Cyberlympics 2013 Round 3 summary and results

So Round 3 is over. It was pretty much the same as last year; VPN connection into a network with the target machines, 2 Backtracks as pentest machines and about 3 hours to flag / report as many systems and findings as we can. :)


Just real quickly, one possible way to flag the machines were these:
  • 192.168.150.10 (STEVE-WORKSTATION) - Metasploit: exploit/windows/smb/ms08_067_netapi >> SYSTEM
  • 192.168.150.20 (GREG-WORKSTATION) - greg reused password (same password as on 192.168.150.30), word readable /etc/shadow, udev user's password hash was cracked, udev user was in sudoers >> root
  • 192.168.150.30 (STATLER) - Metasploit: exploit/windows/smb/ms08_067_netapi >> SYSTEM
  • 192.168.150.40 (ANIMAL) - Metasploit: exploit/linux/mysql/mysql_yassl_getname or exploit/linux/mysql/mysql_yassl_hello >> root
    Not sure which exploit is the one, because we tried it the hard way: the mysql root user had the password "password" and we tried writing files with it.

The jump host was 192.168.150.10 (STEVE-WORKSTATION), 2 more machines were accessible from here:

  • 10.100.1.50 (WALDORF) - ??? No one managed to p0wn this machine in the European round! (If you know what was the way to pwn, please comment!)
    UPDATE: Thx to San's comment, the solution was: Logging into the box with steve's(or greg's) credentials and then privilege escalation with a kernel exploit >> root
  • 10.100.1.60 (FOZZIEBEAR) - Metasploit: exploit/windows/smb/ms04_011_lsass >> SYSTEM

Other artifacts were like: user password hashes, sensitive information in text files, ssh keys, missing patches, etc.

I also made screenshots of the last moments of the finals:




Unfortunately, this was not enough for us to get into the finals. We ended up at the 5th (?!) place (we still trying to figure out how) but the end result on the European Round 3 was:

1. SectorC – Netherlands
2. Pruts.ERS– Netherlands
3. PRAUDITORS –Hungary
4. nanosloopers – United Kingdom
5. gula.sh – Hungary
6. Hack.ERS – Netherlands

Of course we were a bit sad, but hey, it's only a game. We had fun and we will try again next year for sure ;)

Comments