New Direction for Improving HBH Challenges

I feel that the material on HBH is getting old… not in the sense that that missions don't get submitted, but it's the same attacking techniques, which I feel are not really realistic.

The closest to real I've seen here on HBH is the "web patching" challenges. Not to undermine, or say that the other missions haven't taught me things, but really do NOT apply to the real world most of the time.

As a result, I suggest that HBH move in a new direction to make the challenges more realistic by adding new sections of challenges and expanding the already existing sections.

More specifically, I'm referring to making real rooting challenges… perhaps "capture the flag" on a server.. where when exploited by a user, they reset the password and don't go any further in the destruction of the server. Thus, allowing users to get in and out. This is just one particular instance of a challenge. It could be a project worthwile to pursue for "Programming Teams" that are currently idle.

Also, for the idle programming teams — they need to regroup and be more productive by making challenges, rather than simply "competing" to get points. It's a total waste of potential for HBH to have them sit idly and get scattered during that time.

In summary, what I'm suggesting is that HBH add 3 more directories of challenges:

• Programming Challenges (C,C++,C#, Java, PHP, IRC Scripting, and OS Task Scheduling)
• Buffer Overflow Debugging and Engineering (Assembly, C, and Perl)

My idea can get shot down, and never heard from again, or it can seriously be talked about by the ADMINs – which I think they need to have an online conference about this (AIM, MSN, IRC, etc.).

Just keep in mind, however, that these few additions will help HBH advance and real gurus will truly stand out from this. We won't have anymore "bored hackers"; also, newbs might come to know what hacking TRULY is. Not just code and exploits.

Shalom!

(PS: this could be simply a stepping stone for HBH to go to the next level, whatever it may be.)

I understand what you are saying about some of the missions being unrealistic but they are designed to get you looking in the right places and thinking in the right way rather than using the techniques in real life

why point to other places while you can make it happen here?

that attitude is NOT innovative by ANY means…

if things are the same, and they will stay the same, HBH will ontinue with the same material (that's barely retouched by mission creators) – and again, that is NOT innovative.

well the HBH game is going to be a very awesome feature, can't really tell you anything about it except that its gonna be sweeet.

how's that relevant to the topic? :right:

because the game, is not be like the normal challenges… it will be beyond that

well i wanted to try and fix the SE challenges more. i was thinking instead of trying to SE a bot why not have a Aim and MSN account set up and have an admin on it. we all take turns. and people have to SE the admin for the info they need. Just an idea

Ive also thought of ways to have phreaking challenges. I was looking into a way to get a 1-800 # so that we can try to do some phreaking with it. But i had ideas to have phreaking done on the computer itself. (long description so im not typing it here)

Lock-picking: the only way this would work is if we had a) a video submission of the member picking a lock or b)submitting a written explanation of how one would pick a lock with personal photos of some sort.

GFX- i think we could use a section for gfx challenges. this would require members to use some sort of effect and present it in a image with their name in it for verification process. examples will be given and then the point is to make one. those who dont have image editing programs would have a problem.

i have more ideas but im saving them for just admins and staff.

I'm suggesting AGAIN that HBH add 2 more directories for challenges:

• Programming Challenges (C,C++,C#, Java, PHP, IRC & Shell Scripts)
• Exploitation and Reverse Engineering (Assembly, C, Perl, Python)
• Allowing IMG tags in articles for visual effects. Admins CAN filter the tags!
• A Daily Screenshot of any member's submitted desktop PIC.
• A Notification of Birthdays and Hacking Milestones in History.
• MAJOR facelift to the HBH theme. Come on, it's getting old, guys. Look at HTS …

Whadya think, eh? I think it's time for HBH to start moving forward… And oh, yah:

• FORUMs questions need to be relevant. Not any sort of garbage should be allowed to go through. :)

i totally agree with u netfish. but i've talked to cheese about the programming challenges and this is what he said:

Date: May 18 2007 - 19:39:33 Subject: RE: suggestion exactly, they would have to send the source and someone review it, which requires skilled programmers.

and hbh doesnt have enough of them who are willing to spends hours a week viewing submissions for hbh. the logical and other challenges are bad enough!

nice idea, but woudlnt work, sorry.

Why wouldn't it work… Get more admins working. Simple!

I'm sure many members would be thrilled to join the panel, and responsibly review submissions, etc.

Date: May 18 2007 - 19:39:33 Subject: RE: suggestion exactly, they would have to send the source and someone review it, which ***requires skilled programmers.

and hbh doesnt have enough*** of them who are willing to spends hours a week viewing submissions for hbh. the logical and other challenges are bad enough!

nice idea, but woudlnt work, sorry.

if you can find a good number of programmers who are a) skilled enough to review submissions b) willing to spend an hour or two a week looking at submissions c) willing to have a long term commitment to hbh and submissions

then sure, HBH would be more than happy to have it and would get it setup.

problem is, i dont think theres enough of the above and/or people willing to have a long term commitment, coz obvioulsy it will have to run for as long as hbh does to make it fair for new membbers and future members…..

anarcho-hippie tried to bring a big coding section to hbh, however there were very few poeple up for the challenges and nobody other than anarcho himself was willing to review code. this whole system quickly and very sadly ended.

.. but i may be wrong, perhaps there is enough and plenty of eager people ready to give it another shot. if someone is willing to manage it and organise mods, submissions, challenges etc then we can give it a go.

Also about the capture the flag rooting idea, I feel these should just be set up between a group of hackers rather than a whole community, 'cos you cant gurantee no one will damage the server or the person who donates the box internet connectivity.

LSO (Learn Security Online) and Astalavista Group provide wargames for their Exclusive Members, so I think HBH should start moving in that direction.

Otherwise, EM is nothing more than the ability to color your profile, and have an extra descriptive tag close to your handle on the forums.

@Mr_Cheese: What specifically do you need done, so that members can work on it (programming wise)? What are your visions for the community?

Ahh thats diffrent setting it up for EM's I thought you meant for users in genral

either way, really. But I'm just saying that something should at least exist for EMs since they pay for something better and different than regular users.

I'm keen to just put up some challenges with [Barely-Non] functional code, and see how people patch it.

In time i guess we could regex submissions, or knock up a jail-like interpreter for whatever language they're in.

In the mean time i'm happy to review the submissions.

What does everyone think?

i could review java, php, and python… im game. and i agree with you fishy about the BoF…. talk to me on aim and we'll see if we can get something for that.

I can do Python and PHP, java and c++ before too long as well

ill review C++, C, JS and PHP at pretty much any level. ill also do some simple-medium ASM stuff.

I could revise some PHP code if needed.

I'll do C/C++ and PERL. JAVA if need be, also.

sweet, well i may just break some stuff i wrote in python, and submit it, that work for you guys?

id like some programming challenges up, sort of like hbh ones but permanent. code a keylogger, code an ai script, other things like that ^^

looks like we have the reviewing people in order… Cheese what do you say?

is dieing for a HBH War game

I'm slightly busy at the moment with other HBH and offline related projects.

If you get it all planned out, come to me with all details.. e.g:

"post a compeition in news and forums saying….." "time scale = xxx" …… "personA reviews java, personB reviews PHP"….. "points will be this……" "you can automate it via this…" "we need a new section here…." "we need a password protected code bank section to review submissions".. "here is the code we need put up on HBH to run our submission system.."

etc etc etc etc,

get it all planned out and ready to go and i'll get it running.

i will take charge on this. if you are interested in being part of the team… pm me.

thanks

Well, pencil me in.

pencil my ass…. im sharpieing you in…. you arelday were tho. like it or not

Sharpy! Now that's commitment!

Does anyone have a box to donate? I can setup real wargame challenges on it, for rooting and web page defacements.

The person donating does have to be afraid of his PC getting trashed. It'll be run in a VMWare environment, if need be.

I can setup:

• Solaris
• netBSD
• Linux *
• MacOSX
• Haiku
• WinNT
• IRIX

What amount of bandwith would you require if I was to donate I only got 1mb upload at the moment.

gar eh, I'll try to work with that. Can the specs of the box support the VMWare system requirements? Please provide more info on it, if you please/can.

As much bandwith as possible. How much can you sacrifice (for starters)?

Well at the moment its got 1mb download speed, and unlimited bandwidth at the moment.. I'm not sure if I could keep it online 24/7 but it would be online 24/5. It has run VM Ware before its all good.

yo….. i can donate boxen next year.

I'll donate one in 2 years, does that count?