Skip to content
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
58 lines (37 sloc) 1.67 KB


Flag Slurper contains a utility for automatically attempting default credentails against teams' SSH hosts. This works by grabbing the team list from :term:`IScorE` and a list of all the services. The default credentails it uses are:

  • root:cdc
  • cdc:cdc


AutoPWN requires a database. For many cases sqlite will do, but in order to use parallel AutoPWN, a server-based database (such as postgres) is required. This is due to sqlite only allowing one writer at a time. The database can be configured in your flagrc file:

; For sqlite (default)
url=sqlite:///{{ project }}/db.sqlite

; For postgres

The {{ project }} variable is the file path to the current project and is optional.


You first need to create a project and result database:

flag-slurper project init -b ~/cdcs/isu2-18 --name "ISU2 2018"
flag-slurper project create-db

To generate the team and service list you can simply run:

flag-slurper autopwn generate

This will cache the team and service lists into the database. This will be used by other autopwn commands so they don't need to keep hitting the :term:`IScorE` API during the attack phase when the API is getting hammered.

After generating the local files, you can then pwn all the things!

flag-slurper autopwn pwn

This will print out what credentials worked on which machines and any flags found. These results are recorded in the database and can be viewed like this:

flag-slurper autopwn results
You can’t perform that action at this time.