-=[ What is "King of the Hill" ]=-

King of the hill is a simple game, take the hill, keep the hill, for as long as possible. Who ever can do that the longest wins, its that simple. There are 10 computers or "victims" on the network, along with a scorekeeper and a dhcp server. Each of these 10 computers are vunarable to SOME sort of attack. Some are easy, some are a little harder, there level of difficulty is ranged from 1 - 10, 1 being the easiest to hack and 10 being the hardest. Hack a service on any box and you get points, keep control of the box without stopping any of the services or rebooting the box and you will get more points. who ever has the most points at the end of the game wins.

Last year, we had one server which was the hill. It was running Mandrake 2005 LE with all services running and no firewall. The scorekeeper polled certain services every minute to see who's team name was in the banner, and recorded that. As it turns out, nobody was able to put their teamname into any of the banners. About 2/3 of the code for the scorekeep was written the night before the con, and we didnt' get a chance to test to see what hacks worked. That's where this year will be different...

First of all, we'll have tested vulnerabilities. This will prevent the "no winner" syndrom that we were infected with last year. Also, we're going to have 10 servers to take over. Each one will be bigger and tougher than the previous, and the rewards will reflect this. A service on victim #1 will score 1 point per minute, victim 5 will be 5 points per minute and so on up to victim #10. The scorekeeper will be very much like last year, however we decided to make it a little more interesting. We're not going to tell you what services we're monitoring. We're specifically tracking down hubs for this contest and not switches, so if you want to know what files we're monitoring and how we're monitoring them you'll have to figure it out.

I will say that the basic pricipal will be the same, the scorekeep will look to see what's in a certain file and make a note of it. On lower levels this may be as simple as just a team name, but on the upper levels there may be some encoding or even encrypting!

aCTFII Home What is aCTF? Rules