index intro and faq the venue schedule pre-registration call for speakers



Carolinacon 2008 - Capture The Flag

Capture the Flag is being run a little different this year.  It is meant to simulate a real vulnerability assessment.

You will need a wireless network card that is supported by the OS you choose to use. We also recommend BackTrack which is available here:

BackTrack should have anything you need and a lot of stuff you don't.

To connect to the CTF network, configure your NIC for DHCP and connect the wireless network with the SSID of CC08-CTF.  The flag box's IP address is

Situation and Task:

You have been hired by a very small company to perform a penetration test on their entire network.  The owner of the company has tasked you with evaluating all technology procedures and has asked you to document any improvements you can suggest.  You have decided to start your pentest with a server in the IT Department.  Through the initial interview process with the head of the IT Department, you have learned that this server is used as an FTP server to create and redeploy systems throughout the company.  The department head has also explained that due to the small size of the company that this machine has been re-purposed.  It used to be a server that was used to store customer information.  All customer information has been deleted off the system during the redeployment of this server. 

Document everything you find along with steps for remediation and submit your report to:

The deadline to have your report submitted is: 3/29/08 8:00pm

Winners will be determined by submitting the best report.  Ties will be decided by who submits their report first.  If you modify your submission and resubmit your report, the time of the resubmission will be used in the event of a tie breaker.  Best reports will be added to this page after the contest is over.










The fourth annual Carolinacon regional technology conference will be held March 28-29, 2008 at the Holiday Inn on Fordham Road in Chapel Hill, North Carolina. We invite any persons who have educated themselves about technology to present their ideas and otherwise participate in our conference. Carolinacon is hosted by members from local 2600 meetings and the non-profit Carolinacon Group technology education organization.