28 May 2017

A few months ago I went to RSA Conference 2017, and participated in the SANS Core NetWars CTF there. The CTF is broken up into five levels of increasing difficulty, with each level consisting of a series of questions that you have to answer. Some of the easiest questions are trivial Linux knowledge, while the more advanced questions require you to do anything from hack mobile phones to pivot across a corporate network, and the highest level is a PVP mode. You start by being given a VM image of a Linux machine, and have to work your way from there. I scored 117 points in the three hours alloted, netting me first place and a cool trophy and challenge coin.

Level One

Level one is mostly trivial questions — “what is the user name of the user you are logged in as” type stuff. They’re mostly reconnaissance, and easy recon at that.

Level Two

Level Two is exploitation — brute force an FTP server that is running on the machine, then get yourself in the sudo group. I think the intended solution was to use Single User Mode or something; I just mounted the hard drive in another VM and chrooted into it. After that, you set up persistent access with SSH and you move on to Level Three.

Level Three

When you get to Level Three, you are issued credentials to a web server that looks like a CI suite for a mobile app developer; you can install apps and view web pages from the perspective of an Android VM. The first questions have you use the web page viewer to exfiltrate some info about the VM host, and the final question requires you to remotely root the VM. I got stuck here; I could generate backdoored apk’s with meterpreter, but the installer kept failing for some reason. I suspect the problem was with the apk’s digital signatures.


NetWars was the highlight of my RSA Conference, and I’ll be trying again (and other CTFs) in the future.