

Ask HN: Would anyone be interested in "Hacking Games"? - TallGuyShort

It seems to me that most 'true' hackers are generally interested in what the rest of the world considers hacking (i.e. - breaking into computer systems) but think it is lame to do so maliciously. I couldn't agree more - and I had an idea. Maybe this is completely unoriginal, and maybe this is actually highly illegal or widely frowned upon - but that's why I'm throwing it out there for comment. I think it would be fun to set up a monthly competition where a server is set up, and contestants attempt to be the first to hack the box (and achieving a specific goal like replacing the home page, or something like that). I'd be willing to run the contests and provide all the hardware, etc... I was thinking a series of games could focus on various Linux distros, or various versions of Windows, etc...<p>So I'm posting this to see if there's much interest in running such a contest (say, once a month or so), and if there's comments as to the other implications of such a game. Obviously, DoS attacks would be strictly against the rules, so as not to cause any problems for my ISP. Any thoughts?
======
mahmud
Those things existed since at least 1997. CyberArmy had their own contests
like this and they promoted people into "ranks"; the whole place had a cheesy
forum/bbs feel to it and it didn't take long before someone decided to put
them out of their misery and rm -rf'ed them out of existence .. including the
game server.

Anybody who is anybody probably will not like the patronizing student/teacher
role and he would certainly despise the sanbox; it might not just be your
vmware image, but also your webhost, their colocated box, and every other box
in that datacenter, and perhaps a few more wifis within an earshot from there
-- all might be sent to the abyss of server hell, and your good name
immortalized in a lulzful lamer log.

Do not invite the curiousity of bored people with something to prove. Do
something else with your time, instead.

~~~
bawr
I don't know - there was a site back then (died because of admins, not
hackers) called, I think, Digital Evolution (dievo.org?) that hosted a lot of
security-related games, covering web-based stuff like SQL injection and going
on to shell-based games where your focus was to elevate your privileges,
usually by exploiting a small program given to you - sometimes with the
source, sometimes without it.

And as far as I can remember, they never got "really" hacked. Damn, I miss
that place. There were riddles, math games, _sigh_...

~~~
mahmud
Sure, why not, but he is probably nullifying a few TOSes and other service
agreements. The reason we put inane disclaimers and "get off my lawn" type
message in /etc/issue is to cover our asses. If anybody from his
network/hosting provider sees this he will surely get his account yanked by
them before the baddies.

------
spk
I would be interested if you count. Perhaps I should post this in a new thread
but here it goes..

I have seen a few "hacking" (cracking) games back in 1999-2002 but most of
them where too simple to be interesting. They always had one clear solution,
to a beginner in cracking like me, and you never got that feeling of
accomplishment. Althouth I am still interested in cracking nowdays I'm
wathcing it from the opposite side, i.e. what are the most common security
threats and how do I keep my code safe from them. I have bought/read a few
security/cracking related books/articles that were recommended or written by
experts on the field but as they were too specific they were of no interest,
except from an academic perspective, to me. E.g. phrack.org articles. What I
would really love to see is some free course in cracking that would combine
theory and practice in some sort of sandboxed environment that would be level
and field based but more free than just having an assignment, e.g. find a way
to create an sql injection to delete all entries in a db.

If there are any willing crackers on HN I would really appreciate it if they
could share how they started cracking and what would be their recommended way
for a beginner to start now. If this is too off-topic and/or illegal just say
it, if it's not against rules I'll start a new thread.

------
mpk
A really good wargames sites used to be pulltheplug.org, I had some fun
playing around there 5 years or so ago.

They seem to have moved to <http://www.overthewire.org/wargames/> .

------
c3o
There are "Capture the flag" contests at DEFCON and other hacker conferences
where teams each need to defend a machine and attack those of other players:
[http://en.wikipedia.org/wiki/Capture_the_flag#Computer_secur...](http://en.wikipedia.org/wiki/Capture_the_flag#Computer_security)

~~~
abyssknight
Heading out to DC17 this week myself. CTF and aCTF qualifiers are over, but
people prepare for this stuff for months.

------
raffi
Check out:

[http://www.google.com/#hl=en&q=hacker+wargames](http://www.google.com/#hl=en&q=hacker+wargames)

<http://www.nationalccdc.org/> <http://isis.poly.edu/csaw/>

Or my own work on the subject:

[http://www.dtic.mil/cgi-
bin/GetTRDoc?AD=ADA481288&Locati...](http://www.dtic.mil/cgi-
bin/GetTRDoc?AD=ADA481288&Location=U2&doc=GetTRDoc.pdf)

------
inklesspen
There's always Uplink: <http://www.introversion.co.uk/uplink/2/>

It's got UI and plot issues and could be improved upon. (For instance, it's
sometimes quite hard to let the game know you did the mission.)

------
profquail
I've seen contests like this held before. As long as it's all your hardware,
and the contest isn't causing the network to crash (like you said, rule out
DoS attacks), I don't see why anyone would have a problem with it.

------
jlees
Another context where you can take part in sandboxed, organised hacking
contests -- sort of -- is some ARGs (alternate reality games). I've not seen
anything recent that involved true hacking skills, but sometimes there can be
some wonderfully fun puzzles (you know, beyond guessing that a fictional
character's password is the name of their fictional pet). Laying the trail for
these is also fascinating work.

~~~
bawr
The _old_ Dark Signs were a lot like that - you "hacked" into computers by,
say, finding bugs in the scripts they ran. It was really fun.

You can still find the game by searching through
<http://web.archive.org/web/*/http://darksigns.com> \- amazingly enough, the
files are still present on the present-day site, they're just not linked
anymore.

~~~
gaerfield
I can remember this game, with this nice Soundtrack :) It was one of my
favourites free-games.

------
JeffL
It's not exactly what you're looking for, but a friend of mine made
<http://www.hacker.org/> which is a bunch of games that are related to hacking
plus some games where you have to write programs to play them.

(The "challenges" game is pretty close to actually having to hack, with
various difficulties.)

------
abyssknight
Personally, I'd love to see these sorts of things set up locally. To say
you'll disallow things or implement rules is just silly. Now, if you're on a
localized network with no outside lines, all bets can be off and everyone can
have a safe, fun time blowing each others machines to bits.

------
ygd_coder
I've seen other websites and organizations do this. I think it's a great idea
and a great way to build skills.

