Tokemon 2
antic0de and metlstorm present...
I need your clothes, your boots, and your exploits
Intro
Tokemon 2 is a hacking game - a target rich environment filled with vulnerable hosts, services, packets, and on Saturday night of Kiwicon 4, a frenzy of hackers. Whether you're a seasoned blackhat, a fulltime pentester, or a complete noob, we guarantee you'll find something to own in the Tokemon 2 network. Crack a box, find a token. Own a webserver with some SQL injection, get a token. Maybe you dig reversing? Crack out your disassembler, find some tokens. Log them with the game engine, and pwn your way to fame and glory on the scoreboard. Did we mention prizes? In 2008 the Tokemon 1 winner - w0lfie - got a job offer pretty much on the spot...
Even if you're not going to hack, come along to spectate, and don't forget Te Kuiti Warrior!
Playing
Get your flashy crue together and hack as team, or be a lone ronin amongst the shadows and packets. To play Tokemon 2, you'll need to bring a wireless equipped laptop (limited wired ports will be available, but these may not be conveniently located; the wireless access infrastructure is enterprise grade this time around) and be ready to handle whatever the network throws at you. If you think you will need internet access, then bring a cellular network connection, as there may not be reliable internet provided. If you're not comfortable to bring your real live OS with you, filled with all your work data, or you're not tooled up for live hacking, consider grabbing a security LiveCD like Backtrack, and booting off that for the night. We will endeavour to have a few copies of Backtrack lying around, and possibly some loaner laptops for those of you with poor forward planning.
Because Tokemon 2 will be held in a bar, you must meet the legal requirements to be in the bar, drinking a beer. That means you should be old enough, accompanied by a parent or guardian, and not sufficiently intoxicated that you get thrown out. Somewhere between those two goalposts, huh? There will be a bartab, food available, and plenty of atmosphere.
Tokemon 2 will be more approachable for noobs than the first Tokemon, with some help to get you started and owning some of the more basic levels. You will get some tokens, learn stuff, and have fun while doing it.
For the rest of all y'all badasses, you can rest assured that there's something for you too...
Venue
Saturday 27th @ Madame Jojo's. Doors open 7pm, Tokemon runs 8pm - midnight (Te Kuiti Warrior is in the same venue), bar will remain open afterwards. Tokemon 2 is open to all Kiwicon ticket holders; no guests, sorry.
Tokens
Token values will differ based on the type, interest factor or complexity of the vulnerability. Some servers may have an easily gained token and another that is only discovered through more exploration or exploitation. Simple to exploit vulnerabilities that are more subtle might be worth more than easily discovered bugs. The vulnerabilities cover a number of areas, such as:
- Networking
- Configuration Faults
- Vulnerable Services
- Weak Passwords
- Database Problems
- Web Application Vulnerabilities
- Wireless
- Reversing
- ... and more
Tool Up
Some things you might wish to play with before Tokemon 2:
- Network scanning tools
nmap, nmap, nmap, ping - Network VA tools
nessus, saint, qualys appliance, ISS scanner - Password cracker of choice
cain, jtr, lophtcrack, pen and paper - Exploit tool of choice
Metasploit, Canvas, Saint Exploit, Core, wget -r http://packetstormsecurity.org/ - Web vulnerability scanner
For spidering and brute forcing stuffs - Script command shells of various flavours
.asp,.aspx,.php,.ini,.pl,.cfm - Data encoder/decoder and hashing
base64, sha1, urlencode - Web app hacking proxy
Burp Suite, Webscarab - Web application exploitation documents
XML/LDAP/SQL Injection, File inclusion/upload tricks, XSS, CRLF, ACR/ONYM - Database connectivty tools
MSSQL, MySQL, Oracle, Flat file, CVS
Obviously some of the above is NOT in the game, we weren't about to give you a list of what to expect ;)