[Plug-security] Flags Obtained this Month

Lisa Kachold lisakachold at obnosis.com
Tue Oct 15 11:10:31 MST 2013


We had a few flags at the the Hackfest last Saturday, obtained while we
were providing a fairly complex presentation on Spoofing.

Pentester/hacker:  John Peters (19 years old) [he signed his work:]
Flag/target:  http://12.159.65.86/

We also had four people obtain the wireless password (configured as
"password)" for WPA2. Unfortunately, the AP was not plugged into upstream,
so while you could get a dhcp address, you could not get "internet".
 Additionally, the firmware image had been hacked and replaced by someone
who did not claim their flag  (which often happens at hackfests).  The
creative trick here was accessing the wireless router via management
interface using the default password (which was done).

October Spoofing Presentation:
http://it-clowns.com/c/files/drawer/SPOOFING-be_afraid_very_afraid.odp

See you in November for a presentation by  David Demland (and a ton more
flags).
-- 
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-security/attachments/20131015/d82392bf/attachment.html>


More information about the Plug-security mailing list