Creating a Hacking Game - Part 1: Introduction

Posted on Sat 08 August 2015 in posts

This is a multi-part blog post about creating my own hacking game to teach other people the excitement of exploiting vulnerabilities. To try it out, just connect to ssh [email protected] with password level0. You only need a little bit of Linux command line knowledge. And get used to google a lot ;)

$ ssh [email protected]
      __                  _
     / /                 | |
    / /_ _ _ __ __ _  ___| | _____ _ __
   / / _` | '__/ _` |/ __| |/ / _ \ '__|
  / / (_| | | | (_| | (__|   <  __/ |
 /_/ \__, |_|  \__,_|\___|_|\_\___|_|
      __/ |
     |___/
             ~ follow the white rabbit ~
                     ~ gracker ~
            ~ irc.hackint.org  #gracker ~
[email protected]'s password: level0
┌────────────────────┐
│ HACK THE PLANET!   │
└────────────────────┘

On Linux or Mac just open a terminal and type that command in. If you are on Windows you can use PuTTY.

Prelude

In 2012 I came across Capture the Flag by stripe. At that point I knew a little bit of assembler - I knew a little bit how the stack works and I kinda knew what a buffer overflow is. But I had never seen or exploited one myself. The CTF hooked me and I was so eager to solve those challenges. With a lot of time and googling I was able to solve the levels and got a T-Shirt that I wear proudly to this day. As stripe's blog post mentions, they were inspired by io.smashthestack.org. So I moved on to io and til this day I haven't finished all the levels. I believe I'm stuck on level 17 - but I always come back to it and realize that I learned more and can solve the next level.

So over time I have played some other CTFs - as you can see from my HITCON CTF 2014 sha1lcode writeup

Motivation

I have this character flaw, that I get super obsessed with stuff. And I can never understand why other people are not interested in something I'm so enthusiastic about. So I guess in an attempt to get more people into this field that gives me so much excitement I wanted to create my own game - a game that is dedicated to beginners with a slow skill curve, so they don't get frustrated too quickly (though, that is part of the fun).

For an overview on how the game works, here is the README that you can access when you login as level0:

[email protected]:~$ cat README

┌───────────────────────────────────────────────────────────────────────────┐
│ How it works...                                                           │
├──────────────────────────────────────────────────────────────────────────┬┘
│ This is a hacking game. The goal is to hack from level to level.         │
│                                                                          │
│ You are currently level0. The password of your current level can be      │
│ found in ~/.pass                                                         │
│    + run `id` to display your current user id                            │
│    + display your current password `cat /home/level0/.pass`              │
│                                                                          │
│ So your goal is to find the password for the next level (level1). With   │
│ the password you can then connect to the next level                      │
│    + `ssh [email protected]` to login with the found password           │
│                                                                          │
│ The level relevant files can be found under /matrix                      │
│    + display the files for level0 `ls /matrix/level0/`                   │
│                                                                          │
│ A good point to start is to read the "story" in your home folder. It     │
│ will give some motivation for the current level, it will tell you what   │
│ files are necessary and maybe give additional info.                      │
│    + display current story `cat ~/story`                                 │
│                                                                          │
│ Sometimes there is a story recap available, which contains additional    │
│ information about the challenge that you just solved. Usually this means │
│ you will discover new tools or techniques how to solve a challenge. If   │
│ you have a particular nice solution that you would like to share,        │
│ contact me, and I might add it.                                          │
│    + display the demo recap `cat ~/recap`                                │
│    + the recap for level0 is in `cat /home/level1/recap`                 │
│       (you need to get access to level1 before you can read it)          │
│                                                                          │
│ To show people that you made it to a particular level, you can add your  │
│ nickname, messages and secrets to the "iwashere" file. You can only read │
│ and append something to the file.                                        │
│    + show the world that you found this game:                            │
│      `echo "I made this. ~samuirai" >> ~/iwashere`                       │
│    + look at who was in level0 `less ~/iwashere` or `cat ~/iwashere`     │
│                                                                          │
│ Most important point. Have fun. The worst thing that can happen is, that │
│ you accidentally learn something.                                        │
└──────────────────────────────────────────────────────────────────────────┘
┌───────────────────────────────────────────────────────────────────────────┐
│ Rules and System Info                                                     │
├──────────────────────────────────────────────────────────────────────────┬┘
│   1. Do not DoS this or any other system. Don't be a kiddy!              │
│   2. Do not connect to remote systems from this.                         │
│   3. Do not use too many resources. This is a very small server.         │
│   4. Do not spoil challenges (no writeups!), but helping newbs good.     │
│   5. Be excellent.                                                       │
├──────────────────────────────────────────────────────────────────────────┤
│   - levels can be found under /matrix                                    │
│   - You can only write to /tmp.                                          │
│   - Unused files and folders in /tmp are deleted after a few hours.      │
│   - If you want to have a specific tool installed, contact me.           │
│   - If you find bugs, please contact me.                                 │
└──────────────────────────────────────────────────────────────────────────┘
┌───────────────────────────────────────────────────────────────────────────┐
│ Start                                                                     │
├──────────────────────────────────────────────────────────────────────────┬┘
│ 1. read the story for your current level                                 │
│     `less ~/story`                                                       │
│ 2. find the files in `ls /matrix/level0`                                 │
│ 3. create a working directory in /tmp to develop scripts and tools       │
│ 4. solve the challenge and get the password                              │
│ 5. login as level1                                                       │
│ 6. read the recap for this level                                         │
│     `cat ~/recap`                                                        │
│ 7. read the story for level1 and solve the next challenge                │
└──────────────────────────────────────────────────────────────────────────┘

Continue to Part 2: Creating a Hacking Game - Part 2: The System