nCircle.com >> 360 Security >> VERT

« Look! A dead horse. Let's beat it... | Main | No Microsoft Patches for March »

VERT Challenge #1

One of the interesting things about being a VERT Engineer is that you never know what type of work you're going to be doing from week to week and sometimes even day to day... A while back we had a request to detect the popular Japanese file sharing application WinNY. I was tasked with this and it was actually quite a bit of fun. You see WinNY has a UI that is Japanese and although there are patches available to change the button text to English, navigating it was, at times, trying. A bit of research and some testing on my own and I'd managed to write a small script that could detect WinNY running on a computer.

I'm not going to give out any more information on WinNY but I am going to introduce you to a new part of the VERT blog... the VERT Challenge. These will occasionally be posted, the prize going to the person with the correct answer. Yes, that's right... there will be a prize. The concept is fairly simple.

For this challenge you will:


  • Locate the WinNY application Online (Both Versions 1 and 2)

  • Determine how to perform proper WinNY detection. (remotely -- via the listening TCP port)

  • What you need to provide in order to win:


    • Any encryption, authentication or hashing used for communication.

    • A breakdown of the information provided by WinNY when you connect to it.

    • The unencrypted strings that distinquish between WinNY 1 and WinNY 2.

    • Bonus Points for providing a script or source code to perform the detection.



The Prizes:

  • 1st Place - nCircle Remote Control Car + nCircle Polo Shirt

  • 2nd Place - nCircle Remote Control Car

  • 3rd Place - nCircle Polo Shirt

The Rules:


  • Submission of materials already available online will NOT be accepted.

  • Submissions will be accepted in the order they are received but complete submissions will receive consideration before partial submissions.

  • The contest will close at 12:00PM (Noon) EST on Friday, March 16th 2007.

  • You are free to submit a partial submission and then submit additional data, however you can only resubmit once.


Entries can be emailed to me at ~treguly~NOSPAM(AT)NOSPAM~ncircle.com~ (you should be able to figure out how to format that properly if you're competing for the prizes :) ). Good Luck!

Posted by Tyler Reguly on March 6, 2007 1:40 PM |

TrackBack

TrackBack URL for this entry:
http://blog.ncircle.com/cgi-bin/mt-tb.cgi/172

Comments (6)

dre:

thick clients are so 1992. you should create challenges related to web applications.

shouldn't this take around 5 minutes to complete using unix shell and the matasano blackbag tools, particularly replug? can we get additional bonus points if we find vulnerabilities in it? if we do it all via binary analysis and offer proof, does that provide additional extra credit as well?

Posted by dre | March 6, 2007 11:08 PM

Posted on March 6, 2007 23:08

Tyler Reguly:

"Thick clients" may be old school but they are still used by everyone and I don't forsee that changing in the near future... As for making a web application related challenge, I'm sure that will happen in the future.

If you think this will take 5 minutes if you use a proxy then go ahead and solve it... I'm thinking it'll take you a bit more than just that.

As for finding vulnerabilities... I may use that as a tie breaker if I get two submissions at the same time or only receive partial submissions... However this challenge is about reliable, accurate, remote application detection. That means interacting with the application but not hindering it's operation or in any way adversely affecting it.

Posted by Tyler Reguly | March 7, 2007 12:31 AM

Posted on March 7, 2007 00:31

Ross Brown:

So, nothing already online, eh? Yuji in our research team released a free WinNY Scanner in Japanese and English last year; he was so hoping to get a free remote control car....

Posted by Ross Brown | March 8, 2007 12:07 AM

Posted on March 8, 2007 00:07

Tyler Reguly:

Ross,

All that does is disqualify Yuji from submitting the WinNY scanner itself, although given that it's available on the eEye website, I'd probably give it some consideration. He does still have the option of submitting the required information to win the competition.

Posted by Tyler Reguly | March 8, 2007 9:26 AM

Posted on March 8, 2007 09:26

LonerVamp:

Just wanted to say I think challenges like this (for prizes or not) is a very good thing and I totally dig it. It gives some of us a chance to cut our chops a bit more in areas we may not be terribly proficient at yet. Practice, practice.

Posted by LonerVamp | March 8, 2007 1:34 PM

Posted on March 8, 2007 13:34

christian void:

wooooo! that's good news. am i eligible? heh.

Posted by christian void | March 20, 2007 1:04 PM

Posted on March 20, 2007 13:04

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Verification (needed to reduce spam):

Search


About

This page contains a single entry from the blog posted on March 6, 2007 1:40 PM.

The previous post in this blog was Look! A dead horse. Let's beat it....

The next post in this blog is No Microsoft Patches for March.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]