Finally went to the CarolinaCon. I loved it. It was good to see all the 2600 crew again, and meet all the new people that have joined in the last few months. It’s sad that I work swings now and am unable to attend any of the meetings. They didn’t make me a staff badge though… 🙁 Althought, they promised me that they would send it to me as soon as possible. I really should have given a presentation…
Things of interest… they had a “Capture the Flag – Hacker Style” contest. Basically, they had two computers. A linux machine (Fedora Core 3) and a Windows 2000 Server machine. Both had default installs on them. The files were in a web server directory and another server basically tracks who’s name is currently in the file and times who has it the longest. I first social engineered the windows box (basically asked questions and found out there was a user account, and was able to get the password.) Easy enough, and I became first on the boards. However, while we were laughing about it, two others heard me mention it and they logged in and stole my thunder by stealing the account back. (One of them, TXS, locked the account so he stole it back. He kept it for about a hour while I worked on the linux box. I used a metasploit exploit to get the box back, and kept it for the rest of the night. (Setup a job to continually replace any file with mine 🙂 The fedora box stayed locked down until near the end when I got sick of it and did it the easy way. (Single mode, anyone?) So, while I ended up with my name on both boxes, TXS had the windows box for longer than I, so by default he wins. (Kinda annoying since I gave him the password! Oh well, I was told it at first too, so I can’t complain. At least I ended up taking it with a real exploit later… even if it does make me just a script kiddy)
Anyway… I got into some really got conversations with people about what I want to do when I get out. One of the guys is a game tester and works with a bunch of the developers for some MMO games, so he was able to give me a good idea of what they go through. I might have to go to work with him one day to check it out.
All in all, it was a great conference, and there should be some great pictures once they put them up. I’ll post some once I see them. I’ll also post the results of the Capture the Flag when they post it officially. So, now after spending all day having fun, I’m working all night. Guess it’s Karma.
Anyway, I guess this is long enough now. I’ll go look for something else to keep me awake now. Peace!