Sorry, We are not Recruiting!

We are not actively recruiting at this time. We may have spots open after CSAW.

(updated: 3/22/2018)


Friday, August 15, 2014

Booty Wireless CTF


[This is a write-up of Wasabi's experiences at the 24 hours of Booty, wireless CTF at Unallocated Space. This Wireless CTF was organized by @rmellendick of Defcon's Wireless Village fame. Rick and @DaKahuna2007 also organized last year's wifi CTF for BSides-DC. In fact many of the challenges are the same (Write-up here).]

This version was a sprint of what will be done at DEFCON.

There were 8 challenges

PGP Keys used to submit flags

The team who won had the guy that placed 2nd at DEFCON last year.

I was on a team with Cryptos

Challenge 1
WCTF01 (access point)
  • Open
  • Very specific nmap scan to get .100 to answer it did not respond to quick scans
  • Narrowed search to just port 80 to shorten scan
  • Went to site flag was on the web page
Challenge 2
WCTF02 (access point)
  • Same situation as Challenge 1 but it was on channel 13 for Japan
  • This was not a problem running linux with a alpha card. People using different set ups had to think out of the box.
Challenge 3
WCTF03 (access point)
  • WEP Crack problem
  • Ran Airmon, Aircrack, Airiodump.
  • **Problems getting enough IVs while people were doing other challenges and deauthing.
Challenge 4
WCTF04 (access point)
  • WPA2 challenge
  • did not complete
Challenge 5
WCTF05 (access point)
  • did not complete
Challenge 6
WCTF06 (access point)
Challenge 7
WCTF07 (access point)
  • Hardware specific challenge needed AC card to complete then same as challenge 1
Challenge 8
WCTF08 (access point)

did not complete via technology. Got by seeing other people screens

SUPER PRO EPIC SETUP


Power Set up
3 prong plug $3.00
http://www.amazon.com/dp/B002SNB9XE/ref=wl_it_dp_o_pC_nS_ttl?_encoding=UTF8&colid=1YMS3V45V7EPA&coliid=IHV2JIZX8NUJI

Belkin 6 outlet plug X2 $19.99 each
http://www.amazon.com/dp/B00ATZJ606/ref=wl_it_dp_o_pC_nS_ttl?_encoding=UTF8&colid=1YMS3V45V7EPA&coliid=I1AF7DLEVTOO07&psc=1

Attack Setup
12 port powered USB HUB $24.99
http://www.amazon.com/dp/B0051PGX2I/ref=wl_it_dp_o_pC_nS_ttl?_encoding=UTF8&colid=1YMS3V45V7EPA&coliid=IFRFIPY5U23CL

TP LINK External Wifi X5 or more $13.65 each

http://www.amazon.com/dp/B002SZEOLG/ref=wl_it_dp_o_pC_nS_ttl?_encoding=UTF8&colid=1YMS3V45V7EPA&coliid=I1TQMP4OU2K8RX&psc=1

ASUS AC Card $66.99
http://www.newegg.com/Product/Product.aspx?Item=N82E16833320175

About Crimson Agents

Formed in 2013, Crimson Agents is a DC based recreational security team that competes in various computer security wargames and hacker jeopardy contests. Our team comprised of various professionals seeking to practice and enhance our skills in penetration testing, vulnerability development, computer network defense, forensics, and reverse engineering. In addition to exploitation based CTFs, we also compete in Wireless CTFs with several members who focus solely in this domain. Our sister team Threat Inc focuses on defensive exercises such as malware analysis, forensics, honeypots, and network captures. We reuse what we learn from our "Blue Team" research to make our "Red Team" operations more effective and vice-versa.