Switch branches/tags
Nothing to show
Find file History
Latest commit d96f468 Dec 8, 2018
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
ubuntu docker info Dec 5, 2018
windows update file name Dec 8, 2018
README.md Remembered more card info Dec 4, 2018
docker_containers.png Add readme Dec 4, 2018
solves.png Add readme Dec 4, 2018

README.md

Metasploit Community CTF 2018 Writeup

Overview

This is a brief writeup of the CTF since I originally didn't intend on doing a writeup! There was limited time to capture writeup notes after the competition ended, so this is more of a writeup/brain dump.

November 30th, 2018 - December 3rd, 2018

https://metasploitctf.com/

https://blog.rapid7.com/2018/12/03/congrats-to-the-2018-metasploit-community-ctf-winners/

Players / Teams

Max capacity: 1,000 teams - with any number of players using team account

Format

Each team is given a Kali instance to ssh into, and from there we could attack the two targets.

One target was an Ubuntu box which was running many docker containers. It was possible to eventually break out of a container and get onto the Ubuntu host as you can see below:

docker containers

The other target was a Windows box, where the only entry point was a Buffer Overflow exploit on port 4444. I did not get a shell here until after the competition was over, but captured as many files as I could in that time.

Flags

Flags came in the form of PNGs showing an image of a card, and to submit the flag we had to subit the MD5 sum of the image. Each of the cards had a nice description about how it's related to Metasploit, like card X is where our office is or card Y is our CEO, but that information disappeared once the CTF finished.

There were 15 flags in total. 9 flags were in Ubuntu, 5 in Windows, and 1 flag required files that lived in both boxes.

  • 2 of Clubs (WMI)
  • King of Diamonds (libssh)
  • 2 of Diamonds (Vax)
  • 6 of Hearts (Goliath - Metasploit data service)
  • 10 of Hearts (Struts)
  • Queen of Clubs (MIME)
  • Ace of Diamonds (flag_finder_9000.exe)
  • 10 of Diamonds (Heavily obfuscated EXE)
  • 8 of Diamonds (obfuscated JavaScript with troll)
  • 9 of Hearts (port 8777)
  • Ace of Hearts (GPG)
  • 3 of Clubs (Terms of Service)
  • 5 of Spades (Msf module - port 9021)
  • 3 of Diamonds (SQLi)
  • 9 of Spades (encrypted flag)

flags

Scoreboard

No Team Score
1 checksec 1500
2 rememberingAaronSwartz 1500
3 Shad0wSynd1cate 1500
4 exit 1500
5 Snadoteam 1300
6 TheAvengers 1300
7 Arachnid 1300
8 Kasselhackt 1200
9 NCATS 1200
10 GirlsTakingOver 1200
11 BisonSquad 1100
12 alertot 1100
13 DH 1000
14 hackstreetboys 1000
15 Blackfoxs 1000
16 b0yd 900
17 USW 800
18 bc 800
19 SB18 800
20 wunder_brot 800

My team came 19th.