 Good morning. It is January 26th. It's Saturday. It's currently 7.53 in the morning. I'm in New York. I drove here last night to get into Long Island because I'm going to be heading to the B-Sides Long Island conference tomorrow, which is today now, and playing their capsule flag. So it was like a four-hour drive last night. But finally here, stayed at the East Norwich Inn or the East Norwich Hotel, which is this place. So registration is 8.30. So it's breakfast. So I'm going to get on the road and I'll see you there. Bye-bye. Right. I'm here, but I'm early. It's 8.20. So I have 10 more minutes to go inside. And that's like even registration. Like that's breakfast. Like nothing's going to be happening. But having a place to put my laptop down and just use the internet would be good because I can't do it very well from my car. I need to do you though, because I need to get my tickets. There's a QR code. Someone's coming. Someone's coming to park. It's anxiety. All right. See you inside. Hey, what's up? It's me, John, from the future. That right there is January, John. And this is February, John. So I guess the now, John, I don't know, but hello. This is what I want to try and do. Well, I was at B-Sides Long Island and playing this competition. I had the idea like, well, let's not only screen record the footage of me playing the competition. Let's also get my webcam on so you can see me up there picking my nose and scratching my head and all the doing all the stupid real life stuff as this is going on. And I figured, all right, now I'll do a little bit of commentary and talk about what you're seeing on the screen. So this game is the B-Sides Long Island CTF that was put on by Cursive Security. It's meant to be a kind of king of the hill-like game where if you've got a control of one machine or if you've got some flag that you can protect, make yours, protect it, try to lock it down, etc. And it still had CTF-like aspects to it, but there was one machine, a 192.168.1.10 right up there. And that was supposed to be the entrance to all the other machines because the other machines were knatted. They had some peculiar ports going on and lots of interesting things. So that's what I wanted to try for. It had a, I think, little WordPress site that's up there, a Drupal site. There was a PF Sense machine going on. There was supposed to be some RDP thing that's the zero cool one. And I struggled with this for like the longest time because I couldn't find the RDP service running on the machine from my end map scans. And apparently it was just straight up there, though. I went up to the organizers and asked them at one point, hey, is RDP even on? Is this doing the thing that it's supposed to do? And I tried to use Hydra to go ahead and look through different, like, will it brute force RDP? Do I have to specify domain? What do I need to do, etc. I'm just trying to hop around and trying to determine what can I look at? What can I find? Do I have any footholds at all? So I'm trying to create some word lists, try to determine stuff based off of the zero cool stuff. So you might have seen and kind of game stuff that they gave me. Oh, I found one flag there that was just some SSH connection. I think that's on the Gibson. Yeah, I go back and found it and tried to submit it at some point. Found it eventually. And there it is. Okay, some green that you might be able to see. Got a couple points on the scoreboard, because originally for like the longest time, for just an hour, I was like, I don't have anything. I have nothing. What's going to, how am I going to do? So RDP wasn't there. Zero cool is the reference. And in the tools and references and the files they gave you, they give you the script of the entire 1995 hackers movie. So all of these challenges and the character names and all the different things are referred to characters. Sorry, the all the challenges have the names of the characters that are from the movie hackers. So they give us the entire script. And I try and do a bunch of different M map scans to see it might not am I missing this RDP port, etc. You also see me just playing on my phone up there trying to text some people. I'm trying to be better about not doxing myself in my in my screen cap footage. So I'll use Slack or talk to some people from my phone. So I went for like the longest time trying to figure out this first challenge, like what is the password for the Dave Murphy account in RDP. And I got nowhere. I tried stuff that's in the hacker script. I tried like, I think it's secret love and sex. It says they're the most commonly used passwords. Tried all those didn't get anywhere. Try to use zero cool. Try to use other hacker names. Got nothing. Tried regular password, etc, etc. Oh God was another one they mentioned in order to eventually just try to find other things. Because one person one person that was playing solved it. And he said like, Yo, did you get this yet? And was like, No, I don't know what the hell I'm doing because I can't find this RDP service. He's like, Yeah, I couldn't find it either. But I kind of cheated. I was like, What does that mean? He didn't cheat. But he kind of thought about this in like a smart way. Like, it's going to be one one of those default passwords. So I don't know why I didn't try this by hand. I actually literally tried something. I don't know if it's showcases in the footage later, but I literally wrote something to try and brute force submitting a flag. We're just running through this. And at this point in the game, there becomes a serious problem. Because what they have done as the game creators is they have ran the scoreboard or like the flag submission framework on one dot 10. And again, all the other challenges are in there. So we are attacking the same machine that is hosting the scoreboard. So what do you know, it goes down. And we aren't able to access for a long time. And there was a good while where you saw that unable to connect and services down. So I try to just write my ideas. It's like, what are the challenges that I could work on or even realistically solve. But I just do nothing for however long this takes. And eventually the game comes back on. But the game isn't started yet. They really have to turn it back on. So I get in and I keep trying other passwords that where I think I got it. And obviously I still don't. So trying other stuff, moving around, going back to the flag for my thing. And I keep hitting it so many times just trying to scrape its straws and figure out what this might be. Anyway, I don't know if I mentioned route the box is the platform and framework the game is on. Very, very cool. I've tried to do this recording a couple times. So maybe I did mention it. Maybe I didn't. But the game is hosted on a route the box, which is very cool. I think it's MOLOC that wrote it or M-0-L-O-C-H blah blah blah. I don't know if that's the zero or the O is in the right place. But also didn't know what to do with any of the other challenges. And they're kind of strange. It felt kind of bottlenecked in some of these because you have to unlock other challenges. And either if you couldn't find out one or you couldn't determine the other, you were stuck. Like you weren't able to move on. So anyway, you had the issues with the connectivity, guessing some of these flags here or challenges. I did not entirely like this game. But who am I to judge, right? I'm just a fellow player, just a dude. You can see I'm trying to connect to the RDP service, trying, trying, trying. And it doesn't work to no avail. At this point, yeah, you can see what I'm doing is I actually wrote that curl script or a little bash script and with curl to go ahead and literally brute force submissions. And I didn't get anywhere. I think I was doing it wrong though. I think there's a cross-site request forgery token that I didn't take. And it might not have actually got it because I think from just looking at it now the password is in there. In is in that word list that I was trying to use. I think rock you. I honestly just should have went through rock you kind of by hand and submit at least the first couple hundred or not not 100 but even like the first 20 and it would have been fine. Hydra is still trying to get logged in with RDP. No luck on that. I'm trying to rock through some SSH connection to see if there's anything more I can find. Like that SSH connection that I found earlier that would let me connect, is there a default password or something easy that I could crack and or guess at least with that? And for the longest time it acts like it's down. So just fighting. Looks like I'm getting closer. There it is. There it is. There it is. I found it. Yeah. So the password was one two three four five and I was so angry and rage quit because for the longest time I was like oh it's got to be hinted in the hacker source like the hackers the movie the movie script some of the characters some of the passwords they're referring to. Even the person that I was sitting with thought that his team got it. Turned out they didn't but he thought they did because it had said one submission but it was really just the other team that had submitted it. So Butter Overflow is my team by the way. I guess I was in third at that point trying to figure out what more can I get how can I kind of jump into this because I would like to be able to lead the lead the pack here run him through it looking at the pf sense. I wanted to go ahead and tackle Drupal but when I started to look at it suddenly I got the install page and I figured someone has already exploited this or got onto it because suddenly I am left to install Drupal where it had a regular login before so something was clearly wrong or they had already owned it and we're just locking it out so that no one else could get into it which was sinister but also very very a good play right like that's that's honestly what I did later on and actually you can see I skipped some footage here I don't know if you saw the Hydra output but I got Razer and the Password Password One so I got into this box this machine found some flags and I got used that as a pivot point because that was able to actually access all the other machines and I found a lot of flags through that so I was able to submit those and then Rapid Fire submitted them and locked them in sorry sorry excuse me Metasploit and Empire were actually on this box so you could if you wanted to and if you knew enough between Metasploit and stuff try to throw it at other machines I tried to throw Eternal Blue at all the other boxes but didn't get anywhere honestly this is the point where I was upset with myself because I was like man I don't know anything about Metasploit like I don't know other than Eternal Blue like other cheesy exploits to throw or just something without without getting any tip off from anything like an end map scan or open boss or Nessus like I wouldn't know what to do so you can see me trying to enter some usernames again try to see if I can SSH into some others with with that material I'm trying to use the SSH numerators to find that in Metasploit because I've got Metasploit now in their local network which is cool which is very cool and you see my end map scan to see what's inside the local network so at this point you might see the scoreboard flying around I had climbed the first place and that was solely because of these machines that I got into and then I wondered what can I do with this flag that I've got because the flag that I had was worth 200 points and it was worth more than any of the others that were on the game I don't know why I have you see me eating lunch there I changed the flag actually and I asked the organizers I asked the the competition organizers like is this in scope is this cool because they gave us like a debrief at the beginning that like you can do anything there aren't a lot of rules you can do whatever you want because someone told me as I get on that box when the competition organizers came up and says like hey what's your team name and I'm like I'm buffer overflow and he's like ah are you on the UKF factory or whatever the thing was called and you OTV network that's what it was and I said yeah that's me and he said uh you're on that box right and I was like yeah I'm on that box and he's like yeah you are on that box and I kind of like he clued me into what he was saying like dude lock it down try and protect your stuff uh you can make yourself the king of the hill here um I was like oh yeah so I kind of changed the flag permissions and after after I asked him like is it is it in scope is it kosher for me to change this flag he's like don't change it but do we need to hide it don't don't move it um but change the permissions trying to you know nerf it I actually removed the LS command at one point and that was I thought a good move because I was like I don't want anyone yeah you can see it I RM been a less and literally just killed it so uh just to annoy people if anyone got on that machine and then again I'm trying other options and other things Drupal was straight up dead it sounds like after the conversation after the competition and the conversation I had with the organizers if you just threw the tool Drupal get in at it or some I've honestly never heard of it but the utility Drupal get in would just hammer that thing um this is a funny thing because you can see in one of my terminals I'm actually trying to set up a reverse shell and someone else is just throwing data at it that 192.168.1.209 address is another player and I was like someone's here someone's trying to someone's trying to knock on these doors um and I'm getting to a point later on and later on in the game uh we're getting closer to the end there where I realize the password for the razor account has been changed and I didn't add another user or anything through it so I am stuck and razor is my pivot point into the otv network so I realized that I only had one shell inside the otv network inside the pivot point I'm sorry whoever that dude was it was apparently looking I may have docked you on the internet forgive me um the people that are in the background video I hope unspoken permission I hope um so I was running out of ground like I was losing ground I'm losing my edge and I thought like someone's gonna get this flex flag someone's gonna overtake me because I'm only 100 or 100 200 points away from someone like taking my throne as as first place and I did not want that uh so you can see me get like visibly anxious like I have like evident anxiety um and I'm flipping between tabs I'm twiddling my thumbs trying to figure out how I can get a stable shell where I'm trying to do reverse callback so I get another shell but that is the only one like that that uh terminator window was the only panel that I had that still had a shell everything else had died and I couldn't get a stable connection back so I was like man I'm running out I'm losing the edge I don't know if I'll be able to win this um and 227 I don't know if the game ended at 330 you can see me text on my girlfriend you can see me just like I don't know it's yeah I'm twiddling my thumbs I'm like what do I do uh I got nothing to go off of right now um but uh at the end of it I did win and that was the 230 mark yeah that was the end of the competition it's 230 so that was that cool game rough I missed a lot of I missed a lot of things I didn't know as much as I should have struggled with it because of the infrastructure but got first place got a lot of really cool tool toys with it um I got the land turtle I got the bash bunny usb rubber ducky a $50 ebook gift voucher to no starch press which is very cool and a sparrow's lock picking so uh a lot of uh a lot of pillage the village in that one to the victor gold spoils I was very very pleased so it was a great game it was fun uh some quibbles throughout the way but uh locked it down I want to showcase it for you hope you enjoyed thanks all