BSidesSF

WCTF 2015
How to WCTF

Suggested WCTF Platforms

Internet access
SmartPhone with USB tether (wi/BT could be an issue)

Laptop (MAC or PC)

Multi core processor
8 GB ram or more* (16Gb optimal)
Hard drive space for all necessary apps and VMs
SSD is optimal

External Radios/antennas
Internal radios might not give the exibility/capability
Built in antennas may not give exibility needed

Power-Supply
Enough outlets to power all of your gear

Suggested WCTF Distributions

Pentoo
(bare metal, VM or overlay)

Windows
(bare metal or VM)

Kali
(bare metal or VM)

OS X with Fusion
Other Hosts with VM

Suggested WCTF Radios

Alpha cards (B) (G) or (N) or (ABGN)
Rokland N3 (BGN)
Rosewill N600 UBE (ABGN)
SR-71 (ABG)
AirPcapNx (ABGN)
WiSpy DBX (2.4 and 5Ghz)
TP-Link TL-WN722N (BGN)
EnGenius EUB 1200AC (ABGNAC)
Ubertooth One (many uses)
HackRF Jawbreaker (SDR)
RTL-SDR (SDR)

Antennas
Omnidirectional
2, 5, 7, 9 dBi

Directional
Panel
Yagi

WCTF Tools
Aircrack-NG

Reaver

gqrx

Kismet-NG

Pyrit

Dsd

Airodump

Wireshark

multimon-ng

Wireshark

OCLHashcat

smartnet-scanner

TCPDump

Wite

Gnuradio

Nmap

Fern-wi-cracker

OsmoComSDR

PGP

Airdrop

Testing Your WCTF Gear

Have a repeatable process for validating
antennas/setup
Hand testing on a xed known AP
Automated testing Kismet (kismet script shootout.rb)

Know how dierent cards, antennas, and

combinations work with each platform
Never be surprised by your equipment

WCTF Tactics
Figure out the clues, and think hard. The clues are always
obscure and never direct, but will lead you to the answer.
Make sure you have practiced with all setups in advance.
Have a process or sequential processes to get through each
challenge and follow that process!
Take really good notes, either on paper or in a text le. I
promise it will help.
Learn about the person running the WCTF. This too will
give a lot away.

WCTF Rules
You must register with the key server (instructions to follow)
All Game BSSIDs are in the context of WCTF#

Oense and defense are always in play

Every team that solves a challenge gets points for that challenge, there
are no expiring keys.
Keys will only be scored once. We log everything and obvious attempts
will result in subjective point deductions.
Keys will be either a frequency, a passphrase, or something you crack, no
hidden servers this time.

WCTF Scoring
In order to score, you must have:
A working copy of GPG or PGP depending on your operating system
A valid Public/Private key pair to be used for *SIGNING* your submissions
Access to email/internet (internet is provided in challenge 1)

WCTF Scoring Instructions and PGP Public Key are at:

http://www.wctf.us/scoring.html
The ag.sh shell script has been provided to aid in uploading keys
You will nd that it makes it easier/faster to submit your scores

Setting up GPG/PGP keys

First verify that you have PGP or GPG installed

Type gpg <return> and see if it is installed if not:

emerge gpg (Gentoo)
apt-get install gpg (Kali, Ubuntu, Debian, etc.)

Now you need a key:

From the terminal type Gpg gen-key <return>
Select type (use default for WCTF)
Select keysize (use 1024 for WCTF)
Let the key expire a day after the WCTF is over
Type your real name
Enter a valid email address that you are going to use to submit the ags for the WCTF
Enter a passphrase that you will remember
Then let the computer work for a few minutes creating entropy (wi scanning speeds this process)

Importing WCTF PGP Key

gpg import <paste the WCTF pub key> <return>

Copy/paste the entire key from
http://www.wctf.us/scoring.html

Register Your Team

Go To
http://wctf.us/register.php

To Submit a Flag
Copy the ag from it's location. It will be either the wireless encryption key or
a string of random numbers/letters found on the target network, that
matches/answers the clue
Copy the entire string with no breaks or spaces
If the key is hex convert to ASCII

Take the output of key.sh (create this le locally and remember to chmod +x the le)
./ag.sh cbbe3ec55dd050e749918770af0a40b6d8192679

Copy and paste resulting output of the ag.sh le and email (without encryption)
to: ctf+bsf@wctf.us

Challenges
We will go over the challenges at the beginning of the
Conference at 10am Sunday Morning

WiFi Challenges
All Wi challenges will be in the context of SF_WCTFx

These will need to be understood and gured out.

Good Luck

Roaming Challenges

There will be up to 4 Fox and Hound and

Hide and seek challenges the times for
these will be announced during the con,
2 will be Sunday and 2 will be Monday

SDR Challenges

The SDR challenges will start at noon

on Sunday, after everyone is warmed
up, and we will do a comms check as
well as an intro at noon on Sunday

Questions

Any Questions please ask, we will determine

if we will answer

Good luck!

Thanks to the WCTF Team

Rick
Anch

DaKahuna
Zero_Chaos

Marauder
Terrible

Russ

Questions

@Rmellendick

rmellendick@gmail.com