CyberCenturion III – Practice Round 1

The practice rounds were sent out this week, which are the final set of images you get to play with before the actual competition rounds start. The main difference between these and the introductory round images is that there’s no answer key in them, which makes them seem closer to the actual ones that you receive.

Similar to the introductory images, this practice round contained images for Windows 7 and Ubuntu 14.04. The scenario that you are given too was written for both operating system in mind, so there was some similarity between images. The part that is funny – in my opinion – is that you work for “All-time favorites Arcade” who have a company policy to only allow Windows 7 on company computers. Unless you’re running the Ubuntu image where company policy is to only allow that.

Having a go with them myself, as you do, I managed to get all of the Windows security ‘problems’ in an hour and a half (Service Pack 1 took the longest to install), of which there were 11.

The CeberCenturion scoring report showing the 11 vulnerabilities in Windows 7
Ignore the scary messages, I honestly did it in time. I just got called away for 4 hours after starting the image.

Getting the students to have a go on this one, most managed to score the total amount after an hour or so. They didn’t actually get to 100%, as it was the Service Pack left to install so getting them to sit around for a while doing nothing wasn’t really an option. Some others struggled, but with a bit of prompting managed to get around half of the items needing to be fixed.

The Ubuntu one was harder. A lot harder. Even having some of the best students looking at it we only managed to get 7 out of 10.

The Ubuntu scoring report showing a number of vulnerabilities fixed
I’m fully aware this says 6 and not 7. I took the image then figured out the other problem, which was… erm… Ooh, look over there. Quick, you’ll miss it!

That’s the problem with Ubuntu. I can teach students Windows easily as there’s many tools that I’ve used over the years to dig into the internals of it. Ubuntu is a lot harder, as most of the time I just install it and forget it, and when there’s a problem I look it up on the Internet. So far (including last years competition but excluding the introductory rounds) none of our teams have been able to get 100% on Ubuntu (the same goes for the actual competition rounds for Windows, but we can get a lot higher). Oh well, I’m sure we’ll manage it somehow.

Still, I did have a bit of fun getting students to figure out what file they needed to download to install Service Pack 1 on Windows. Here’s the list of files that are available to download:
A list of download links for Windows 7 Service Pack 1

While you may know that it’s the ones that end in x86 for 32-bit systems and x64 for 64-bit systems, I took it as a learning exercise for one student in particular (I know them well, and they do computing at A-Level):

Me: So, which one do you need to download?
Student: Umm… The top one as it’s the largest.
M: Do you normally install programs using a .iso file?
S: No
M: If it’s not that, then what other one could it be?
S: One of the symbol ones?
M: No, that’s for use in debugging, so it won’t help you here.
S: Oh, it’s the …-IA64 one.
M: Why do you say that?
S: Well, it’s not any of the others.
M: OK, we’ll download the Itanium 64-bit version then.
S: The what?
M: Exactly. Do you want to try again?
S: So it’s the (one ending in) x64?
M: Are you sure? There’s an x86 one available too.
S: But we’re using a 64-bit machine, not an 86-bit machine.
M: Are you sure you’re using a 64-bit machine and not a 32-bit one?
S: Well, there’s no file with “32” in it, so it has to be that one.
M: You’re absolutely sure you’re running a 64-bit machine?
S: Yes
M: OK, I’ll bet you a whole 20 pence that we’re not
S: But we are!
M: Prove it
S: How?

5 minutes later…

M: Are you sure it’s a 64-bit machine?
S: Yes, look. (Goes to a machine that’s not running the image and shows it says 64-bit operating system)
M: Oh no! You’re made me loose my 20 pence. That’s a shame, as I really needed that.
S: You’re too confident. Wait… that’s the actual computer (looks on image instead). Damn it! It says 32-bit.
M: Well, that’s a shame. I’ll keep my 20 pence then. So, what download do you need?
S: But there’s no file ending in 32!
M: Correct, but the 32-bit architecture is based on the 8086 family of processors, which end in x86
S: That’s not fair!
M: I know, but you’ll remember what one is needed in the competition now, won’t you?
S: YES!

I could have told them to look down the page before clicking on the big download button, which list all of the files and their purposes. But then, where’s the fun in that?
A list of descriptions for each of the available SP1 downloads

Leave a Reply

Your email address will not be published. Required fields are marked *