• Do not tamper with Log files or the Logging features in place. We are not only trying to protect this, but we want to watch the games too.
  • No outgoing activity will be allowed from any box within our wargames suite. We do not want anyone launching attacks from our platforms. We are not liable for any activities going on upon the server, as we do not have control over it. With this, we will aid the authorities if anything unlawful does occur.
  • We will not tolerate any form of nukes, floods or DoS Attacks. We do not want to find any unethical or immoral actions being performed upon our servers. The wargames are here for you and your peers to have fun, Learn, and expand your knowledge of "hacking" legally. Please do not turn this into something illegal and ruin it for all of us.
  • If you do get root PLEASE DO NOT pull an . rm -rf /. or any form of file removal that you have not created. Please remember the servers are here for all of us to learn from.
  • There will be a 10 MB quota an all accounts; there is no need for large quotas upon these accounts, as they could risk being abused.
  • The accounts are for PERSONAL USE ONLY. If anyone is found giving out access keys then their account will be IMMEDIATELY removed.
  • Rules may change. If you have ideas for rules, please email us at wargames@hack3r.com

Phr0st Sat Jul 16 01:53:25 2016

Root-Wars: Rules of Conduct. 
All Team Members will agree to abide to these guidelines 
----------------------------------------------------------------------------------- 

Basics 
------- 

Each Team can consist of 2 to 6 players. 

Attacking other boxes found on the network, beside those specifically in the wargames, is strictly forbidden and will forfeit the game. 

All team members are expected to think and act ethically throughout the whole of the games. WARNING: You may need some common sense. 

Do not touch Log files or the Logging features in place. We are not only trying to protect this, but we want to watch the games too. Anyone found doing so will be punished, i.e. points deducted. 

ALL outgoing activity is strictly forbidden from any box within our wargames suite. We do not want anyone launching attacks from our platforms. We are not liable for any activities going on upon the servers, as we do not have control over them. With this, we will aid the authorities if any unlawful acts occur. We will not tolerate any form of nukes, floods or DoS Attacks. We do not want to find any unethical or immoral actions being performed upon our servers. The war games are here for you and your peers to have fun, Learn, and expand your knowledge of "hacking" legally. Please do not turn this into something illegal and ruin it for all of us. 

If you do get root PLEASE DO NOT perform any form of file removal on anything that you have not created. Please remember the servers are here for all of us to learn from. 

There will be a 50 MB quota an all accounts; there is no need for large quotas upon these accounts, as they could risk being abused. 

The accounts are for PERSONAL USE ONLY. If anyone is found giving out account passwords then their account will be IMMEDIATELY removed. 

If you or your team damages a box or it's os beyond simple repair, your team will forfeit the game. If this is a round EPiC is playing in, there will be less of a chance of the box being repaired as he will not have access to them during a game he is playing. 

All team member names must be revealed to H3C. Anyone found concealing the identity of any team member would result in either a point. s deduction or that team forfeiting the game. Once the wargames have started, the team members are set in stone. If any team member decides to leave a team then their place WILL NOT be re-filled. If a team member does decide to leave a team then you must inform wargames@hack3r.com immediately to remove their account. 

Your actions on IRC may be noted and logged. We do not want any abuse towards each others teams in and channels. If anyone is found doing this it may result in a point. s removal or, in some extreme cases, the team will forfeit their game. This goes for general abuse from the team as a whole or a team member towards ANYONE on the hack3r IRC. We don. t want flame wars because of stupid disputes. Any disputes that happen within #roothack (or anywhere else for that matter) will be logged and used for future reference to each teams approach to accusations etc. If there is a dispute within two or more groups that cannot be resolved on their own then it will go to wargames@hack3r.com and neutral parties to decide the outcome. If no winner. is decided then all parties involved will face a 5-point deduction for wasting other peoples time. 

The Idea of the games is to allow anyone who wants the chance to hack something to do so ethically without running of the risk of getting into trouble with the law. We try to promote ethical exploration, rather than malicious cracking. You will be encouraged to obtain root, make files, patch the holes you find or have found, keep others out, and most of all, let us know how you did it. All of these will get you points to win the games. 

We are also starting up some additional games to snap into our servers. Updates of these will be posted on roothack. 

 

Cerebus 
---------- 

Each team will be given an individual account on Cerebus, a Slackware Linux box. Cerebus will be your Gateway to your teams server. Cerebus will not be a part of the wargames, except to provide the link to the other boxes. You may use Cerebus to store files safely, out of the wargames. You may use Cerebus to compile things, and try a remote attack against one of the other wargames boxes if wanted. 

Attacking the security, or trying to compromise Cerebus in any way will forfeit the game for your team. Spoofing Cerebus in any way will also forfeit your team. All teams should feel that there connection to Cerebus is secure. Just as if they were logging in from there home machine to there new server. 

Methods of using other user accounts on Cerebus are permitted. You may attempt to gain access to another teams user accounts. All non-wargame accounts are off limits and attempting to compromise them will result in the immediate disqualification of the entire team involved. 

Locking a user or team out of Cerebus in any way is not going to be permitted. Since this is there only means to communicate with their server, this is not a fair means of taking over a box or hacking a team. 

From your shell on Cerebus, you will have access to the following four machines. These four machines, and these four machines only are in roothack. 

 

Hades 
---------- 
192.168.200.201 

Erinys 
---------- 
192.168.200.202 

Erebus 
---------- 
192.168.200.203 

Orion 
--------- 
192.168.200.204 

 

 

Grace Period 
--------------------- 

Grace period will start with each team being given root on a machine of which they do not know the OS. Before any changes are made to the machine, you will need to Document the OS, and version. 

Grace period will last for 24 hours, in which each team will be given a chance to begin securing the box. Use this time to get to know the OS, and get services secured and locked down. 

During this time all boxes in the rootwars suite are to be treated as if they are unplugged. In the real world, you would be securing your box to the best of your ability before you plugged the cat5 in. 

The grace period is designed to allow you that time to secure your box without threat from anyone. Any form of attack made on any of the wargames boxes during the Grace Period will forfeit the offending team's game. 

Social Engineering is acceptable during the Grace Period, HOWEVER this does not mean that attacking, i.e. logging onto a system with a password that was obtained by SE, this will result in an immediate disqualification from the game. If the SE'd password is used after the grace period however, this is acceptable. This goes for any other method of password retrieval within the Grace Period. 

Sniffing is also not tolerated during the grace period. We know that users are still using telnet to get ssh up and possibly testing plain text backdoors. 

During this time, and for the rest of the games, ALL changes made to the box and services, the team will document. We are not asking for novels, just a white sheet to go by. Soon Roothack will allow you to post these on the page yourself as a team. We want to offer you all the resources to communicate securely, and post white papers to receive points. 

Teams are not allowed to install any sort of nonexec stack patch, or stack guard. This would include updating the kernel to the NSA Kernel. 

Under No circumstances are you to remove the wargames staff account on any box. The passwords are secure and will not need to be changed either. If telnet is the only option you have running, Staff will not connect to the shell and risk being sniffed. Do not worry about the security of the staff account. 

Before open season begins, your team is to have 3 active services open. This includes ssh. You may choose what you open up. 

 

Open Season 
----------------- 

We would suggest you divide your team up, into one group who tries to compromise the other teams, and one group that keeps your own box from being compromised. After the 24 hour Grace Period, Open season will commence. This is where it is now fair game to hack another wargames box. Remember, others can now hack you. 

During the Open Season, keep a diary or some form of log of what went on each day, i.e. attacks being made. A good idea is to have one team member who writes well responsible for posting your whitepapers to wargames@hack3r.com The write ups are how you will be awarded points. These are not novels, just a simple explanation of what you did and why. 

Although many attacks are permitted within open season, there are obvious attacks that are strictly forbidden within the games. This is mainly ALL forms of Denial of Service attacks. Any team found doing such an attack would be immediately disqualified from the games. 

As open Season is going, each team in control of each box will be asked to install and secure new services. This could mean it is your turn to run an anonymous ftp, or possibly a web server. Again, these are not elaborate services, simply open it and secure it. During this time, you will want to be submitting your white papers to wargames@hack3r.com; this is where team will get points.

Each game will last between1-3 weeks, keep in mind a team could be out of the game immediately after the grace period, if there box is compromised, and they can not get it back. 

Be prepared to have to allow vulnerable services, when we tell you to install a service like FTP, it will most likely be an outdated, vulnerable version, the other teams will not know when and what you are installing. However, maybe they will. 

 

Points Structure 
-------------------- 

The Points Structure is based around your performance during the games. This includes, Securing the box, patches, compromising another teams box etc. All places to which points can be gained are based on a 1-10 system, 1 being the lowest and 10 being the highest. The team with the most points at the end wins. 

The following points during the Grace Period will be awarded: 

General Security of the box (1-5 points) 
Identifying the correct OS and Versions (written in a white paper)(1-5 points) 
Identifying problems with outdated vulnerable services (1-5 points) 
Specific security vulnerabilities fixed (1-10 points)
 (Total of 25 points available during grace period) 

The following points during the Open Season will be awarded: 

Up to date accounts of what's been happening (1-5 points)
Handling of attacks made upon you (1-5 points)
Attacks made by you (1-10 points)
Defensive procedures carried out (1-10 points)
Root being obtained (1-10 points) *NOTE* if Root is obtained within 24 hours after the Grace period then there is an very good chance of extra points being given
Variety of attacks being made i.e. Social Engineering (1-10 points)
 (Total of 50 points available during Open Season)

The following points will be awarded after season:

White Paper(s) being submitted (1-10 points)
Quality of White Paper(s) (1-10 points)
Detail of White Paper(s) (1-5 points)
 (Total of 25 points available within the After Season period)

100 Points in total Available

White papers will need to be detailed enough to understand, otherwise the point will not be awarded. Staff has the right to change the rules when wanted and has final say in all decisions.

All White Papers will be the property of Hack3r.com. We will not publicize anything without the entire teams consent. We realize that there may be things that happen or that a team does, that they do not want public. We expect you to keep that edge.

Please send Information regarding all wargames servers to us at wargames@hack3r.com

EPiC Fri Feb 8 23:53:25 2002

King of Root-Wars: Rules of Conduct. 
All Team Members will agree to abide to these guidelines 
----------------------------------------------------------------------------------- 

Basics 
------- 

Each group will consist of no more than 6 players. 

Attacking other boxes found on the network, beside those specifically in the wargames, is strictly forbidden and will forfeit the game. 

All team members are expected to think and act ethically throughout the whole of the games. WARNING: You may need some common sense. 

Do not touch Log files or the Logging features in place. We are not only trying to protect this, but we want to watch the games too. Anyone found doing so will be punished, i.e. points deducted. 

ALL outgoing activity is strictly forbidden from any box within our wargames suite. We do not want anyone launching attacks from our platforms. We are not liable for any activities going on upon the servers, as we do not have control over them. With this, we will aid the authorities if any unlawful acts occur. We will not tolerate any form of nukes, floods or DoS Attacks. We do not want to find any unethical or immoral actions being performed upon our servers. The war games are here for you and your peers to have fun, Learn, and expand your knowledge of "hacking" legally. Please do not turn this into something illegal and ruin it for all of us. 

If you do get root PLEASE DO NOT perform any form of file removal on anything that you have not created. Please remember the servers are here for all of us to learn from. 

There will be a 50 MB quota an all accounts; there is no need for large quotas upon these accounts, as they could risk being abused. 

The accounts are for PERSONAL USE ONLY. If anyone is found giving out account passwords then their account will be IMMEDIATELY removed. 

If you or your team damages a box or it's os beyond simple repair, your team will forfeit the game. If this is a round EPiC is playing in, there will be less of a chance of the box being repaired as he will not have access to them during a game he is playing. 

All team member names must be revealed to H3C. Anyone found concealing the identity of any team member would result in either a point. s deduction or that team forfeiting the game. Once the wargames have started, the team members are set in stone. If any team member decides to leave a team then their place WILL NOT be re-filled. If a team member does decide to leave a team then you must inform wargames@hack3r.com immediately to remove their account. 

Your actions on IRC may be noted and logged. We do not want any abuse towards each others teams in and channels. If anyone is found doing this it may result in a point. s removal or, in some extreme cases, the team will forfeit their game. This goes for general abuse from the team as a whole or a team member towards ANYONE on the hack3r IRC. We don. t want flame wars because of stupid disputes. Any disputes that happen within #roothack (or anywhere else for that matter) will be logged and used for future reference to each teams approach to accusations etc. If there is a dispute within two or more groups that cannot be resolved on their own then it will go to wargames@hack3r.com and neutral parties to decide the outcome. If no winner. is decided then all parties involved will face a 5-point deduction for wasting other peoples time. 

The Idea of the games is to allow anyone who wants the chance to hack something to do so ethically without running of the risk of getting into trouble with the law. We try to promote ethical exploration, rather than malicious cracking. You will be encouraged to obtain root, make files, patch the holes you find or have found, keep others out, and most of all, let us know how you did it. All of these will get you points to win the games. 

We are also starting up some additional games to snap into our servers. Updates of these will be posted on roothack. 

 

Acheron 
---------- 

Each team will be given an individual account on Acheron, a Slackware Linux box. Acheron will be your Gateway to the wargames. Acheron will not be a part of the wargames, except to provide the link to the other boxes. You may use Acheron to store files safely, out of the wargames. You may use Acheron to compile things, and try a remote attack against one of the other wargames boxes if wanted. 

Attacking the security, or trying to compromise Acheron in any way will forfeit the game for your team. Spoofing Acheron in any way will also forfeit your team. All teams should feel that there connection to Acheron is secure. Just as if they were logging in from there home machine to there new server. 

Methods of using other user accounts on Acheron are permitted. You may attempt to gain access to another teams user accounts. All non-wargame accounts are off limits and attempting to compromise them will result in the immediate disqualification of the entire team involved. 

Locking a user or team out of Acheron in any way is not going to be permitted. Since this is there only means to communicate with their server, this is not a fair means of taking over a box or hacking a team. 

From your shell on Acheron, you will have access to the following six machines. These six machines, and these six  machines only are in roothack. 

 

Hades.hack3r.org
------------------
192.168.200.201 

Erinys.hack3r.org
------------------
192.168.200.202 

Erebus.hack3r.org
------------------
192.168.200.203 

Orion.hack3r.org
-----------------
192.168.200.204 

Thrugdush.hack3r.org
-------------------
192.168.200.205

Slut.hack3r.org
------------------
192.168.200.206

 

 

King of The Hill Period
-------------------------

This will start off with the network and routing tables being opened.  At this time all members of the games are free to log into the shell on acheron.

From acheron we will be playing a king of the hill style game,  All the boxes listed above will be open to many vulnerabilities.  Some will be remote,  some will be local.  Guessing accounts and passwords may be required of you to get a local account.   Dont expect to have anything handed to you.

At this time you will want to be launching attacks towards the roothack suite from acheron.  This should be a coordinated attack, and lock down.  

The idea is to gain control of one or more boxes on the network.

Once you have control over a box, you are advised to begin locking the box down.  Patching vulnerable services, closing ports, upgrading kernel, etc.

Teams will not be allowed to deny service in any form to the gateway.

During this time, and for the rest of the games, ALL changes made to the box and services, the team will document. We are not asking for novels, just a white sheet to go by. Soon Roothack will allow you to post these on the page yourself as a team. We want to offer you all the resources to communicate securely, and post white papers to receive points. 

Teams are not allowed to install any sort of nonexec stack patch, or stack guard. This would include updating the kernel to the NSA Kernel. 

Under No circumstances are you to remove the wargames staff account on any box. The passwords are secure and will not need to be changed either. If telnet is the only option you have running, Staff will not connect to the shell and risk being sniffed. Do not worry about the security of the staff account. 

Once all of the boxes in the rootwars suite are spoken for, and each team is ready, We will begin into the grace period of the normal rootwars rules.

 

Grace Period 
--------------------- 

Grace period will start with each team being given root on a machine of which they do not know the OS. Before any changes are made to the machine, you will need to Document the OS, and version. 

Grace period will last for 24 hours, in which each team will be given a chance to begin securing the box. Use this time to get to know the OS, and get services secured and locked down. 

During this time all boxes in the rootwars suite are to be treated as if they are unplugged. In the real world, you would be securing your box to the best of your ability before you plugged the cat5 in. 

The grace period is designed to allow you that time to secure your box without threat from anyone. Any form of attack made on any of the wargames boxes during the Grace Period will forfeit the offending team's game. 

Social Engineering is acceptable during the Grace Period, HOWEVER this does not mean that attacking, i.e. logging onto a system with a password that was obtained by SE, this will result in an immediate disqualification from the game. If the SE'd password is used after the grace period however, this is acceptable. This goes for any other method of password retrieval within the Grace Period. 

Sniffing is also not tolerated during the grace period. We know that users are still using telnet to get ssh up and possibly testing plain text backdoors. 

During this time, and for the rest of the games, ALL changes made to the box and services, the team will document. We are not asking for novels, just a white sheet to go by. Soon Roothack will allow you to post these on the page yourself as a team. We want to offer you all the resources to communicate securely, and post white papers to receive points. 

Teams are not allowed to install any sort of nonexec stack patch, or stack guard. This would include updating the kernel to the NSA Kernel. 

Under No circumstances are you to remove the wargames staff account on any box. The passwords are secure and will not need to be changed either. If telnet is the only option you have running, Staff will not connect to the shell and risk being sniffed. Do not worry about the security of the staff account. 

Before open season begins, your team is to have 3 active services open. This includes ssh. You may choose what you open up. 

 

Open Season 
----------------- 

We would suggest you divide your team up, into one group who tries to compromise the other teams, and one group that keeps your own box from being compromised. After the 24 hour Grace Period, Open season will commence. This is where it is now fair game to hack another wargames box. Remember, others can now hack you. 

During the Open Season, keep a diary or some form of log of what went on each day, i.e. attacks being made. A good idea is to have one team member who writes well responsible for posting your whitepapers to wargames@hack3r.com The write ups are how you will be awarded points. These are not novels, just a simple explanation of what you did and why. 

Although many attacks are permitted within open season, there are obvious attacks that are strictly forbidden within the games. This is mainly ALL forms of Denial of Service attacks. Any team found doing such an attack would be immediately disqualified from the games. 

As open Season is going, each team in control of each box will be asked to install and secure new services. This could mean it is your turn to run an anonymous ftp, or possibly a web server. Again, these are not elaborate services, simply open it and secure it. During this time, you will want to be submitting your white papers to wargames@hack3r.com; this is where team will get points.

Each game will last between1-3 weeks, keep in mind a team could be out of the game immediately after the grace period, if there box is compromised, and they can not get it back. 

Be prepared to have to allow vulnerable services, when we tell you to install a service like FTP, it will most likely be an outdated, vulnerable version, the other teams will not know when and what you are installing. However, maybe they will. 

 

Points Structure 
-------------------- 

The Points Structure is based around your performance during the games. This includes, Securing the box, patches, compromising another teams box etc. All places to which points can be gained are based on a 1-10 system, 1 being the lowest and 10 being the highest. The team with the most points at the end wins. 

The following points during the Grace Period will be awarded: 

General Security of the box (1-5 points) 
Identifying the correct OS and Versions (written in a white paper)(1-5 points) 
Identifying problems with outdated vulnerable services (1-5 points) 
Specific security vulnerabilities fixed (1-10 points)
 (Total of 25 points available during grace period) 

The following points during the Open Season will be awarded: 

Up to date accounts of what's been happening (1-5 points)
Handling of attacks made upon you (1-5 points)
Attacks made by you (1-10 points)
Defensive procedures carried out (1-10 points)
Root being obtained (1-10 points) *NOTE* if Root is obtained within 24 hours after the Grace period then there is an very good chance of extra points being given
Variety of attacks being made i.e. Social Engineering (1-10 points)
 (Total of 50 points available during Open Season)

The following points will be awarded after season:

White Paper(s) being submitted (1-10 points)
Quality of White Paper(s) (1-10 points)
Detail of White Paper(s) (1-5 points)
 (Total of 25 points available within the After Season period)

100 Points in total Available

White papers will need to be detailed enough to understand, otherwise the point will not be awarded. Staff has the right to change the rules when wanted and has final say in all decisions.

All White Papers will be the property of Hack3r.com. We will not publicize anything without the entire teams consent. We realize that there may be things that happen or that a team does, that they do not want public. We expect you to keep that edge.

Please send Information regarding all wargames servers to us at wargames@hack3r.com

EPiC Fri Feb 8 23:53:25 2002