Archives For October 2014

Some things just aren’t meant to be… like my second non-activation of Pine Log Mountain in a month.

Saturday I was on Pine Log Mountain, again, participating in the Simulated Emergency Test (SET).  Since you need permission and a key to be on the mountain, I figured I would kill two birds with one stone and get them both done while I was on summit.

Well, that was the plan anyway.

Continue Reading…

CQ CQ SOTA Chasers,

I will be operating on Pine Log Mountain, W4G/HC-025 as part of the Cherokee County ARES Simulated Emergency Test (SET).  Before carrying out my assignment for the SET beginning at 12:30z, I hope to be on mountain early enough to setup and activate it for Summits On The Air.

I will be attempting to activate the mountain, again, at approximately 11:30z. My intentions are to work 40m SSB, 20m SSB and possibly even 2m FM if time allows.

I will self-spot via SOTA Goat or SMS, depending on cell/data availability (I don’t recall what it was the last time I was up there).

Hopefully the spot I choose to set up shack will be free from any RFI.  (Don’t want a repeat of Sweat Mountain.)

Hope to hear you on the air!

de KK4LOV

DerbyConCTF Files

October 3, 2014 — Leave a comment

Unlike last year, I preserved all the files I downloaded during this year’s DerbyConCTF. I know this isn’t everything there was available on the network and some new systems were brought online after I stopped playing. These files contain the nmap, nikto (and some other) scans along with any content I was able to easily download (mostly talking http and ftp here).

I’m sure there are probably a few hidden flags in these files waiting to be discovered and when I have time to get back around to it, I’ll sift through it to see if I can positively identify any more. I’m welcome to any hints you might like to drop in the meantime. 🙂

Next week I should be able to get around to finally describing some of these flags, so hang in there if you’re following along.
Continue Reading…

Here is an index to the Capture The Flag (CTF) flags I found during DerbyCon 4.0 Family Rootz:

No Flag Points Explanation
1 password 20 Link
2 MayUrG0atsBeFr33 20 Link
3 Goats34Milk 20 Link
4 ML5jVuOCTvMhaG70p0BL 20 Link
5 HopeSolo 40 Link
6 MudFlaps 80 Link
7 ImpossibleToHerd 20 Link
8 lambSkinCoat 40 Link
9 mossyoakcamo 30 Link
10 pirateslife4me 100 Link
11 time2seethebirds 100 Link
12 TheFappening 100 Link
13 SourceCodeTheft 100 (Not yet published)
14 PurpleMooCow 500 (Not yet published)

I will update this table with links to each of the flags as I blog about them.

I hope this blog series:
1. Will help hesitant hackers participate in a future CTF by giving them a starting point of where and how to look for flags.
2. Will produce a conversation with fellow CTF participants that stumble across the blog about what their experiences were with this particular CTF.
3. Will produce a conversation about the flags I overlooked, techniques/tools I need to become proficient at and pointers on how I can be a better hacker and CTF player.

Last weekend I attended DerbyCon, a Hacker Conference in Louisville Kentucky.  DerbyCon is a relatively young conference (compared to others such as DEF CON) and this is the fourth consecutive year it’s been held.  I have attended every year.  Every year that I have attended, I have participated in the Capture The Flag (CTF) event.

A few of my readers won’t know what CTF is, so I’ll take a moment to explain it.  CTF is an event in which hackers compete to find “flags” on vulnerable networks or systems.  CTFs vary in type but the basic premise is that you any means necessary (within the stated rules) to locate flags which are turned in for points.  Flags can be obtained any number of ways but typically involve locating them hidden in certain locations or files.  The more difficult the flag is to obtain, the more it’s worth in points.

I competed in my very first CTF event my first year at DerbyCon.  Ever since, I have become complete immersed in playing CTF while at the con.  To put that in perspective, the last two years I attended the con, I did not see a single talk outside the opening and closing ceremonies.  Simply because the CTF hasn’t started or has ended during those talks.  Any talks I see are usually after they’ve been posted to YouTube at a later date.

Continue Reading…

I know this blog seems like it’s been all about Ham Radio lately… but I’ve got plenty of ideas about different content to add.  Just as soon as I get around to finding that free time…