Thank you to all those who participated in the Fall 2015.
Thank you as well to all of our sponsors and volunteers that made this event possible.
Your top three teams are:
First Place – Team 2: Team Soviet Bear
Second Place – Team 1: echo red_team|/dev/null(“cannot”change)
Third Place – Team 9: Dangling Pointers
Registration is open at signup.iseage.org. There will be a kick-off on Wednesday, Sept. 2 at 6 PM in the Coover auditorium (Coover 2245). The competition will be on Saturday, September 26 and remote setup will tentatively open on Friday, September 4. More information can be found here.
The National Cyber Defense Competition was this Saturday. Thank you to the eleven teams that competed!
First Place (left): Team 2 Smash the Stack from Iowa State University
Second Place (right): Team 7 Team GNU/Awesome from Iowa State University
Third Place (left): Team 4 Behind 9 Proxies from Kansas State University
Team 1 CARL (right)
Team 2 Smash the Stack from Iowa State (left)
Team 3 CatBear from Northwest Missouri State University (right)
Team 4 Behind 9 Proxies from Kansas State University (left)
Team 5 Flaming Trex from Kirkwood Community College (right)
Team 7 Team GNU/Awesome from Iowa State University (left)
Team 8 BROForce from University of Nebraska Omaha (right)
Team 9 403 Forbidden from University of Northern Iowa (left)
Team 10 Children of the Kernel from Upper Iowa University (right)
Team 11 sI Train from University of Northern Iowa (left)
Team 12 99 Problems But Security Ain’t One from Des Moines Area Community College (right)
Thank you to all who participated in the 2014 Community College CDC!
Below are the images of the teams from the 2014 Fall ISU CDC. Thanks to all who participated! We had over 75 participants and 16 teams.
We would like to especially thank our sponsors, Boeing and PricewaterhouseCoopers for their generous support!
Left: PricewaterhouseCoopers; Right: Boeing
Left: First Place, Team 1; Right: Second Place, Team 17
Left: Third Place, Team 1; Right: Team 1, Team Awesome
Left: Team 2, 414 – Expectation Failed; Right: Team 4, Initech
Left: Team 5, 404 Team Not Found; Right: Team 7, Smash the Stack
Left: Team 9, Mods Mods Mods Mods; Right: Team 10, GGnoRE
Left: Team 11, Eccentric Dolphin Kickers; Right: Team 12, BetaTeam
Left: Team 13, Out Cloud Is Leaking; Right: Team 15: Red Pandas
Left: Team 17, CARL FOR THE WIN; Right: The Krusty Clowns
The provided images are now available for download. Keep in mind these images have vulnerabilities and should not be run in sensitive environments!
https://download.iseage.org/provided_images/ISUCDC14/
The anomalies are also available at the link above.
The VMs can be run using the free VMware Player or the non-free VMware Workstation, which may be provided by your academic institution. If you’d like to run these on a local ESXi server instead, grab VMware vCenter Converter Standalone to convert them to the correct format. (You’ll need to register a free account with VMware to download ESXi and vCenter Converter).
The provided images from the 2014 IT-Olympics CDC are now available for download. Keep in mind these images have vulnerabilities and should not be run in sensitive environments!
IT-O 14 Web | IT-O 14 TMS | IT-O 14 Shell | IT-O 14 RDP
The files are also mirrored here: link
The VMs can be run using the free VMware Player
It can be accessed on the competition network at http://blue.isucdc.net/ or you can download it here: shell_test.sh
In a command prompt, navigate to the AdminScripts directory (probably C:\Inetpub\AdminScripts\) and run the following:
cscript adsutil.vbs set msftpsvc/DefaultLogonDomain teamN.isucdc.com
where N is your team number.
Using the LDAP plugin available for PAM, it’s possible to do LDAP authentication without joining the domain. Note however that this requires installing Identity Management for Unix on your domain controllers. See this tutorial for more information.
Before we proceed, it’s a good idea to take a snapshot. I’ll wait for you to do that.
Okay, let’s install the required packages:
apt-get install libnss-ldapd libpam-ldapd
Now edit /etc/nslcd.conf. This assumes the user you created for binding to AD is named “ldap”.
# /etc/nslcd.conf # nslcd configuration file. See nslcd.conf(5) # for details. # The user and group nslcd should run as. uid nslcd gid nslcd # The location at which the LDAP server(s) should be reachable. uri ldap://teamN.isucdc.com # The search base that will be used for all queries. base dc=teamN,dc=isucdc,dc=com # The LDAP protocol version to use. ldap_version 3 # The DN to bind with for normal lookups. binddn ldap@teamN.isucdc.com bindpw <password> # The DN used for password modifications by root. # Leave this blank unless you want to allow password changes from your debian systems # If so, you will need to place the password in /etc/ldap.secret - be sure it is only readable by root #rootpwmoddn cn=admin,dc=example,dc=com # The search scope. scope sub # Mappings for Active Directory # This is the important bit; these fields match up with the fields added by Directory Services for UNIX pagesize 1000 #referrals no filter passwd (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*)) map passwd uid sAMAccountName map passwd homeDirectory unixHomeDirectory map passwd gecos displayName # If you wish to override the shell given by LDAP, uncomment the next line #map passwd loginShell "/bin/bash" filter shadow (&(&(objectClass=person)(uidNumber=*))(unixHomeDirectory=*)) map shadow uid sAMAccountName map shadow shadowLastChange pwdLastSet filter group (&(objectClass=group)(gidNumber=*)) #map group gid member # SSL options tls_reqcert never #ssl start_tls #ssl on #tls_cacertfile /etc/ssl/ca.pem
After you edit this file, restart nslcd and nscd:
service nslcd restart service nscd restart
Now edit /etc/nsswitch.conf:
# /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files ldap group: files ldap shadow: files ldap hosts: files dns ldap networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis
Make sure LDAP authentication is enabled by running
pam-auth-update
In /etc/pam.d/common-session, add the following at the bottom of the file. This will make home directories for users that have never logged in before. Be careful – mis-editing PAM configuration could permanently lock you out of your system! Take a snapshot before proceeding.
# make home directories session required pam_mkhomedir.so skel=/etc/skel/ umask=0077
This umask will prevent users from reading each others’ home directories. If you’d prefer to be more open, use umask=0022 instead.
You can test this out by restarting sshd (service ssh restart) or by rebooting. If you managed to accidentally completely lock yourself out, revert to that snapshot you took earlier.