User Controls
Capture The Flag (Psst Spectral)
-
2015-09-20 at 12:25 PM UTCAs l33t ub3r h4xx0r Spectral knows that a Capture The Flag or CTF is an event where hackers compete to complete a set of challenges. It's pretty fun.
Here's my CTF challenge Spectral it's pretty easy, you'll do a bit of research, some easy exploiting and network scanning. So here's the deal
Here's an IP address 96.236.133.13, there's a router associated with this IP address that has a specific vulnerability that allows you to access the login page remotely. Find a way to get in and disable the router's firewall. Proceed to map the network and report your findings to earn your flag.
See? Easy. -
2015-09-20 at 1:13 PM UTCInb4itsahunypot
-
2015-09-20 at 1:20 PM UTC
Inb4itsahunypot
That would be funny, but i'd only do that if i actually believed Spectral was capable of completing this challenge. -
2015-09-20 at 1:36 PM UTCI bet he's reading this and dying to say something that sounds interesting.
-
2015-09-20 at 4:57 PM UTCSounds fun, but I prefer Search and Destroy.
-
2015-09-20 at 7:01 PM UTC
That would be funny, but i'd only do that if i actually believed Spectral was capable of completing this challenge.
So in the spirit of actually learning something how would this be approached. Keep in mind this is not my forte. -
2015-09-20 at 10:03 PM UTCI'd google for 'router remote login page' then i'd find out that the Actiontec BHR router's are the ones with this vulnerability all i have to do is add port number 4567 at the end of the IP and type this into the adress bar of my browser to get a login screen http://96.236.133.13:4567/
With that found you need a bruteforcer and password list which can both be found on the internet. The bruteforces i'd use is Hydra. https://www.thc.org/thc-hydra/ You load your wordlist and point it to http://96.236.133.13:4567/ it will crunch for a while and with a little luck find the proper password. With the password in hand you login to the router and turn the firewall off from the settings. With that taken care off you load up a portscanner like nmap https://nmap.org/ and start it with these arguments -sS -sU -T4 -A -v -PE -PP -PY -g 53 to enumerate all servicesand such associated with the computer on that network.
The point of all this would be to see what's going on behind the firewall so you can for instance target specific vulnerabilities associated with anything running on that machine.
-
2015-09-20 at 10:09 PM UTCGood way to get booted off the Net by your ISP.
-
2015-09-20 at 10:15 PM UTC
Good way to get booted off the Net by your ISP.
Sure, if you're an idiot like you. -
2015-09-20 at 10:23 PM UTC
Sure, if you're an idiot like you.
They're not idiots either, contrary to your misinformed opinion. I worked for Time Warner, AT&T, Charter and Roadrunner for years, so I can attest to the fact from personal experience that they know a lot more about you and your activities than you think they do. The only issue is they just haven't gotten around to you yet, but they will, eventually. -
2015-09-20 at 10:39 PM UTC
They're not idiots either, contrary to your misinformed opinion. I worked for Time Warner, AT&T, Charter and Roadrunner for years, so I can attest to the fact from personal experience that they know a lot more about you and your activities than you think they do. The only issue is they just haven't gotten around to you yet, but they will, eventually.
Look, look, look -> You don't scare me, kid. <- see? <-see? <-See? -
2015-09-21 at 12:19 PM UTC
They're not idiots either, contrary to your misinformed opinion. I worked for Time Warner, AT&T, Charter and Roadrunner for years, so I can attest to the fact from personal experience that they know a lot more about you and your activities than you think they do. The only issue is they just haven't gotten around to you yet, but they will, eventually.
So you were a cable installation monkey.
And thanks for the explanation Sophie. -
2015-09-21 at 2:26 PM UTC
So you were a cable installation monkey.
And thanks for the explanation Sophie.
I worked what's called "super queues". That's where you handle everything, including support for VOIP, DSL, wireless, cable TV, cable Internet, billing, sales, retention, web server support, e-mail support, abuse, dispatching, work orders, new installs, moves, telephony, business accounts and support, hotels, casinos, small and large businesses, you name it, I supported it. Not only did I specialize in all these fields, I handled what is called the "escalations desk", where you get all the shit no one else can figure out or can't handle, as well as running the call center, including quality control, tracking, call volume management, reporting, training, and various employee issues. I worked the escalations desk at the tier2 level for 10 years for various large companies, where performance metrics must be scores of 95% or higher at all times. I had to learn all of those systems from top to bottom, and everything in between. So I know what I'm talking about when I say they know a lot more about you than you think they know. And if they don't know, it's only because they haven't bothered to check. But they can. -
2015-09-21 at 2:47 PM UTC
I worked what's called "super queues". That's where you handle everything, including support for VOIP, DSL, wireless, cable TV, cable Internet, billing, sales, retention, web server support, e-mail support, abuse, dispatching, work orders, new installs, moves, telephony, business accounts and support, hotels, casinos, small and large businesses, you name it, I supported it. Not only did I specialize in all these fields, I handled what is called the "escalations desk", where you get all the shit no one else can figure out or can't handle, as well as running the call center, including quality control, tracking, call volume management, reporting, training, and various employee issues. I worked the escalations desk at the tier2 level for 10 years for various large companies, where performance metrics must be scores of 95% or higher at all times. I had to learn all of those systems from top to bottom, and everything in between. So I know what I'm talking about when I say they know a lot more about you than you think they know. And if they don't know, it's only because they haven't bothered to check. But they can.
And then you woke up. -
2015-09-21 at 2:52 PM UTC
And then you woke up.
Not scary.
-
2015-09-21 at 3:20 PM UTC
Not scary.
Neither was that wall of fictitious feces you posted ITT. -
2015-09-21 at 3:21 PM UTC
I worked what's called "super queues". That's where you handle everything, including support for VOIP, DSL, wireless, cable TV, cable Internet, billing, sales, retention, web server support, e-mail support, abuse, dispatching, work orders, new installs, moves, telephony, business accounts and support, hotels, casinos, small and large businesses, you name it, I supported it. Not only did I specialize in all these fields, I handled what is called the "escalations desk", where you get all the shit no one else can figure out or can't handle, as well as running the call center, including quality control, tracking, call volume management, reporting, training, and various employee issues. I worked the escalations desk at the tier2 level for 10 years for various large companies, where performance metrics must be scores of 95% or higher at all times. I had to learn all of those systems from top to bottom, and everything in between. So I know what I'm talking about when I say they know a lot more about you than you think they know. And if they don't know, it's only because they haven't bothered to check. But they can.
Do you actually believe your own lies or do you just hope you'll convince others? -
2015-09-21 at 4:12 PM UTC
Do you actually believe your own lies or do you just hope you'll convince others?
Every word I stated is the exact truth.
-
2015-09-21 at 4:21 PM UTC
Every word I stated is the exact truth.
And i'm the vicar of christ. -
2015-09-21 at 4:35 PM UTC
And i'm the vicar of christ.
No, I'm not bullshitting you, man. It was a decade of pure hell.