Black Box 1 Flag Writeup

Sat, 08 Aug 2020 13:29:43

Previous Exploit

Doing a search of Control 4 C4-HC250-BL + exploit in Google netted us with the default password used to exploit.

Black Box 1 Flag

I noticed there was a Black Box Challenge for Control 4, which we previously exploited.

With the password we previously used, we could ssh into the ip to access the directory: /etc/init.d/c4server.

We took the MD5 sum of /etc/init.d/c4server to retrieve the flag.

SOHOplessly Brokenmd5reading the instructions

Mosquitto Flag 2

Control4 Flag