CarolinaCon Capture the Flag Event

Over the end of April beginning of May, I was able to attend my first info sec conference, CarolinaCon.  In short, I will go out of my way to make sure that I attend the conference next year.  The talks were great, people there were fun to meet, and overall it was just an experience that I really enjoyed.  It was cool being around a lot of people who were all just very interested in security.

I participated in the Capture the Flag event that CarolinaCon put on.  I highly recommend, if possible, everyone to participate in these events because even if you don’t win, you walk away having learned a lot.

The CTF event started at 7:00pm, and I was able to capture one of the targets at 7:20pm.  It was a pretty simple attack because it was running a vulnerable service that Nessus had easily detected.  I exploited it using Metasploit and found the first flag.

The second flag I got took all day to get.  It was a web form vulnerable to SQL injection.  I spent all day trying to format the query to dump the information that I needed, however I just couldn’t get it.  It was probably a good 8 hours on and off I was working to figure out the correct syntax.  At the end of the 8 hours, I discovered a great tool called SQLMap.  With this, I was able to dump the whole database in about 20 seconds.  I was annoyed because I tried using SQLMap earlier, however it was doing URL based injections, vs. form based.  Unfortunately, I missed the –forms flag that SQLMap has, and had turned back to manually figuring it out.  Anyways, once I had the –forms flag set, it worked like a charm.

The third flag was a fun one to get.  What I didn’t mention earlier, was that when I was on the first box, I dumped the hashes.  Well, the third box was on a separate only accessible through the first box.  So I had to re-exploit the first system so I could pivot from it into the third box.  Once I setup the routing, I was able to perform a pass the hash attack using the hashes I dumped from the first box, onto the third box.  This gave me access and I was able to get the third flag.

I exploited 3 of the 5 boxes, and I ended up winning the tournament because no one else was able to exploit the two remaining boxes.  It was a really fun tournament, I learned some new tools/techniques, and it was a good time.

In short, I am really looking forward to it again next year.

Leave a Reply