Setting Up and Using Tools

Sat, 08 Aug 2020 12:18:30

We’ve learned how to use couple different tools since we’ve started working on the SOHOplessly Broken CTF. Kali We set up a Vagrant machine to use as a common starting place for each of our machines. It has all of the standard Kali tools installed, as well as some other standard exploit tools. Requirements Git Vagrant Virtualbox Package Managers It is recommended to use a package manager for installing and updating this software.…

Day2 Port Scan Update

Sat, 08 Aug 2020 12:16:14

After getting connected to the SOHOplesslyBroken VPN, we did an nmap scan of the local IP range for any devices. This as an update to show what flags have already been captured. nmap 192.168.10.0/24 Control4 Open Source Software Notice url: http://192.168.10.101/ PORT STATE SERVICE 21/tcp closed ftp 22/tcp closed ssh 80/tcp open http Current State: Has not been accessed.…

Mosquitto Flag

Sat, 08 Aug 2020 11:19:07

The hint for the flag was. See if you have the patience to scratch the itch; patience is key. Mosquitto bites are so annoying! Connect at: 209.97.159.20:1883 Creds: iot:iot We had a feeling that this had something to do with MQTT based off the mosquitto name. Searching for port 1883 confirmed this, as this is a standard port of MQTT. We installed the mosquitto client using: sudo apt install -y mosquitto-clients We then connected to the server using:…

Fortinet Flag

Fri, 07 Aug 2020 23:33:58

Finding the exploit, we did some google-fu and learned a bit about some of the exploits for the device, but we didn’t know which device on the network it was. We connected to one of the devices and figured out that the favicon of the admin page was Fortinet’s logo. From there we started to run some of the exploits. The one that worked for us was https://www.exploit-db.com/exploits/43386 Exploit #!/usr/bin/env python # SSH Backdoor for FortiGate OS Version 4.…

GeoVision Flag

Fri, 07 Aug 2020 23:33:44

Doing a search of GeoVision GV-SNVR0811 + exploit in Google netted us with a ton of results with the following exploit. https://www.exploit-db.com/exploits/45065 Exploit # Exploit Title: GeoVision GV-SNVR0811 Directory Traversal # Exploit Author: Berk Dusunur # Google Dork: N/A # Type: Hardware # Date: 2018-07-21 # Vendor Homepage: http://www.geovision.com.tw/product/GV-SNVR0811 # Software Link: http://www.geovision.com.tw/product/GV-SNVR0811 # Affected Version: N/A # Tested on: Parrot OS # CVE : N/A # Proof Of Concept GET Request GET .…

Nuuo NVR Mini Flag

Fri, 07 Aug 2020 14:02:00

We were able to get the flag off of our first device using a known exploit. We found this known exploit by searching for the device + exploit in to Google. We found the following vulnerability in Exploit Database. https://www.exploit-db.com/exploits/40209 Script #!/usr/bin/env python # # # NUUO Remote Root Exploit # # # Vendor: NUUO Inc. # Product web page: http://www.nuuo.com # Affected version: <=3.0.8 # # Summary: NUUO NVRmini 2 is the lightweight, portable NVR solution with NAS # functionality.…

Initial Port Scan

Fri, 07 Aug 2020 12:34:02

After getting connected to the SOHOplesslyBroken VPN, we did an nmap scan of the local IP range for any devices. nmap 192.168.10.0/24 Control4 Open Source Software Notice url: http://192.168.10.101/ PORT STATE SERVICE 21/tcp closed ftp 22/tcp closed ssh 80/tcp open http Link Clicker url: http://192.168.10.187/ PORT STATE SERVICE 80/tcp open http NUUO Network Video Recorder url: http://192.…

Website

Sun, 02 Aug 2020 13:11:07

The point of this website is to keep track of our captured flags and the things we’ve learned at defcon28. …