Wednesday, August 14, 2013

Cyberlympics 2013 Round 3 summary and results

So Round 3 is over. It was pretty much the same as last year; VPN connection into a network with the target machines, 2 Backtracks as pentest machines and about 3 hours to flag / report as many systems and findings as we can. :)


Just real quickly, one possible way to flag the machines were these:
  • 192.168.150.10 (STEVE-WORKSTATION) - Metasploit: exploit/windows/smb/ms08_067_netapi >> SYSTEM
  • 192.168.150.20 (GREG-WORKSTATION) - greg reused password (same password as on 192.168.150.30), word readable /etc/shadow, udev user's password hash was cracked, udev user was in sudoers >> root
  • 192.168.150.30 (STATLER) - Metasploit: exploit/windows/smb/ms08_067_netapi >> SYSTEM
  • 192.168.150.40 (ANIMAL) - Metasploit: exploit/linux/mysql/mysql_yassl_getname or exploit/linux/mysql/mysql_yassl_hello >> root
    Not sure which exploit is the one, because we tried it the hard way: the mysql root user had the password "password" and we tried writing files with it.

The jump host was 192.168.150.10 (STEVE-WORKSTATION), 2 more machines were accessible from here:

  • 10.100.1.50 (WALDORF) - ??? No one managed to p0wn this machine in the European round! (If you know what was the way to pwn, please comment!)
    UPDATE: Thx to San's comment, the solution was: Logging into the box with steve's(or greg's) credentials and then privilege escalation with a kernel exploit >> root
  • 10.100.1.60 (FOZZIEBEAR) - Metasploit: exploit/windows/smb/ms04_011_lsass >> SYSTEM

Other artifacts were like: user password hashes, sensitive information in text files, ssh keys, missing patches, etc.

I also made screenshots of the last moments of the finals:




Unfortunately, this was not enough for us to get into the finals. We ended up at the 5th (?!) place (we still trying to figure out how) but the end result on the European Round 3 was:

1. SectorC – Netherlands
2. Pruts.ERS– Netherlands
3. PRAUDITORS –Hungary
4. nanosloopers – United Kingdom
5. gula.sh – Hungary
6. Hack.ERS – Netherlands

Of course we were a bit sad, but hey, it's only a game. We had fun and we will try again next year for sure ;)

13 comments :

  1. That's really unfortunate to hear, David. :( I guess all the teams score would have been really close. FYI, for the last flag, we logged into the box with steve(or greg) credential and escalated the privilege with a kernel exploit. :) Thanks for the write up, especially the forensic challenges! :)
    San

    ReplyDelete
  2. Hello San,

    Thx for the info on the last machine! :) Gonna make an update on the post.
    Which team you are in? Did you guys made it to the finals?

    ReplyDelete
  3. Hi David, i am part of PentestACLs from Australia. It's our first time doing CTF and we all are very excited. We managed to get to the final but the whole team might not make it to the US considering how much it costs to fly there for the competition :(.

    ReplyDelete
    Replies
    1. I am sorry to hear that. Can't you do some "found raising" to get the tickets?

      Delete
    2. We ended up going with a lot of us paying the ticket with our own money. It will be a fun trip to the US, i suppose.We did get some funding from work to help reduce the cost so we are pretty happy.

      Delete
    3. San, that's great news! All the best for the best for the finals! :)

      Delete
  4. Sorry to read that, David.
    as santrancisco said, we also got greg's with a local kernel privilege exploit
    Thanks for the nice summaries, they are good :)

    ReplyDelete
  5. BATMUNKH Moltov, asimjaweesh: THX guys, I am really glad you liked the write-ups.

    Even though we didn't managed to get into the finals this year, at the end, it's just a game. We will try again next year! :)

    BTW, does anyone know if there are CTF games like Cyberlympics out there? I don't really like the jeopardy-kind of "CTFs" (back in the days, these were called Wargame anyway...) or the attack-defense CTFs like RuCTFe...

    Think I saw that @j0emccray does something similar, but the fee is something like $50 per team member, per game...

    ReplyDelete
  6. Hi David,
    We are pretty new to CTF but here is one of the site that list out all the famous CTF (such as defcon, t213, etc..): http://ctftime.org/
    They also keep track of the teams that participate. :) I recently put our team down for ASIS CTF at last minute but unfortunately none of my colleague were free to join me and I ended up playing alone at home in the weekend... =))

    ReplyDelete
    Replies
    1. Yes, I know CTFtime too (gula.sh) is also registered. :)

      But like I said, they are either jeopardy-style CTFs or attack-defense CTFs. ASIS CTF was jeopardy-style wasn't it?

      No, what I am looking for is really something like on the Cyberlympics finals... I don't know what's the correct name for that... "king of the hill" style CTF? :)

      Delete
  7. Hey Szili heared of CTF365? http://www.ctf365.com/

    ReplyDelete
    Replies
    1. Hi asimjaweesh,
      Yeap heard about that one.I really wanna try it out one day.
      Do you have any experience with it?

      Delete