answer that
Nov 10 02:31:32 <k3mp> the port is blocked
Nov 10 02:31:36 <FluxSqall> quick ... screenshot and then I can go home :D
Nov 10 02:31:42 <strb> i can only tell you they are reaching the database just fine
Nov 10 02:31:54 <vos> strb jojo-: we feel like we didn't get any score boost when started capturing trafman from 50 teams
Nov 10 02:32:05 <vos> fluxes continued to overscore us :/
Nov 10 02:32:23 <vos> that shouldn't be right, eh...(
Nov 10 02:32:35 <xorAxAx> fd0: is that from the arm host? :)
Nov 10 02:32:43 <xorAxAx> btw, is the vpn compressed?
Nov 10 02:32:45 <hellman> fluxes have some magic :) stealing the same services and getting much more points
Nov 10 02:32:49 <k3mp> trafman for user pxq... on 2.6 isnt working...
Nov 10 02:32:50 <k3mp> trafman for user pxq... on 2.6 isnt working...
Nov 10 02:32:50 <k3mp> trafman for user pxq... on 2.6 isnt working...
Nov 10 02:32:51 <k3mp> trafman for user pxq... on 2.6 isnt working...
Nov 10 02:33:06 <oxff> yeah except that it's running already?!
Nov 10 02:33:08 <k3mp> cannot kill the provess
Nov 10 02:33:18 <skier_> strb: more f4x0r hints ;p
Nov 10 02:33:24 <fd0> xorAxAx: I don't think so
Nov 10 02:33:24 <k3mp> process, its not started by myself?
Nov 10 02:33:33 <vos> strb jojo-: we are now capturing 48 flags from Trafman each round. seems like we don't get a +480 points each round
Nov 10 02:33:38 <strb> skier_: seriously. just look at the code. there's a vuln in there
Nov 10 02:33:43 <strb> pay close attention
Nov 10 02:33:58 <skier_> ;p
Nov 10 02:34:23 <leex> vos: do you submit all of them successfully?
Nov 10 02:34:41 <strb> leex: yeah, they're reaching the DB just fine
Nov 10 02:34:42 <vos> yes
Nov 10 02:34:46 <leex> ok
Nov 10 02:34:50 <strb> but i don't know how to check anything beyond that
Nov 10 02:35:00 <oxff> k3mp: it's running
Nov 10 02:35:01 <strb> because i didn't build the scorebot
Nov 10 02:35:14 <strb> vos: i think jojo- is looking at it though
Nov 10 02:35:18 <oxff> read startsvc.sh and maybe RE ctf-inetd
Nov 10 02:35:20 <strb> our fearless leader :>
Nov 10 02:35:32 <vos> great
Nov 10 02:35:35 * PwnHst has quit (Ping timeout: 245 seconds)
Nov 10 02:35:36 <jojo-> vos: you're getting the 'Congratulations, you scored a point!' message?
Nov 10 02:35:40 <vos> jojo-: yes
Nov 10 02:36:03 <vos> got 49 of that just now
[* vos headed to discuss it with jojo- in PM]
--
Nov 10 03:57:52 * Kohelet (~DLLogram@beitshlomo.com) has left #rwthctf
Nov 10 03:58:01 * Vrael13 (~Torben@hlab.informatik.uni-mannheim.de) has joined #rwthctf
Nov 10 03:59:11 * kawa_xxx has quit (Remote host closed the connection)
Nov 10 03:59:13 * Vrael131 has quit (Read error: Operation timed out)
Nov 10 03:59:53 * kawa_xxx (~kawa_xxx@e0109-106-188-64-237.uqwimax.jp) has joined #rwthctf
Nov 10 04:00:40 <vos> guys, there's something important to be discussed. maybe i'm wrong in my understanding of attack-defense ctf principles
Nov 10 04:00:56 <vos> so, imagine i post a flag, right
Nov 10 04:01:28 <vos> after some short time, this flag disappears from the box i have got it from
Nov 10 04:01:34 <vos> should i get the points for the flag or not?
Nov 10 04:02:52 <More> if your own service of this is not down, probably yes
Nov 10 04:03:05 <vos> More: that's my point of view too
Nov 10 04:03:25 * mochigom_ (~mochigoma@e0109-106-188-64-237.uqwimax.jp) has joined #rwthctf
Nov 10 04:03:25 * mochigoma has quit (Remote host closed the connection)
Nov 10 04:04:12 <vos> but.. is there any CTF that works like this? accept captured flag from the team --> connect to the team the flag was captured from --> check if the flag still exists on the pwned box --> if yes, score the points. if no, fuck the team that has captured the flag
Nov 10 04:04:16 * kawa_xxx has quit (Ping timeout: 244 seconds)
Nov 10 04:04:21 * juanpablo_ (~john@c-24-16-145-114.hsd1.wa.comcast.net) has joined #rwthctf
Nov 10 04:04:36 * root____ (~root@faui1-230.informatik.uni-erlangen.de) has joined #rwthctf
Nov 10 04:04:46 * cthulhu (~cthulhu@hlab.informatik.uni-mannheim.de) has joined #rwthctf
Nov 10 04:04:48 <vos> we're having an argument with jojo- now
Nov 10 04:05:00 <root____> who is responsible for trafman?
Nov 10 04:05:10 * cthulhu is now known as Guest10206
Nov 10 04:05:10 <jojo-> root____: undisclosed
Nov 10 04:05:36 * moho1 has quit (Read error: Connection reset by peer)
Nov 10 04:05:56 <vos> the thing is, we have exploited Trafman for like 40 minutes
Nov 10 04:05:57 * Skampy has quit (Ping timeout: 248 seconds)
Nov 10 04:06:06 <vos> and we were the only ones that exploited it
Nov 10 04:06:12 * tester1 has quit (Ping timeout: 265 seconds)
Nov 10 04:06:24 <vos> and we had ~ 45-50 teams giving us flags each round
Nov 10 04:07:14 <vos> and we deleted the flags from their boxes upon capturing to give them defense penalty (common technique right?)
Nov 10 04:07:31 <vos> and we submitted those new 45-50 flags every minute
Nov 10 04:07:32 * mochigom_ has quit (Remote host closed the connection)
Nov 10 04:07:40 <C0C0> vos: yeah that sucks
Nov 10 04:07:52 <takeshix> root____: i would try oxff... :P
Nov 10 04:07:55 <vos> and we got 45-50 "Congratulations, you scored a point!" messages for that particular service each minute
Nov 10 04:08:05 <C0C0> common strategy, true but shitty for the other teams
Nov 10 04:08:12 <root____> :(
Nov 10 04:08:17 <vos> and it turned out, we weren't getting any points for 40 minutes straight
Nov 10 04:08:19 <C0C0> vos: bad karma
Nov 10 04:08:24 <C0C0> sucks
Nov 10 04:08:29 <C0C0> and we sucked at communicating
Nov 10 04:08:31 <C0C0> sorry
Nov 10 04:08:37 * tester (~tester3@149.201.35.71) has joined #rwthctf
Nov 10 04:09:24 <G33KatWork> vos: if you submit a flag of team, the flag owner gets lower defense points, because they got hacked. there is no need to delete the flags
Nov 10 04:09:47 <vos> so now there are flags worth 18 000 points that are in the DB as 'captured' by us, but that are not added to our offense score
Nov 10 04:09:58 <G33KatWork> the only thing you do by deleting flags is hurting other teams having an exploit, because they can't get the flags anymore
Nov 10 04:10:05 <vos> we were getting 0 for those captures, while scorebot gave us "Congratulations, you scored a point!"
Nov 10 04:10:20 <airmack> vos: sucks
Nov 10 04:10:36 <C0C0> vos: yeah it sucks your right
Nov 10 04:10:40 <strb> G33KatWork: that's actually not true. to quote our FAQ: 'The gameserver puts (stores) a flag to your service, which he later tries to get (retrieve, if the put was successful). For each successful get, you will receive exactly 1 defense point. It does not matter if the flag was stolen and submitted by other teams or not. However, if other teams manage to delete your flags, you will not receive points.'
Nov 10 04:10:42 <jojo-> the message sucks
Nov 10 04:10:50 <hellman> >(from fules) if other teams manage to delete your flags, you will not receive points
Nov 10 04:11:02 <G33KatWork> strb: oh, sorry, my bad
Nov 10 04:11:29 <hellman> so wasn't it supposed that teams will try to delete flags?
Nov 10 04:11:45 <C0C0> well it wasn't quite clear honestly
Nov 10 04:11:55 <C0C0> like "we didn't know ourselfs"
Nov 10 04:12:09 <C0C0> there was some old old part in the scoring database code
Nov 10 04:12:24 <C0C0> that no one knew about but the original author
Nov 10 04:12:42 <vos> C0C0: if there is an issue with the code, we understand
Nov 10 04:12:46 <vos> and demand a recalc
Nov 10 04:12:54 <vos> since it can influence the game outcome
Nov 10 04:13:09 <vos> ... as you know
Nov 10 04:13:14 * xyrex (~steven@g137004.upc-g.chello.nl) has joined #rwthctf
Nov 10 04:13:57 <takeshix> hey, yeah, we got tons of flags from trafman too, we deleted them all, can i haz points, pl0z? :<
Nov 10 04:14:18 <C0C0> vos: relax
Nov 10 04:14:21 * zetsubouclown (~zetsubouc@195.19.229.33) has joined #rwthctf
Nov 10 04:14:30 <C0C0> demanding stuff won't bring you anything
Nov 10 04:14:48 <vos> C0C0: yeah 'demand' is not the correct word
Nov 10 04:14:53 <__blasty> y0h s0me1's m4d
Nov 10 04:14:55 * stari has quit (Remote host closed the connection)
Nov 10 04:14:57 <C0C0> see we where just talking about recalcs
Nov 10 04:14:58 <vos> language problems
Nov 10 04:14:58 <strb> vos: we understand your frustration. we hear you. we are discussing this issue. but demanding things or antagonizing us really won't get you anywhere
Nov 10 04:15:01 <xorAxAx> we didnt get any flags from trafman, can we haz pts please? :)
Nov 10 04:15:06 * [UFO]antoxar has quit (Quit: Leaving.)
Nov 10 04:15:24 <C0C0> xorAxAx: if there is a recalc it will be a global one affecting all teams
Nov 10 04:15:25 <vos> kk sry, forget about the word 'demand' :) what's the appropriate synonym?
Nov 10 04:15:28 * muchacho has quit (Quit: Leaving)
Nov 10 04:15:33 <xorAxAx> C0C0: damn, hopefully not :)
Nov 10 04:15:43 * wont (~wont@128.238.66.149) has joined #rwthctf
Nov 10 04:15:53 <fd0> vos: "propose"
Nov 10 04:16:04 <vos> fd0: thx
Nov 10 04:16:25 <FAUSTben> someone is dossing our railway
Nov 10 04:16:26 <vos> so yeah, we propose and hope for a recalc
Nov 10 04:16:26 <jojo-> vos: if you keep discussing like this it won't matter if you get 18k points plus or not ;)
Nov 10 04:16:26 <vos> prettyprettyplease?
Nov 10 04:16:26 <jojo-> (looking at the score)
Nov 10 04:16:27 <wont> Is there someone who can confirm that it is possible to steal a flag from the f4x0r service?
Nov 10 04:16:28 <FAUSTben> fd0: can you look into that?
Nov 10 04:16:34 <fd0> FAUSTben: i can try
Nov 10 04:16:37 <FAUSTben> k
--
[* 15 minutes till CTF ends]
Nov 10 04:44:50 <skier_> 01:43:48 < FluxSqall> 11/10 would reboot again! :D
Nov 10 04:45:09 <root____> hes dead, jim
Nov 10 04:45:18 <Fluxtmh> (╯°□°)╯ ┻━┻
Nov 10 04:45:19 <fd0> vpn is backup
Nov 10 04:45:19 * demonvision (~Leo@wlan-141-23-74-232.tubit.tu-berlin.de) has joined #rwthctf
Nov 10 04:45:39 <vos> C0C0: time to recalc some scores
Nov 10 04:45:53 <Garwin> time to block some more people in fw
Nov 10 04:46:08 <vos> :D
Nov 10 04:46:37 <rep> vos: chill out and have tea
Nov 10 04:46:38 <Garwin> we'll manage
Nov 10 04:46:38 <gijs_> is traffic between teams working atm?
Nov 10 04:46:38 * moho1 (~moho1@xdsl-87-78-99-187.netcologne.de) has joined #rwthctf
Nov 10 04:46:39 <leex> sqrts|Bernd: are you DoSing us on purpose?
Nov 10 04:46:43 <leex> sqrts|sebastian: ^
Nov 10 04:46:56 <FAUSTben> o_O
Nov 10 04:47:03 <skier_> heh
Nov 10 04:47:06 <sqrts|sebastian> what!?
Nov 10 04:47:09 <__blasty> square rewtz, stahp
Nov 10 04:47:11 <vos> rep: only if you promise to recalc :(
Nov 10 04:47:14 * kelwin_ (~kelwin@tu132049.ip.tsinghua.edu.cn) has joined #rwthctf
Nov 10 04:47:17 <skier_> is sqrts short for "squirts"?
Nov 10 04:47:18 <skier_> much squirt
Nov 10 04:47:19 <skier_> girl awesome
Nov 10 04:47:20 <skier_> wow
Nov 10 04:47:24 <rep> vos: dude, why are you being so rude?
Nov 10 04:47:25 <sqrts|sebastian> our exploit framework is running xD
Nov 10 04:47:26 <sqrts|sebastian> xd
Nov 10 04:47:34 <FAUSTben> sqrts|sebastian: your java foo is running
Nov 10 04:47:35 <FAUSTben> :P
Nov 10 04:47:47 <sqrts|Bernd> :D
Nov 10 04:47:48 <random_user_23> some one from bios online here? :)
Nov 10 04:47:48 <FAUSTben> maybe you build a SYN flood in there by accident (eclipse)
Nov 10 04:47:49 <sqrts|sebastian> xD
Nov 10 04:47:51 <fd0> sigh
Nov 10 04:47:52 <C0C0> vos: we do not negotiate with terrorists
Nov 10 04:48:00 <vos> rep: just because i'm fffrustrated as hell with the issues that aren't being fixed for 2.5 hrs still
Nov 10 04:48:04 <sqrts|sebastian> do we need to shut down some slaves?
Nov 10 04:48:13 <C0C0> sqrts|sebastian: dunno
Nov 10 04:48:14 <effweh> I want my money back
Nov 10 04:48:16 * bholste (~bholste@hlab.informatik.uni-mannheim.de) has joined #rwthctf
Nov 10 04:48:22 <FluxSqall> we tested our new exploiting framework today the first time
Nov 10 04:48:25 <root____> insert 50 euros
Nov 10 04:48:28 * bholste is now known as sqrts|benedict
Nov 10 04:48:29 <FluxSqall> seems to work great :)
Nov 10 04:48:30 <jojo-> vos: it's not an "issue", it's a design decision that might be unusual for CTFs. ok, but that's our way to do it
Nov 10 04:48:32 <FAUSTben> insert a nerd
Nov 10 04:48:35 <root____> :D
Nov 10 04:48:40 * grimmlin_ (~grimmlin@irc.pentoo.ch) has joined #rwthctf
Nov 10 04:48:43 <FAUSTben> FluxSqall: same here :P
Nov 10 04:48:44 * wasMitNetzen (~quassel@82-171-162-241.ip.telfort.nl) has joined #rwthctf
Nov 10 04:48:45 <C0C0> I would guess someone who is butthurt with code exec synflodded everyone via shells
Nov 10 04:48:51 <jojo-> vos: and by the way: it was exactly the same last year (where you participated)
Nov 10 04:48:51 <grimmlin_> where are the arm boxes !!!
Nov 10 04:48:51 <[ENOFLAG]bitwave> semms to be working now...
Nov 10 04:49:07 <fd0> team26 anywhere?
Nov 10 04:49:11 <tumtom> they are already tired
Nov 10 04:49:13 <vos> jojo-: we've discussed it in PM. stop inventing the rules as we speak :(
Nov 10 04:49:17 <hellman> jojo-: so you could write about it in rules
Nov 10 04:49:24 <vos> jojo-: the Rules page says about flag deleting
Nov 10 04:49:42 * chriss_ (~chriss@harpertown.kbs.tu-berlin.de) has left #rwthctf ("Leaving")
Nov 10 04:49:48 <leex> DOS ALL THE BOXES! (or well, please don't), stop!
Nov 10 04:49:58 <JulioVega> jeez, it's just a game...
Nov 10 04:50:14 <thomasbl> *thumbs up*
Nov 10 04:50:17 * kmtvb (c313e521@gateway/web/freenode/ip.195.19.229.33) has joined #rwthctf
--
Nov 10 05:26:37 * [ENOFLAG]seb has quit (Ping timeout: 252 seconds)
Nov 10 05:26:39 * demonvision has quit (Remote host closed the connection)
Nov 10 05:26:40 <Grollicus> cooles ctf, gg!
Nov 10 05:26:43 <ius> C0C0: From 01:20 our railway was using up +100M every ~4s or so
Nov 10 05:26:43 <hellman> C0C0: please release also score/checker records DB :)
Nov 10 05:26:43 <tumtom> ja
Nov 10 05:26:44 <sqrts|Bernd> thanks for the orga :)
Nov 10 05:26:47 <tumtom> cooles ctf
Nov 10 05:26:47 <fisch> gg
Nov 10 05:26:58 <_luks_> fd0: wir kommen gleich mal vorbei :)
Nov 10 05:27:02 * ZeroOFFset (~zoff@psice-toshiba.psice.unibo.it) has joined #rwthctf
Nov 10 05:27:03 <tumtom> und dos-ser haben k(l)eine penise
Nov 10 05:27:04 <fd0> _luks_: mitm auto?
Nov 10 05:27:07 <fd0> _luks_: cool ;)
Nov 10 05:27:07 <_luks_> jo
Nov 10 05:27:10 <C0C0> hellman: we most likely will
Nov 10 05:27:20 <[StrAuh]DooM> fd0: o.O
Nov 10 05:27:25 <ZeroOFFset> is competition ended?
Nov 10 05:27:26 * [Enoflag]gehaxel is now known as gehaxelt_away
Nov 10 05:27:29 <hellman> C0C0: most orgs forget fast about that. please dont :)
Nov 10 05:27:36 <ZeroOFFset> we can't submit any flag...
Nov 10 05:27:46 <Reinhart> ZeroOFFset: yes it's over
Nov 10 05:27:48 <Dor1s> is CTF over?
Nov 10 05:27:48 <C0C0> hellman: check our github :)
Nov 10 05:28:00 <Valodim> phew
Nov 10 05:28:04 <Valodim> well that was a fun ride
Nov 10 05:28:07 <Reinhart> 02:27 <@fd0> gameserver is stopped 02:27 <@fd0> thanks for playing!
Nov 10 05:28:14 <ZeroOFFset> ty @ 4 the fun!
Nov 10 05:28:15 <fd0> Reinhart: yeah?
--
Nov 10 05:28:44 * gamajun (~gamajun@nat5.cs.msu.ru) has joined #rwthctf
Nov 10 05:28:51 * FlxMartin has quit ()
Nov 10 05:29:02 <fluxchief> Meh :< We'd have won :<
Nov 10 05:29:05 * hairyheron1 is now known as hairyheron
Nov 10 05:29:22 * Balda has quit (Quit: WeeChat 0.4.2)
Nov 10 05:29:29 <C0C0> fluxchief: wait for the final result
Nov 10 05:29:34 * stari has quit (Ping timeout: 245 seconds)
Nov 10 05:29:36 <C0C0> the scoreboard is NOT final
Nov 10 05:29:48 * [ENOFLAG]Jakob has quit (Read error: Operation timed out)
Nov 10 05:29:48 * [ENOFLAG]merten has quit (Write error: Broken pipe)
Nov 10 05:30:13 <fluxchief> 600 pending flags xD
Nov 10 05:30:17 <C0C0> ^^
--
Nov 10 05:37:40 <fluxchief_> baibai
Nov 10 05:37:41 * fluxchief_ has quit (Client Quit)
Nov 10 05:37:49 * random_user_23 has quit (Quit: Leaving.)
Nov 10 05:37:59 * D3lirium has quit (Quit: www.miranda-fusion.de ... be part of it...)
Nov 10 05:38:48 * patcdr has quit (Ping timeout: 272 seconds)
Nov 10 05:38:53 <rep> so guys
Nov 10 05:39:05 * ai has quit (Ping timeout: 252 seconds)
Nov 10 05:39:11 <LuckyY> so?
Nov 10 05:39:16 <rep> apparently we have not counted captured flags that we could not retrieve from the service anymore
Nov 10 05:39:19 <gijs_> drumroll.....
Nov 10 05:39:26 <C0C0> D3lirium don't think anyone figured out the login from the checker
Nov 10 05:39:28 <rep> which is not too bad for the overall game
Nov 10 05:39:38 <C0C0> sha1(salt+flag)
Nov 10 05:39:42 * pfohjo (~user@ctfgate.sec.in.tum.de) has left #rwthctf
Nov 10 05:39:44 <C0C0> should not be guessabel^^
Nov 10 05:40:02 <skier_> yes rep?
Nov 10 05:40:08 <rep> for the top teams, it could make a difference however
Nov 10 05:40:09 <C0C0> also the "do_not_reverse_this" message was only intended for that one function
Nov 10 05:40:21 <rep> since more smoke leet chicken tried hard to overwrite flags in their exploits
Nov 10 05:40:32 <rep> which meant that they were more affected by this "misconception"
Nov 10 05:40:43 * moho1 has quit (Quit: leaving)
Nov 10 05:40:46 * tumtom has quit (Read error: Connection reset by peer)
Nov 10 05:41:04 <skier_> rep: but that doesn't mean that it was just mslc..
Nov 10 05:41:07 <rep> so either we should have counted those flags, or should have communicated that overwriting / dos / delete is not wanted
Nov 10 05:41:11 <rep> nono skier_
Nov 10 05:41:17 * The0JJ has quit (Ping timeout: 252 seconds)
Nov 10 05:41:17 <rep> i'm calculating this for all teams right now
Nov 10 05:41:33 <Valodim> we didn't do it because we were told halfway through that we shouldn't do it
Nov 10 05:41:33 <rep> and seems mslc are affected in crazy ways
Nov 10 05:41:39 <[StrAuh]DooM> rep: hmm overwriting after capture was pretty common
Nov 10 05:41:40 <__blasty> yeah but the only service really affected by this is trafman
Nov 10 05:41:42 * snydej has quit (Ping timeout: 250 seconds)
Nov 10 05:41:46 <__blasty> so it will be mostly in their advantage anyway
Nov 10 05:41:47 <rep> yep
Nov 10 05:41:58 <__blasty> so looks like we're fucked
Nov 10 05:42:00 <__blasty> thx 4 playing
Nov 10 05:42:03 <[StrAuh]DooM> that was how more leet fragged the gamevuln
Nov 10 05:42:03 <rep> they did capture 5k flags alone (nobody else got those) where they overwrote the flag
Nov 10 05:42:04 <__blasty> :D
Nov 10 05:42:17 <rep> in trafman
Nov 10 05:42:35 <[StrAuh]DooM> hehe
Nov 10 05:42:36 * akjdad has quit (Ping timeout: 272 seconds)
Nov 10 05:42:50 <__blasty> w0w
Nov 10 05:42:56 <__blasty> first ctf that changes scoring after game
Nov 10 05:42:56 <rep> the problem really is that a lot of teams did the same thing and noticed the problem
Nov 10 05:42:59 <rep> and stopped overwriting
Nov 10 05:43:06 <Reinhart> yep
Nov 10 05:43:07 <leex> (I still don't get why MMA only used their supermarket exploit on something like 3 teams)
Nov 10 05:43:15 <rep> so it would be unfair to not count the captured flags, but also unfair to just count them
Nov 10 05:43:17 <__blasty> even when they stopped overwriting MSLC would overwrite everything again
Nov 10 05:43:18 <rep> it's fucked
Nov 10 05:43:21 <rep> i'm still checking on it
Nov 10 05:43:23 <__blasty> or someone else would
Nov 10 05:43:25 <rep> to get last numbers
Nov 10 05:43:32 <strb> leex: nor do i get why h4x0rpschorr only used their f4x0r exploit on bi0s ;)
Nov 10 05:43:41 <rep> __blasty: we're not changing anything
Nov 10 05:43:49 <rep> it's just that this was a problem for the last 3 hours
Nov 10 05:43:51 <ius> strb: the one where your box goes OOM in 1s? :p
Nov 10 05:43:57 <rep> and we're debating on what to do
Nov 10 05:43:59 <__blasty> last 3 only ?
Nov 10 05:44:02 * cornyyy has quit (Ping timeout: 264 seconds)
Nov 10 05:44:05 <strb> ius: ?
Nov 10 05:44:07 * person1 (44631aca@gateway/web/freenode/ip.68.99.26.202) has joined #rwthctf
Nov 10 05:44:19 <Reinhart> we had a crazy fast DoS on our box for a while
Nov 10 05:44:23 <ius> strb: skier DoS'ed our own box with a f4x0r DoS
Nov 10 05:44:32 <__blasty> lOl
Nov 10 05:44:36 <ius> box was oom in 1s
Nov 10 05:44:41 <Reinhart> I thought you were talking about the other time
Nov 10 05:44:52 <ius> yeah, the other was annoying too
Nov 10 05:44:55 <Reinhart> that wasn't the only time our box went down right after coming up
Nov 10 05:44:56 <ius> but that was 100M/4s
Nov 10 05:45:06 <asby> we were dossed the last hour, so couldn't submit flags, is this also recalculated?
Nov 10 05:45:16 <__blasty> what asby said
Nov 10 05:45:21 <Reinhart> asby: everyone was dos'ed
Nov 10 05:46:04 <strb> asby: the last hour was fucked anyway. and we can't recalculate flags we didn't receive. but nothing is final anyway
Nov 10 05:46:29 <Reinhart> "but nothing is final anyway" might be just making things harder for yourself
Nov 10 05:46:40 <Reinhart> still, respect that you're trying to sort out this clusterfsck
Nov 10 05:46:46 <strb> Reinhart: we're gathering info and discussing
Nov 10 05:47:15 * stk| has quit (Ping timeout: 264 seconds)
Nov 10 05:47:31 <Valodim> for next year, maybe just limit the SYNs per second for each team?
Nov 10 05:47:58 * patcdr (~anonymous@c-50-132-27-79.hsd1.wa.comcast.net) has joined #rwthctf
Nov 10 05:47:58 <ius> to be fair, we don't generally consider rm'ing flags
Nov 10 05:48:15 <xyrex> is it even possible to recalculate points that involve a timefactor?
Nov 10 05:48:21 <ius> but when MSLC started it we had to, else we'd never be able to score more pts/round
Nov 10 05:48:22 <C0C0> xyrex: sure
Nov 10 05:48:25 <rep> mh
Nov 10 05:48:28 <leex> xyrex: ofcourse
Nov 10 05:49:03 <rep> so just from the xploitation point of view mslc would have won. on the other hand our scoring did never count broken services (thus also overwritten) ones, didn't last year, did not this year
Nov 10 05:49:06 <fd0> btw: you can stop your vpn clients now ;)
Nov 10 05:49:12 <rep> however we screwed up with communicating this year
Nov 10 05:49:33 * person1 has quit (Quit: Page closed)
Nov 10 05:49:50 <rep> defcon doesn't "overwrite" flags because of the autopwn storm that would result in
Nov 10 05:49:55 <rep> that's why they have their kernel module
Nov 10 05:50:04 <rep> which is why we normally don't count captures on broken services :/
Nov 10 05:50:11 <rep> to reduce the "timing" factor
Nov 10 05:50:20 <rep> it's really a pity right now :(
Nov 10 05:50:21 * justus has quit (Quit: justus)
Nov 10 05:50:24 <rep> i'm super sorry for this
Nov 10 05:51:01 <ius> Also, we stopped rm'ing when MSLC started complaining - if MSLC kept rm'ing that would score them more flags if those are now counted :\
Nov 10 05:51:07 <rep> yep
Nov 10 05:51:10 <rep> exactly
Nov 10 05:51:11 <ius> The bottomline is, it's fucked anyhow, but mmh
Nov 10 05:51:38 <rep> if MSLC had stopped overwriting for that moment, they would have won with the current scoring logic
Nov 10 05:52:27 <rep> but sadly orga did not really clearly say "overwriting is the problem", but rather responded with "we're checking on this"
Nov 10 05:52:43 * yehuju (~yehuju@unaffiliated/yehuju) has left #rwthctf ("byt3s x")
Nov 10 05:53:50 * FIXME_Prosouth has quit (Quit: Leaving)
Nov 10 05:54:09 <__blasty> rep: you cant say they would have won because everyone would have stopped rm'ing everyone else's exploits against traf wouldve started working again as well
Nov 10 05:54:20 <__blasty> eg. they would share the flags with other teams that had exploit for it
Nov 10 05:54:50 <ius> heh
Nov 10 05:54:52 <rep> well let's put it this way
Nov 10 05:55:06 <rep> without disclosing numbers here, mslc have quite the huge amount of flags they got alone
Nov 10 05:55:17 <rep> even if we cut that down to account for that
Nov 10 05:55:25 <rep> they still got quite a lot
Nov 10 05:55:35 <__blasty> now we're just handwaving
Nov 10 05:55:37 <rep> yep
Nov 10 05:55:40 <rep> agree
Nov 10 05:55:45 <rep> not really exact
Nov 10 05:55:49 <rep> not the best
Nov 10 05:55:55 <rep> and me apologies for that fact
Nov 10 05:55:59 <rep> my
Nov 10 05:56:19 <sqrts|sebastian> are the scores final now?
Nov 10 05:56:44 <jojo-> nope
Nov 10 05:56:44 <ius> Well, __blasty made another fair point I guess, had the flags not been rm'ed all other teams would've had less downtime too --> actually be able to submit
Nov 10 05:56:44 <skier_> scores at 3am!
Nov 10 05:57:00 <leex> skier_: whenever we are ready
Nov 10 05:57:02 <sqrts|sebastian> our scores have been recalced a few minutes ago?
Nov 10 05:57:34 <Valodim> well we sure had a lot of fun =)
Nov 10 05:57:36 * stari (~stari@18.189.124.142) has joined #rwthctf
Nov 10 05:57:39 <LuckyY> rep: they choose to rm, they weren't forced to rm :)
Nov 10 05:57:47 * hairyheron (~akrueger@seclab.itsec.rwth-aachen.de) has left #rwthctf
Nov 10 05:57:52 <ring3> cya
Nov 10 05:58:04 * markimarkii has quit (Quit: Verlassend)
Nov 10 05:58:28 <vos> as a side note,
Nov 10 05:58:29 <vos> root@bt:~/Desktop/flagpost_linux/flags# find trafmon/ -type f -exec cat {} \; -exec echo \; | grep '\[ok\]' | wc -l
Nov 10 05:58:29 <vos> 8932
Nov 10 05:58:34 <vos> (8932 "Congratulations, you have scored a point" messages)
Nov 10 05:58:40 <vos> for trafman solely
Nov 10 05:58:49 <jojo-> vos: we talked about this
Nov 10 05:58:52 <rep> as i said pal, you had around 5k that were not counted at all
Nov 10 05:59:00 <vos> yeah :(
Nov 10 05:59:02 <rep> so
Nov 10 05:59:16 <xyrex> any other team could still have the same amount of successful submitted flag if the flags weren't rm'ed
Nov 10 05:59:21 <jojo-> yep
Nov 10 05:59:35 <jojo-> that's why the scoring without broken was in there in the first place
Nov 10 05:59:46 <vos> xyrex: disagree. no-one had the sploit the time we were getting those
Nov 10 05:59:56 <xyrex> you dont know that
Nov 10 05:59:56 <__blasty> weve had a sploit for hours and hours
Nov 10 06:00:09 <skier_> and if mslc would make many many points with this one particular challenge, then we would have put more men on it to get quicker exploit etc as well
Nov 10 06:00:14 * valis has quit (Quit: leaving)
Nov 10 06:00:28 <skier_> more flags
Nov 10 06:00:34 <skier_> many points
Nov 10 06:00:35 <skier_> wow
Nov 10 06:00:39 <jojo-> vos: that's an assumption based on rushing
Nov 10 06:00:39 <__blasty> so ctf
Nov 10 06:00:41 <__blasty> amaze
Nov 10 06:01:02 <__blasty> im done arguing
Nov 10 06:01:04 <__blasty> figure it out :>
Nov 10 06:01:09 <ius> I can't exactly recall, but was the ASLR stuff real?
Nov 10 06:01:14 <ius> Back then we already had a ROP exploit
Nov 10 06:01:21 <__blasty> with aslr bypazz
Nov 10 06:01:22 <vos> jojo-: that's an assumption based on observing the boxes. i'd be happy if anyone disproves me
Nov 10 06:01:25 * mochigoma (~mochigoma@222.151.223.114) has joined #rwthctf
Nov 10 06:01:27 <jojo-> ius: it wasn't at first
Nov 10 06:01:38 <__blasty> using the printf@libc leak, from the get go
Nov 10 06:01:41 <vos> ius: those 5k uncounted are after ASLR was turned on
Nov 10 06:01:47 <hellman> ius: orgs changed it
Nov 10 06:02:05 <asby> Seems that a lot of assumptions are made now in a recalculation of the scoreboard.
Nov 10 06:02:09 <rep> nothing changes
Nov 10 06:02:13 <ius> hellman: yeah, I know
Nov 10 06:02:38 <LuckyY> rep: final statement?
Nov 10 06:02:40 * ring3 has quit (Ping timeout: 265 seconds)
Nov 10 06:02:45 * [ENOFLAG]chit has quit (Quit: Getting a life)
Nov 10 06:02:46 <rep> ok
Nov 10 06:02:49 <rep> final statement
Nov 10 06:02:51 * shoragan_ has quit (Ping timeout: 264 seconds)
Nov 10 06:02:57 <gijs_> drumroll...
Nov 10 06:02:59 <__blasty> rep wins
Nov 10 06:03:03 <__blasty> everyone lose
Nov 10 06:03:03 * [ENOFLAG]chit (~chithanh@fiesta.eecsit.tu-berlin.de) has joined #rwthctf
Nov 10 06:03:04 <ius> I think we've all learned from this anyhow ;)
Nov 10 06:03:04 <LuckyY> gg anyways :)
Nov 10 06:03:09 * oni303 has quit (Ping timeout: 272 seconds)
Nov 10 06:03:11 * [ENOFLAG]chit (~chithanh@fiesta.eecsit.tu-berlin.de) has left #rwthctf
Nov 10 06:03:16 * asdfuser (~daniel@2001:470:1f0b:3bd:216:caff:fefe:babe) has left #rwthctf ("Leaving")
Nov 10 06:03:33 <Steven__> could anyone summarize this "rm" stuff so that I could understand what's going on at this hour? ;)
Nov 10 06:03:40 <FAUSTben> *yawn*
Nov 10 06:03:50 <ius> Steven__: For the arm service, you could pop a shell
Nov 10 06:03:55 <jojo-> Steven__: i guess we'll write a blog-post about it
Nov 10 06:04:01 <rep> there is no way we can change the scoring / recalc in any fair manner. THUS - positions are kept as they are but as the orga fucked up we will have a less steep curve on the prize money division. this is FAIR as the top places are not far apart anyway.
Nov 10 06:04:01 <Steven__> ah ok
Nov 10 06:04:19 <rep> this means EINDBAZEN WINS, congrats to FLUX on 2nd and MSLC on 3rd
Nov 10 06:04:19 <gijs_> \o/
Nov 10 06:04:26 <Steven__> the arm boxes looked like a juicy target :D
Nov 10 06:04:30 <Steven__> since they were multiuser
Nov 10 06:04:32 * vos has quit (Quit: Leaving)
Nov 10 06:04:38 <__blasty> bye vos
Nov 10 06:04:40 <Steven__> rep: yay!
Nov 10 06:04:42 <ius> Next AD: make sure flag removal is specified in the rules.
Nov 10 06:04:58 <rep> yes totally, we fucked up on communication
Nov 10 06:04:59 <ius> I personally dislike it, but I guess we'll make sure to participate if it's allowed :)
Nov 10 06:05:00 <rep> but to be fair
Nov 10 06:05:09 <rep> we can't change /recalc now
Nov 10 06:05:17 <rep> also
Nov 10 06:05:19 <FAUSTben> did you ever find out who was responsible for the DoS fuck?
Nov 10 06:05:33 <leex> FAUSTben: we are working on it
Nov 10 06:05:40 <Guest40952> which ports did it target, btw?
Nov 10 06:05:47 <skier_> nice
Nov 10 06:05:52 <jojo-> FAUSTben: might change final ranking...
Nov 10 06:06:00 <FAUSTben> on our machine mainly railway
Nov 10 06:06:05 <FAUSTben> well, massively so
Nov 10 06:06:20 <FAUSTben> at one point, traffic was up to 22 MBit on the tunnel
Nov 10 06:06:22 <Steven__> railway indeed
Nov 10 06:06:23 <FAUSTben> only incoming..
Nov 10 06:06:25 <sqrts|sebastian> railway DOS was caused by the exploits
Nov 10 06:06:29 <rep> SORRY EVERYONE about the scoring unclearness, but overall thanks to everyone and congrats to everyone!
Nov 10 06:06:31 <jojo-> FAUSTben: no, not in terms of services but more in terms of disqualification
Nov 10 06:06:37 <sqrts|sebastian> that created hundreds of users
Nov 10 06:06:40 <rep> it was still fun organizing and we hoped you enjoyed it for the most part
Nov 10 06:06:41 <FAUSTben> jojo-: i know
Nov 10 06:06:43 <FAUSTben> sqrts|sebastian: nope
Nov 10 06:06:46 <sqrts|sebastian> that were kept in memrory
Nov 10 06:06:47 <ius> Again, thanks for the CTF. Was great overall, just the finale was a bit awkward :)
Nov 10 06:06:50 <FAUSTben> that was one port, SYN SYN SYN
Nov 10 06:06:56 <rep> ius: absolutely agreed
Nov 10 06:06:57 <FAUSTben> nothing else
Nov 10 06:07:04 <jojo-> rest assured, scoring was the same as last year. so you had a whole year to voice complaints about unclear details ;)
Nov 10 06:07:11 <rep> ;)
Nov 10 06:07:17 <gijs_> yeah good stuff guys, but still like the jeopardy style more (less stressy :))
Nov 10 06:07:26 <fd0> FAUSTben: rest assured, we'll look at the pcaps tomorrow. :/
Nov 10 06:07:35 <hellman> jojo-: we didn't know about it last year. do recalc for that also!
Nov 10 06:07:35 <TheJH> gijs_: stress is good :P
Nov 10 06:07:38 <FAUSTben> fd0: I know you did what you could
Nov 10 06:07:44 * Garwin_ has quit (Quit: leaving)
Nov 10 06:07:53 <FAUSTben> make sure to tell everyone if you find the responsible party
Nov 10 06:07:56 * Guest40952 is now known as jn__
--
Nov 10 06:11:06 <lifedjik> By the way, don't forget, that this is only the game - no need to argue. "This game has no name, it will never be the same".
Nov 10 06:11:06 <lifedjik> (Yes, our trafman was most of the time broken - flags were removed in less than one second after creation - I was really thinking about using inotify and immutable flag :))
Nov 10 06:11:06 <lifedjik> So, thank you for the CTF!
Nov 10 06:11:06 <lifedjik> ..and bye-bye.
Nov 10 06:11:14 <FAUSTben> ehe
Nov 10 06:11:21 <rep> apologies again to MSLC, but well - even if trafman exploit was their own, there were couple 1000 other flags that they rm'ed on other services
Nov 10 06:11:21 <leex> FAUSTben: you could have bruteforced the hash in line 1 minute ;)
Nov 10 06:11:30 <rep> so can't really determine what would happened on those
Nov 10 06:11:49 * merten (~merten@e178057139.adsl.alicedsl.de) has joined #rwthctf
Nov 10 06:11:50 <rep> s/their own/the only ones with it/
Nov 10 06:11:55 <FAUSTben> leex: yeah
Nov 10 06:11:57 <FAUSTben> true :P
Nov 10 06:12:07 <hellman> rep: so can we know "real" scores? :P
Nov 10 06:12:08 <FAUSTben> but the DBG leaking worked out nicely ;-)
Nov 10 06:12:19 * hairyheron has quit (Client Quit)
Nov 10 06:12:20 <hellman> rep: or how many flags we've captured
Nov 10 06:12:26 <hellman> and other teams
Nov 10 06:12:28 <leex> sad that almost no one owned supermarket
Nov 10 06:12:45 <Valodim> welp. at least I can read ruby bytecode now :3
Nov 10 06:12:45 <rep> scoreboard had correct latest scores for current logic
Nov 10 06:12:57 <rep> but of course it would be different if broken services states were counted
Nov 10 06:13:07 <rep> as discussed, that can't be done fairly
Nov 10 06:13:10 <skier_> Valodim: did you solve that monster?
Nov 10 06:13:14 <LuckyY> lifedjik: you need root to use immutable
Nov 10 06:13:14 <ius> http://dump.pargon.nl/2013-11-10-030954_1280x1414_scrot.png < scoreboard btw
Nov 10 06:13:34 <skier_> Valodim: just the ruby bytecode wasn't enough for me.. that bytecode is "unique"
Nov 10 06:13:38 <rep> we will give out some more detailed score dumps later i think
Nov 10 06:14:08 <rep> how did you guys like ctfland btw?
Nov 10 06:14:13 <rep> i thought it was awesome
Nov 10 06:14:23 <crazedpsyc> indeed it was
Nov 10 06:14:29 <__blasty> all web stuff was cpu intensive
Nov 10 06:14:30 <skier_> looked funny
Nov 10 06:30:57 * Disconnected (Invalid argument).
**** ENDING LOGGING AT Sun Nov 10 06:30:57 2013