Words of Wisdom from Wasabi's Corner
I had a blast. There were lots of new faces, some old, some familiar, and some only scored 10 points and left. As usual I walked the floor and tried to help everyone from veteran wctf person to all the new people. But I think the WCTF team just loves watching the blind leading the blind so they keep inviting me back to help. HAHA
We had a great turnout and competition was tough for the top individual score until the wireless fox was found. Congratulations to all the winners and I hope the new people saw the fun and will be back next time. The following are my observations and suggestions for the next time you participate in the WCTF.
Ask for help
Yes I know I was vague lots of time when you asked me something. Sometimes I knew the answer and could not tell you or I had no idea. I am not told the exact answers to all the problems. And I only know the ways I would attack it or attempt to find the solution. Dont sit and stew. I will help you get on the scoreboard. I won't do it for you and I won't tell you the exact thing to type into your terminal but I will suggest tools and or reasons why you are having a hard to impossible time with what you are working on. And BTW it's not like I'm quiet or anything, if you hear me helping someone listen in and write stuff down because it will probably help you too.
People getting stuck on what they thought was easy
I saw a lot of people get stuck on WCTF_01 (WEP). WEP is not easy stop saying that. WEP is vulnerable and can only be defeated if you do the right things and collect enough of the right things to exploit the vulnerability. If what you are doing is not working it might not be broke and you should try something else because that one thing from that one article you read that one time is not working.
Running in VM’s
I will give you the short answer on this. DONT. Ok now here is why. Myself nor anyone else wants to figure out why your system is not working right, not capturing traffic right and any other little quirk or hiccup because you are running in a VM. (I take that back yes I will help you troubleshoot your IT problem but you won't like my IT Consulting rate and I make no promises it will work) Yes, I know you don't do this all the time. So make two bootable USB drives and an extra copy of the ISO. Do you have to install Pentoo or kali on your laptop? No you don't I have run off a live USB to compete in the WCTF before. People found out real quick if you don't give enough resources to the VM that using aircrack or SDR is really really really terrible and slow. And even if you did give tons of resources to your VM USB passthrough and virtualization will still be a problem.
Build your own wireless cheat sheet
Again I know you don't do this all the time. So why are you still Googleing the same things at every WCTF. Open the note pad or note taking app of your choice and start writing stuff down and add the link in case you want to do further searching. Those 30-45 minutes you have to keep Googeling you could be looking for foxes or getting another WPA2 Flag and it could mean the difference between winning or coming in second place.
I feel bad that two people left out of frustration of the networks intermittent issues. And while there is no correct answer or solution for this all I can say is welcome to wireless hacking. The wireless in the room is kinda wonky and all over the place. People are hacking, cracking, Deauthing, and some new people have no idea what they are doing and might just be flooding the air with craziness. Plus you are at a INFOSEC Security Conference and there are super leet and super script kiddy bull crap going on too. We saw different things going on and the WCTF team used a little magic of our own and fixed them. Just be aware this is a thing.
ConclusionIf this is something you wish to pursue personally or professionally then give it a little time, do it legally, and have fun. The WCTF is a competition, it is a game, it is not impossible. With a little prep work I can't guarantee winning but you will be less frustrated and have lots of success. Even (insert local sports ball team here) has planning, strategy meetings, and preparation for the next game. How much would it suck to know that given a little more preparation you would not have lost by 100pts or less. Just saying. But what would I know. And I'm not your supervisor. You do what you want. Im sure you know better. I would agree with you but then we would both be wrong.