[Plug-security] Flags Obtained this Month
Lisa Kachold
lisakachold at obnosis.com
Tue Oct 15 11:10:31 MST 2013
We had a few flags at the the Hackfest last Saturday, obtained while we
were providing a fairly complex presentation on Spoofing.
Pentester/hacker: John Peters (19 years old) [he signed his work:]
Flag/target: http://12.159.65.86/
We also had four people obtain the wireless password (configured as
"password)" for WPA2. Unfortunately, the AP was not plugged into upstream,
so while you could get a dhcp address, you could not get "internet".
Additionally, the firmware image had been hacked and replaced by someone
who did not claim their flag (which often happens at hackfests). The
creative trick here was accessing the wireless router via management
interface using the default password (which was done).
October Spoofing Presentation:
http://it-clowns.com/c/files/drawer/SPOOFING-be_afraid_very_afraid.odp
See you in November for a presentation by David Demland (and a ton more
flags).
--
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-security/attachments/20131015/d82392bf/attachment.html>
More information about the Plug-security
mailing list