Thanks and congratulations to @dan_crowley and @jolly for winning the CTF and also winning at the Cyberlimpycs.
Dan was p0wning targets LEFT and RIGHT. Awesome job!. Let’s take a look at the hardware related challenges we featured at this edition of Kommand && KonTroll CTF
In this picture we have the 3 hardware related challenges.
PrintMe Flag. The only way to win this flag was to first compromise the target VM at the ESXi then escalate privileges and finally print the flag.
At the center there is an Arduino UNO/Ethernet shield. This was pretty easy. It consisted of a HTTP parameter that had to be modified in order to turn ON /OFF the LED in a certain sequence. Most players got this one pretty fast.
Then the SheevaPlug server which could be by itself a single CTF. I used this one for Flash M0b CTF at DEFCON but back then this little wonder was running a FULLY functional C&C with two Zombies which were XP SP2s. This time it was running an install of WP that had several vulnerable plugins and the flag was the MD5 hash found at password table. Also notice that there is an USB programmable LED display attached to it. The characters displayed were also modifiable but to do it player had to gain root and compile some code which is actually available on the internet.
Most targets at Kommand && KonTroll CTF have SEVERAL attack vectors as I try to give players with different backgrounds the opportunity to win it, be it a web app or network or binary type of background. Below are some pictures of the event. If you want us to be at your event or you organize these type of competitions and want us to partner up feel free to reach out to us at firstname.lastname@example.org . Thanks again to EC-Council and all the people at Hacker Halted 2011 that stopped by and played. And for the record no one has yet taken over the C&C. Stay tuned for future dates…
P.S: Most people said that the MUSIC was awesome. Well the music was basically hand picked Tech House/Minimal/Dubstep from MIA/NYC/London UNDERGROUND EDM scene which I am an avid follower of :)… No you won’t be hearing that music on the radio or TV anytime soon…..