Fall 2023

NOTE: Any instance of <T> represents your team number. For example, if you're on Team 8, 172.18.13.<T> translates to 172.18.13.8

DNS

Internal and External DNS server serving as the digital phonebook for your network. Some assembly required!

Service Requirements

DNS should be available internally at 192.168.<T>.12
DNS should be available externally at 172.18.13.<T>
DNS Forward lookups for the following domain names point to the corresponding IP.
DNS Reverse lookups for the following IP Addresses point to the corresponding domain name

Scoring Details

DNS

Required Domains:

DNS Address	IP	Description
`ns1.team<T>.cnyhackathon.org`	`172.18.13.<T>`	Public DNS Nameserver
`www.team<T>.cnyhackathon.org`	`172.18.13.<T>`	Public Web Nameserver
`shell.team<T>.cnyhackathon.org`	`172.18.14.<T>`	Public SSH server
`files.team<T>.cnyhackathon.org`	`172.18.14.<T>`	Public File Share
`www.team<T>.net`	`192.168.<T>.5`	Internal Alias for Web server
`db.team<T>.net`	`192.168.<T>.7`	Internal Alias for MySQL server
`ns1.team<T>.net`	`192.168.<T>.12`	Internal Alias for DNS Server

Note that <T> represents the team's number

DNS Lookup (External)

The above addresses containing .cnyhackathon.org should be publicly available and will be scored through the router, and checked for both forward and reverse lookups.

Green: Domain names resolved correctly
Yellow: DNS Server was queried, but one or more IPs or domain names did not resolve correctly
Red: Could not connect to DNS server, or all domain names were missing

DNS Lookup (Internal)

The above addresses containing .team<T>.net will be scored from inside the participant's network, and checked for both forward and reverse lookups.

Green: IPs resolved correctly
Yellow: DNS Server was queried, but one or more IPs or domain names did not resolve correctly
Red: Could not connect to DNS server, or all IPs were missing

Web

A suspiciously sourced PHP Web Application with a MySQL backend Database. The docs said the config file is found in /var/www/html and the MySQL database can be recovered using the setup file betterblog.sql, but not much else. It also claimed to be “super secure” when configured correctly, whatever that means.

Service Requirements

Web Server stays up
MySQL connection stays available to web server
Web content is correct (no errors) and fully functional
Scoring User is able to log in and use site as expected

Scoring Details

WWW

Note that all Web checks are scored through the router

Web Scoring User: tester
Web Scoring Password: testtesttest

WWW Content

Green: Page is served and no errors (Full functionality)
Yellow: Page is served with errors (Limited functionality, site is still up)
Red: Web Server is inaccessible

WWW SSL

The Root CA cert for the ca.cnyhackathon.org server has the hash 761e8fbafabceac17680a28c82a097d2.

A valid certificate can be generated by using the following command:

certbot --server  https://ca.cnyhackathon.org/acme/acme/directory

Warning: Certbot will add a random sleep delay when run non-interactively. When automating certbot SSL renewal, use the flag --no-random-sleep-on-renew to ensure the check runs within the allotted time, as our renewal window is shorter than a standard certificate.

NOTE: The domain www.team<T>.cnyhackathon.org will be resolved using the participants DNS server!

Green: Page is served with a valid SSL certificate for the domain www.team<T>.cnyhackathon.org.
Yellow: HTTP content is served using SSL and an invalid certificate
Red: HTTP content is not served over SSL

Mysql

Data storage server used to power the web application. An initial backup of the MySQL database was taken and stored at /root/betterblog.sql. The data is synced to the QA department via an automated task that reads MySQL directly. The QA Department occasionally writes data back to the database as well.

Service Requirements

The MySql Scoring user is able to log into MySQL
The MySql Scoring user can Read data
The MySql Scoring user can Write data

Scoring Details

MySQL

The MySQL services are scored from the internal team network, using the internal IP address of 192.168.<T>.7.

MySQL scoring user: betterblog
MySQL scoring password: betterblog!
MySQL Scoring user can login, read and write to the database betterblog
MySQL Scoring user can login, read and write to the table posts

Recovery Instructions

MySQL Commands for restoring the database schema:

mysql betterblog -u betterblog -p < /root/betterblog.sql

MySQL

Green: MySQL scoring user is able to connect, authenticate, read and write data
Yellow: MySQL is accessible, but the scoring user is unable to authenticate or read/write data
Red: MySql is inaccessible

SSH & FTP

Established Shell Server and File Share for staff and external associates, and must be kept online at all costs.

Service Requirements

Scoring Users are able to successfully SSH using Public Key Authentication.

Scoring Details

SSH

SSH Scoring Users:
- night_in_the_woods
- starship_troopers_terran_command
- angry_birds_2
- planet_crafter
- beat_saber
- monument_valley
- return_of_the_obra_dinn
- hollow_knight
- rimworld
- subnautica
- deaths_door
- gunfire_reborn
- pokemon_go
- cities_skylines
Scoring Public Key:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcM4aDj8Y4COv+f8bd2WsrIynlbRGgDj2+q9aBeW1Umj5euxnO1vWsjfkpKnyE/ORsI6gkkME9ojAzNAPquWMh2YG+n11FB1iZl2S6yuZB7dkVQZSKpVYwRvZv2RnYDQdcVnX9oWMiGrBWEAi4jxcYykz8nunaO2SxjEwzuKdW8lnnh2BvOO9RkzmSXIIdPYgSf8bFFC7XFMfRrlMXlsxbG3u/NaFjirfvcXKexz06L6qYUzob8IBPsKGaRjO+vEdg6B4lH1lMk1JQ4GtGOJH6zePfB6Gf7rp31261VRfkpbpaDAznTzh7bgpq78E7SenatNbezLDaGq3Zra3j53u7XaSVipkW0S3YcXczhte2J9kvo6u6s094vrcQfB9YigH4KhXpCErFk08NkYAEJDdqFqXIjvzsro+2/EW1KKB9aNPSSM9EZzhYc+cBAl4+ohmEPej1m15vcpw3k+kpo1NC2rwEXIFxmvTme1A2oIZZBpgzUqfmvSPwLXF0EyfN9Lk= SCORING KEY DO NOT REMOVE

Green: Scoring Users are able to log in via SSH key
Yellow: SSH is accessible, Scoring users are unable to login
Red: SSH is inaccessible (Port closed, invalid response from SSH)

FTP

FTP Scoring User Password Hash:
- $6$PljFlMmWUAI2AEV9$5DM0zDEIOCJHQ4ggafxpnkOIJmLklqMjqAuWza1NyI3hsPdhAjAT2jWr8eKPPTbdi51vZkAof6vDkGzyHP8bk1
FTP Scoring Users:
- night_in_the_woods
- starship_troopers_terran_command
- angry_birds_2
- planet_crafter
- beat_saber
- monument_valley
- return_of_the_obra_dinn
- hollow_knight
- rimworld
- subnautica
- deaths_door
- gunfire_reborn
- pokemon_go
- cities_skylines
FTP Scoring Directory: /mnt/files
FTP Files:
- name: 1.bin
- name: 2.bin
- name: 3.bin
- name: 4.bin
- name: 5.bin
- name: 6.bin
- name: 7.bin
- name: 8.bin
- name: 9.bin
- name: 10.bin
- name: 11.bin
- name: 12.bin
- name: 13.bin
- name: 14.bin
- name: 15.bin
- name: 16.bin
- name: 17.bin
- name: 18.bin
- name: data_dump_1.bin
- name: data_dump_2.bin
- name: data_dump_3.bin
- name: datadump.bin

Green: Scoring users are able to log in via ftp.
Yellow: FTP is accessible, scoring users are unable to login.
Red: FTP is inaccessible (Port closed, timeout/invalid response from FTP)

FTP Write

Green: Scoring users are able to write a file to the remote FTP server.
Yellow: FTP is accessible, but scoring users are unable to write new files.
Red: FTP is inaccessible (Port closed, timeout/invalid response from FTP)

FTP Content

Green: Files from the above list exists, can be downloaded, and contents pass an integrity check.
Yellow: Login is successful, some files are missing or fail the integrity check.
Red: Login failed.

DNS

Service Requirements

Scoring Details

DNS

DNS Lookup (External)

DNS Lookup (Internal)

Web

Service Requirements

Scoring Details

WWW

WWW Content

WWW SSL

Mysql

Service Requirements

Scoring Details

MySQL

Recovery Instructions

MySQL

SSH & FTP

Service Requirements

Scoring Details

SSH

SSH Login

FTP

FTP Login

FTP Write

FTP Content