Over the end of April beginning of May, I was able to attend my first info sec conference, CarolinaCon. In short, I will go out of my way to make sure that I attend the conference next year. The talks were great, people there were fun to meet, and overall it was just an experience that I really enjoyed. It was cool being around a lot of people who were all just very interested in security.
I participated in the Capture the Flag event that CarolinaCon put on. I highly recommend, if possible, everyone to participate in these events because even if you don’t win, you walk away having learned a lot.
The CTF event started at 7:00pm, and I was able to capture one of the targets at 7:20pm. It was a pretty simple attack because it was running a vulnerable service that Nessus had easily detected. I exploited it using Metasploit and found the first flag.
The second flag I got took all day to get. It was a web form vulnerable to SQL injection. I spent all day trying to format the query to dump the information that I needed, however I just couldn’t get it. It was probably a good 8 hours on and off I was working to figure out the correct syntax. At the end of the 8 hours, I discovered a great tool called SQLMap. With this, I was able to dump the whole database in about 20 seconds. I was annoyed because I tried using SQLMap earlier, however it was doing URL based injections, vs. form based. Unfortunately, I missed the –forms flag that SQLMap has, and had turned back to manually figuring it out. Anyways, once I had the –forms flag set, it worked like a charm.
The third flag was a fun one to get. What I didn’t mention earlier, was that when I was on the first box, I dumped the hashes. Well, the third box was on a separate only accessible through the first box. So I had to re-exploit the first system so I could pivot from it into the third box. Once I setup the routing, I was able to perform a pass the hash attack using the hashes I dumped from the first box, onto the third box. This gave me access and I was able to get the third flag.
I exploited 3 of the 5 boxes, and I ended up winning the tournament because no one else was able to exploit the two remaining boxes. It was a really fun tournament, I learned some new tools/techniques, and it was a good time.
In short, I am really looking forward to it again next year.