So from this point forward, it pretty easy to figure out that dotDefender is installed in the /dotDefender folder. => clear reference to “Applicure”, which is the company that developed dotDefender : Note : at the time of writing this documentation, it looks like the offsec crew changed the behaviour to block the display of the dotDefender error message : That attempt redirected me to an error page generated by a plugin called dotDefender. I decided to start with a simple sql injection attempt (basically just put a single quote in the Username field). So my next step was to see what kind of error messages I could trigger when doing some simple tests. I had a quick look at the source (fields, forms, etc) of the login page but there was not much to see. Of course, if that wouldn’t lead to anything useful, I could still do plan B : bruteforcing files and directories. So my initial plan was not to start “hammering” on the login page, but rather to see if the form/login page will give us some information that can be helpful to get access to the system (regardless of whether there is something behind the login page). But in this case, the challenge is about getting a file.Īt the same time, the only thing we see is the login page. Usually, when someone sees a login page during a pentest, there’s a big chance they will try to “log in” or bypass the login. Time pressure :-) Let’s see.īack to the login page. It’s saturday, 4pm, and I had invited some friends to come over later in the evening… well, in about an hour and a half to be more precise… I still needed to prep some stuff in the kitchen, so I decided to give it my best shot, but at the same time I also realized that if I wouldn’t be able to get the secret key before my little party starts, I wouldn’t probably make it in time (=be one of the first 100 people) either. Only the first 100 people to get this file/extract the key from the file, would get a seat for the real tournament. The “hints and tips” section of the tournament stated that, in this phase of the tournament, the goal is to get the contents of a file called n00bSecret.txt and use the key inside this file to register for the real labs. Upon connecting to the machines hosting the “secret key”, a simple login form was displayed : ( or ) In the “pre-challenge” exercise (the challenge to filter participants and only allow the first 100 to connect), we were kindly requested to find a secret key and use it to register for the tournament Control Panel. You can see the scoreboard here and find out how good/average/bad I did : Whether that was enough to break the challenges or not, will become clear soon.īefore the games started, I was hoping there would be a good amount of of Windows systems / Exploit building exercises (and not a lot of linux systems/web based apps because I’m not really strong in those areas) Let’s find out how far I got with this approach. I just took OffSec’s “Try Harder” philosophy serious and tried to “think out of the box” instead of relying/focussing on tools. (and in case you were wondering : I registered as “corelanc0d3r” ( getting started, it’s important to note that I’m not a pentester at all. What follows below, are my personal notes I took during the contest. document your findings and submit them to offsec.Ī lot of people registered for the tournament, so in order to avoid massive overload and bandwidth issues, a few days before the contest would start, all participants were told that they would have to pass a “n00b” filter, an “easy” phase1 challenge before we could actually VPN into the lab and start the real challenge.be the first one to grab “secret” information from a machine and post it to the Tournament Control Panel.The primary goals of the tournament are : Over the last 2 days my friends from Corelan Team and I participated in a Hacking Tournament, organized by Offensive Security.
0 Comments
Leave a Reply. |