How RAZE Captured the Flags
JSchmoe wins the CTF, but me & wirewise would still like to make a writeup about our failure :P
First of all, gaining access for me and WireWise was incredibly hard, due to the following reasons:
- Our proxies were unresponsive
- Nmap spitted out weird and unreadable output
- Port forwarding didn't work for both of us
- And a lot more...
After the problems suser decided to give us the vulnerable port (due to nmap not working) and allowed me to SSH into his attacking machine because mine was having a lot of trouble reaching the CTF server.
For the exploitation, we simply used the tomcat_mgr_upload exploit, which basically automates what JSchmoe did in his breach of the server. We used a Java meterpreter payload.
The login credentials were tomcat/tomcat. It was late so suser simply gave them to us. Maybe because he felt sorry for our unfortunate technical difficulties.
Once we executed the exploit and got in, we looked for the files using the find / -name "*.gpg command as well. But suser sent me the flags because I couldn't download them directly to my machine (take note that I was using his attack box).
Once that was done, It is just a matter of cracking! Ugh!
Sorry for the un-detailed description, but RAZE didn't really do much due to our technical difficulties. We spent more than 3 hours on trying to even reach the server, not to mention the other problems we had!
Me and WireWise will stop here with the competition, thus making JSchmoe the winner. Well played Joe, well played.
Me and WireWise also have a suggestion for the next CTF: declare it earlier! Like one month before it is actually kicked off! Most hacks take years to complete, this one isn't that much different. I think the reason for our problems was lack of preparation time.
Was it a fun experience? Not really, due to all the problems me and WireWise experienced. But we will hopefully have more luck next time!