Root-Wars: Rules of Conduct.
All Team Members will agree to abide to these guidelines
-----------------------------------------------------------------------------------
Basics
-------
Each Team can consist of 2 to 6 players.
Attacking other boxes found on the network, beside those specifically in the
wargames, is strictly forbidden and will forfeit the game.
All team members are expected to think and act ethically throughout the whole
of the games. WARNING: You may need some common sense.
Do not touch Log files or the Logging features in place. We are not only
trying to protect this, but we want to watch the games too. Anyone found doing
so will be punished, i.e. points deducted.
ALL outgoing activity is strictly forbidden from any box within our wargames
suite. We do not want anyone launching attacks from our platforms. We are not
liable for any activities going on upon the servers, as we do not have control
over them. With this, we will aid the authorities if any unlawful acts occur. We
will not tolerate any form of nukes, floods or DoS Attacks. We do not want to
find any unethical or immoral actions being performed upon our servers. The war
games are here for you and your peers to have fun, Learn, and expand your
knowledge of "hacking" legally. Please do not turn this into something
illegal and ruin it for all of us.
If you do get root PLEASE DO NOT perform any form of file removal on anything
that you have not created. Please remember the servers are here for all of us to
learn from.
There will be a 50 MB quota an all accounts; there is no need for large
quotas upon these accounts, as they could risk being abused.
The accounts are for PERSONAL USE ONLY. If anyone is found giving out account
passwords then their account will be IMMEDIATELY removed.
If you or your team damages a box or it's os beyond simple repair, your team
will forfeit the game. If this is a round EPiC is playing in, there will be less
of a chance of the box being repaired as he will not have access to them during
a game he is playing.
All team member names must be revealed to H3C. Anyone found concealing the
identity of any team member would result in either a point. s deduction or that
team forfeiting the game. Once the wargames have started, the team members are
set in stone. If any team member decides to leave a team then their place WILL
NOT be re-filled. If a team member does decide to leave a team then you must
inform wargames@hack3r.com
immediately to remove their account.
Your actions on IRC may be noted and logged. We do not want any abuse towards
each others teams in and channels. If anyone is found doing this it may result
in a point. s removal or, in some extreme cases, the team will forfeit their
game. This goes for general abuse from the team as a whole or a team member
towards ANYONE on the hack3r IRC. We don. t want flame wars because of stupid
disputes. Any disputes that happen within #roothack (or anywhere else for that
matter) will be logged and used for future reference to each teams approach to
accusations etc. If there is a dispute within two or more groups that cannot be
resolved on their own then it will go to wargames@hack3r.com
and neutral parties to decide the outcome. If no winner. is decided then all
parties involved will face a 5-point deduction for wasting other peoples
time.
The Idea of the games is to allow anyone who wants the chance to hack
something to do so ethically without running of the risk of getting into trouble
with the law. We try to promote ethical exploration, rather than malicious
cracking. You will be encouraged to obtain root, make files, patch the holes you
find or have found, keep others out, and most of all, let us know how you did
it. All of these will get you points to win the games.
We are also starting up some additional games to snap into our servers.
Updates of these will be posted on roothack.
Cerebus
----------
Each team will be given an individual account on Cerebus, a Slackware Linux box.
Cerebus will be your Gateway to your teams server. Cerebus will not be a part of
the wargames, except to provide the link to the other boxes. You may use Cerebus
to store files safely, out of the wargames. You may use Cerebus to compile
things, and try a remote attack against one of the other wargames boxes if
wanted.
Attacking the security, or trying to compromise Cerebus in any way will
forfeit the game for your team. Spoofing Cerebus in any way will also forfeit
your team. All teams should feel that there connection to Cerebus is secure.
Just as if they were logging in from there home machine to there new
server.
Methods of using other user accounts on Cerebus are permitted. You may
attempt to gain access to another teams user accounts. All non-wargame accounts
are off limits and attempting to compromise them will result in the immediate
disqualification of the entire team involved.
Locking a user or team out of Cerebus in any way is not going to be
permitted. Since this is there only means to communicate with their server, this
is not a fair means of taking over a box or hacking a team.
From your shell on Cerebus, you will have access to the following four
machines. These four machines, and these four machines only are in
roothack.
Hades
----------
192.168.200.201
Erinys
----------
192.168.200.202
Erebus
----------
192.168.200.203
Orion
---------
192.168.200.204
Grace Period
---------------------
Grace period will start with each team being given root on a machine of which
they do not know the OS. Before any changes are made to the machine, you will
need to Document the OS, and version.
Grace period will last for 24 hours, in which each team will be given a
chance to begin securing the box. Use this time to get to know the OS, and get
services secured and locked down.
During this time all boxes in the rootwars suite are to be treated as if they
are unplugged. In the real world, you would be securing your box to the best of
your ability before you plugged the cat5 in.
The grace period is designed to allow you that time to secure your box without
threat from anyone. Any form of attack made on any of the wargames boxes during
the Grace Period will forfeit the offending team's game.
Social Engineering is acceptable during the Grace Period, HOWEVER this does
not mean that attacking, i.e. logging onto a system with a password that was
obtained by SE, this will result in an immediate disqualification from the game.
If the SE'd password is used after the grace period however, this is acceptable.
This goes for any other method of password retrieval within the Grace
Period.
Sniffing is also not tolerated during the grace period. We know that users are
still using telnet to get ssh up and possibly testing plain text
backdoors.
During this time, and for the rest of the games, ALL changes made to the box
and services, the team will document. We are not asking for novels, just a white
sheet to go by. Soon Roothack will allow you to post these on the page yourself
as a team. We want to offer you all the resources to communicate securely, and
post white papers to receive points.
Teams are not allowed to install any sort of nonexec stack patch, or stack
guard. This would include updating the kernel to the NSA Kernel.
Under No circumstances are you to remove the wargames staff account on any
box. The passwords are secure and will not need to be changed either. If telnet
is the only option you have running, Staff will not connect to the shell and
risk being sniffed. Do not worry about the security of the staff account.
Before open season begins, your team is to have 3 active services open. This
includes ssh. You may choose what you open up.
Open Season
-----------------
We would suggest you divide your team up, into one group who tries to
compromise the other teams, and one group that keeps your own box from being
compromised. After the 24 hour Grace Period, Open season will commence. This is
where it is now fair game to hack another wargames box. Remember, others can now
hack you.
During the Open Season, keep a diary or some form of log of what went on each
day, i.e. attacks being made. A good idea is to have one team member who writes
well responsible for posting your whitepapers to wargames@hack3r.com
The write ups are how you will be awarded points. These are not novels, just a
simple explanation of what you did and why.
Although many attacks are permitted within open season, there are obvious
attacks that are strictly forbidden within the games. This is mainly ALL forms
of Denial of Service attacks. Any team found doing such an attack would be
immediately disqualified from the games.
As open Season is going, each team in control of each box will be asked to
install and secure new services. This could mean it is your turn to run an
anonymous ftp, or possibly a web server. Again, these are not elaborate
services, simply open it and secure it. During this time, you will want to be
submitting your white papers to wargames@hack3r.com; this is where team will get
points.
Each game will last between1-3 weeks, keep in mind a team could be out of the
game immediately after the grace period, if there box is compromised, and they
can not get it back.
Be prepared to have to allow vulnerable services, when we tell you to install
a service like FTP, it will most likely be an outdated, vulnerable version, the
other teams will not know when and what you are installing. However, maybe they
will.
Points Structure
--------------------
The Points Structure is based around your performance during the games. This
includes, Securing the box, patches, compromising another teams box etc. All
places to which points can be gained are based on a 1-10 system, 1 being the
lowest and 10 being the highest. The team with the most points at the end
wins.
The following points during the Grace Period will be awarded:
General Security of the box (1-5 points)
Identifying the correct OS and Versions (written in a white paper)(1-5
points)
Identifying problems with outdated vulnerable services (1-5 points)
Specific security vulnerabilities fixed (1-10 points)
(Total of 25 points available during grace period)
The following points during the Open Season will be awarded:
Up to date accounts of what's been happening (1-5 points)
Handling of attacks made upon you (1-5 points)
Attacks made by you (1-10 points)
Defensive procedures carried out (1-10 points)
Root being obtained (1-10 points) *NOTE* if Root is obtained within 24 hours
after the Grace period then there is an very good chance of extra points being
given
Variety of attacks being made i.e. Social Engineering (1-10 points)
(Total of 50 points available during Open Season)
The following points will be awarded after season:
White Paper(s) being submitted (1-10 points)
Quality of White Paper(s) (1-10 points)
Detail of White Paper(s) (1-5 points)
(Total of 25 points available within the After Season period)
100 Points in total Available
White papers will need to be detailed enough to understand, otherwise the
point will not be awarded. Staff has the right to change the rules when wanted
and has final say in all decisions.
All White Papers will be the property of Hack3r.com. We will not publicize
anything without the entire teams consent. We realize that there may be things
that happen or that a team does, that they do not want public. We expect you to
keep that edge.
Please send Information regarding all wargames servers to us at
wargames@hack3r.com
King of Root-Wars: Rules of Conduct.
All Team Members will agree to abide to these guidelines
-----------------------------------------------------------------------------------
Basics
-------
Each group will consist of no more than 6 players.
Attacking other boxes found on the network, beside those specifically in the
wargames, is strictly forbidden and will forfeit the game.
All team members are expected to think and act ethically throughout the whole
of the games. WARNING: You may need some common sense.
Do not touch Log files or the Logging features in place. We are not only
trying to protect this, but we want to watch the games too. Anyone found doing
so will be punished, i.e. points deducted.
ALL outgoing activity is strictly forbidden from any box within our wargames
suite. We do not want anyone launching attacks from our platforms. We are not
liable for any activities going on upon the servers, as we do not have control
over them. With this, we will aid the authorities if any unlawful acts occur. We
will not tolerate any form of nukes, floods or DoS Attacks. We do not want to
find any unethical or immoral actions being performed upon our servers. The war
games are here for you and your peers to have fun, Learn, and expand your
knowledge of "hacking" legally. Please do not turn this into something
illegal and ruin it for all of us.
If you do get root PLEASE DO NOT perform any form of file removal on anything
that you have not created. Please remember the servers are here for all of us to
learn from.
There will be a 50 MB quota an all accounts; there is no need for large
quotas upon these accounts, as they could risk being abused.
The accounts are for PERSONAL USE ONLY. If anyone is found giving out account
passwords then their account will be IMMEDIATELY removed.
If you or your team damages a box or it's os beyond simple repair, your team
will forfeit the game. If this is a round EPiC is playing in, there will be less
of a chance of the box being repaired as he will not have access to them during
a game he is playing.
All team member names must be revealed to H3C. Anyone found concealing the
identity of any team member would result in either a point. s deduction or that
team forfeiting the game. Once the wargames have started, the team members are
set in stone. If any team member decides to leave a team then their place WILL
NOT be re-filled. If a team member does decide to leave a team then you must
inform wargames@hack3r.com
immediately to remove their account.
Your actions on IRC may be noted and logged. We do not want any abuse towards
each others teams in and channels. If anyone is found doing this it may result
in a point. s removal or, in some extreme cases, the team will forfeit their
game. This goes for general abuse from the team as a whole or a team member
towards ANYONE on the hack3r IRC. We don. t want flame wars because of stupid
disputes. Any disputes that happen within #roothack (or anywhere else for that
matter) will be logged and used for future reference to each teams approach to
accusations etc. If there is a dispute within two or more groups that cannot be
resolved on their own then it will go to wargames@hack3r.com
and neutral parties to decide the outcome. If no winner. is decided then all
parties involved will face a 5-point deduction for wasting other peoples
time.
The Idea of the games is to allow anyone who wants the chance to hack
something to do so ethically without running of the risk of getting into trouble
with the law. We try to promote ethical exploration, rather than malicious
cracking. You will be encouraged to obtain root, make files, patch the holes you
find or have found, keep others out, and most of all, let us know how you did
it. All of these will get you points to win the games.
We are also starting up some additional games to snap into our servers.
Updates of these will be posted on roothack.
Acheron
----------
Each team will be given an individual account on Acheron, a Slackware Linux box.
Acheron will be your Gateway to the wargames. Acheron will not be a part of
the wargames, except to provide the link to the other boxes. You may use Acheron
to store files safely, out of the wargames. You may use Acheron to compile
things, and try a remote attack against one of the other wargames boxes if
wanted.
Attacking the security, or trying to compromise Acheron in any way will
forfeit the game for your team. Spoofing Acheron in any way will also forfeit
your team. All teams should feel that there connection to Acheron is secure.
Just as if they were logging in from there home machine to there new
server.
Methods of using other user accounts on Acheron are permitted. You may
attempt to gain access to another teams user accounts. All non-wargame accounts
are off limits and attempting to compromise them will result in the immediate
disqualification of the entire team involved.
Locking a user or team out of Acheron in any way is not going to be
permitted. Since this is there only means to communicate with their server, this
is not a fair means of taking over a box or hacking a team.
From your shell on Acheron, you will have access to the following six machines. These
six machines, and these six machines only are in
roothack.
Hades.hack3r.org
------------------
192.168.200.201
Erinys.hack3r.org
------------------
192.168.200.202
Erebus.hack3r.org
------------------
192.168.200.203
Orion.hack3r.org
-----------------
192.168.200.204
Thrugdush.hack3r.org
-------------------
192.168.200.205
Slut.hack3r.org
------------------
192.168.200.206
King of The Hill Period
-------------------------
This will start off with the network and routing tables being opened. At
this time all members of the games are free to log into the shell on acheron.
From acheron we will be playing a king of the hill style game, All
the boxes listed above will be open to many vulnerabilities. Some will
be remote, some will be local. Guessing accounts and passwords may
be required of you to get a local account. Dont expect to have
anything handed to you.
At this time you will want to be launching attacks towards the roothack
suite from acheron. This should be a coordinated attack, and lock
down.
The idea is to gain control of one or more boxes on the network.
Once you have control over a box, you are advised to begin locking the box
down. Patching vulnerable services, closing ports, upgrading kernel,
etc.
Teams will not be allowed to deny service in any form to the gateway.
During this time, and for the rest of the games, ALL changes made to the box
and services, the team will document. We are not asking for novels, just a white
sheet to go by. Soon Roothack will allow you to post these on the page yourself
as a team. We want to offer you all the resources to communicate securely, and
post white papers to receive points.
Teams are not allowed to install any sort of nonexec stack patch, or stack
guard. This would include updating the kernel to the NSA Kernel.
Under No circumstances are you to remove the wargames staff account on any
box. The passwords are secure and will not need to be changed either. If telnet
is the only option you have running, Staff will not connect to the shell and
risk being sniffed. Do not worry about the security of the staff account.
Once all of the boxes in the rootwars suite are spoken for, and each team
is ready, We will begin into the grace period of the normal rootwars rules.
Grace Period
---------------------
Grace period will start with each team being given root on a machine of which
they do not know the OS. Before any changes are made to the machine, you will
need to Document the OS, and version.
Grace period will last for 24 hours, in which each team will be given a
chance to begin securing the box. Use this time to get to know the OS, and get
services secured and locked down.
During this time all boxes in the rootwars suite are to be treated as if
they are unplugged. In the real world, you would be securing your box to the
best of your ability before you plugged the cat5 in.
The grace period is designed to allow you that time to secure your box without
threat from anyone. Any form of attack made on any of the wargames boxes
during the Grace Period will forfeit the offending team's game.
Social Engineering is acceptable during the Grace Period, HOWEVER this does
not mean that attacking, i.e. logging onto a system with a password that was
obtained by SE, this will result in an immediate disqualification from the
game. If the SE'd password is used after the grace period however, this is
acceptable. This goes for any other method of password retrieval within the
Grace Period.
Sniffing is also not tolerated during the grace period. We know that users are
still using telnet to get ssh up and possibly testing plain text backdoors.
During this time, and for the rest of the games, ALL changes made to the
box and services, the team will document. We are not asking for novels, just a
white sheet to go by. Soon Roothack will allow you to post these on the page
yourself as a team. We want to offer you all the resources to communicate
securely, and post white papers to receive points.
Teams are not allowed to install any sort of nonexec stack patch, or stack
guard. This would include updating the kernel to the NSA Kernel.
Under No circumstances are you to remove the wargames staff account on any
box. The passwords are secure and will not need to be changed either. If
telnet is the only option you have running, Staff will not connect to the
shell and risk being sniffed. Do not worry about the security of the staff
account.
Before open season begins, your team is to have 3 active services open.
This includes ssh. You may choose what you open up.
Open Season
-----------------
We would suggest you divide your team up, into one group who tries to
compromise the other teams, and one group that keeps your own box from being
compromised. After the 24 hour Grace Period, Open season will commence. This is
where it is now fair game to hack another wargames box. Remember, others can now
hack you.
During the Open Season, keep a diary or some form of log of what went on each
day, i.e. attacks being made. A good idea is to have one team member who writes
well responsible for posting your whitepapers to wargames@hack3r.com
The write ups are how you will be awarded points. These are not novels, just a
simple explanation of what you did and why.
Although many attacks are permitted within open season, there are obvious
attacks that are strictly forbidden within the games. This is mainly ALL forms
of Denial of Service attacks. Any team found doing such an attack would be
immediately disqualified from the games.
As open Season is going, each team in control of each box will be asked to
install and secure new services. This could mean it is your turn to run an
anonymous ftp, or possibly a web server. Again, these are not elaborate
services, simply open it and secure it. During this time, you will want to be
submitting your white papers to wargames@hack3r.com; this is where team will get
points.
Each game will last between1-3 weeks, keep in mind a team could be out of the
game immediately after the grace period, if there box is compromised, and they
can not get it back.
Be prepared to have to allow vulnerable services, when we tell you to install
a service like FTP, it will most likely be an outdated, vulnerable version, the
other teams will not know when and what you are installing. However, maybe they
will.
Points Structure
--------------------
The Points Structure is based around your performance during the games. This
includes, Securing the box, patches, compromising another teams box etc. All
places to which points can be gained are based on a 1-10 system, 1 being the
lowest and 10 being the highest. The team with the most points at the end
wins.
The following points during the Grace Period will be awarded:
General Security of the box (1-5 points)
Identifying the correct OS and Versions (written in a white paper)(1-5
points)
Identifying problems with outdated vulnerable services (1-5 points)
Specific security vulnerabilities fixed (1-10 points)
(Total of 25 points available during grace period)
The following points during the Open Season will be awarded:
Up to date accounts of what's been happening (1-5 points)
Handling of attacks made upon you (1-5 points)
Attacks made by you (1-10 points)
Defensive procedures carried out (1-10 points)
Root being obtained (1-10 points) *NOTE* if Root is obtained within 24 hours
after the Grace period then there is an very good chance of extra points being
given
Variety of attacks being made i.e. Social Engineering (1-10 points)
(Total of 50 points available during Open Season)
The following points will be awarded after season:
White Paper(s) being submitted (1-10 points)
Quality of White Paper(s) (1-10 points)
Detail of White Paper(s) (1-5 points)
(Total of 25 points available within the After Season period)
100 Points in total Available
White papers will need to be detailed enough to understand, otherwise the
point will not be awarded. Staff has the right to change the rules when wanted
and has final say in all decisions.
All White Papers will be the property of Hack3r.com. We will not publicize
anything without the entire teams consent. We realize that there may be things
that happen or that a team does, that they do not want public. We expect you to
keep that edge.
Please send Information regarding all wargames servers to us at
wargames@hack3r.com