Announcement

Collapse
No announcement yet.

Wardrive

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Chris
    replied
    Originally posted by renderman
    For whatever reason, the nessus scan I ran did not pick up the null session and did'nt enumerate all the usernames. If I had seen 'jdumas' I am sure I would have figured it out. Even so, we managed to crash the server only once and down the router about a half dozen times so I give props to Chris's "ub3r m4d skillz" :)
    Actually, you brought the router down once and the server once. I will say though, I have no idea what you did to the router and the tcpdumps really didn't provide much info (oh yeah, I will post those soon) but the router had to be hard reset (teach me use D-Link ;)).

    Originally posted by renderman
    Kudos to Chris and everyone who worked on the contest.
    Thank you sir. We had a blast running the contests this year and had surprisingly few actual technical problems considering how easy it is to jack with WLANs.

    Leave a comment:


  • AlxRogan
    replied
    Originally posted by renderman
    By the end of the contest, 1master and partner, myself and Panthera had met some great people from Texas and were hanging out in thier room across from Chris's room. Panthera had gone back to our room and grabbed us a cooler full of beer so we were comfortable and half pissed by the end, and enjoyed ourselves emmensly despite the frustration of not rooting the server.
    And from the staff point of view...it was great entertainment watching the tcpdump of this going on and then shouting demoralizing slogans with the periodic visit across the hall to drop not-so-subtle hints. :)

    Seriously though, I had a great time with the competition this year, I wish I wasn't working it so I could do the minis, but I think that next year everyone will have as much fun, if not more. Thanks again to all the contestants!

    --Aaron

    Leave a comment:


  • renderman
    replied
    Originally posted by Chris
    That would have done it. To be fair, the teams were not seeing the forest for the trees. They actually tried some (relatively) decent attacks on the box that not for my ub3r m4d skillz would have owned the boxes. ;-)

    My thought process was that it was only a three hour contest so I wanted to make it relatively easy.
    I have to chime in and defend myself a little bit here.

    I enumerated the netbios sessions and saw 'Administrator' and 'taggame' and began pounding on those accounts. There was another account called 'jdumas' (look at my signature), as in 'J. Dumbass' and as Chris said 'What does a dumbass do?', they have thier username and password the same.

    For whatever reason, the nessus scan I ran did not pick up the null session and did'nt enumerate all the usernames. If I had seen 'jdumas' I am sure I would have figured it out. Even so, we managed to crash the server only once and down the router about a half dozen times so I give props to Chris's "ub3r m4d skillz" :)

    By the end of the contest, 1master and partner, myself and Panthera had met some great people from Texas and were hanging out in thier room across from Chris's room. Panthera had gone back to our room and grabbed us a cooler full of beer so we were comfortable and half pissed by the end, and enjoyed ourselves emmensly despite the frustration of not rooting the server.

    Kudos to Chris and everyone who worked on the contest.

    Props to 1master for also not seeing 'jdumas' and making me feel like less of a fool :)

    Leave a comment:


  • Chris
    replied
    Originally posted by gzzah
    So was it true that nobody figured out the uid/pw = the same combination on the leet windows IIS box?

    Sad to say, that is true. It wasn't even IIS. I had a telnet server on the box. The perfect way to win tag would have been as follows:

    Locate AP/WLAN
    Connect to WLAN via static IP (DHCP Disabled)
    Scan entire subnet to find TAG box
    Perform vuln scan to discover that a) Null Session was open or b) User/Pass combo was identical on two accounts.
    Enumerate Users via Null Session (if still necessary)
    Telnet to tag box and login with user/pass
    echo "I 0wn3d j00r sorry ass">fuckoff.txt

    That would have done it. To be fair, the teams were not seeing the forest for the trees. They actually tried some (relatively) decent attacks on the box that not for my ub3r m4d skillz would have owned the boxes. ;-)

    My thought process was that it was only a three hour contest so I wanted to make it relatively easy.

    Leave a comment:


  • gzzah
    replied
    So was it true that nobody figured out the uid/pw = the same combination on the leet windows IIS box?

    Leave a comment:


  • Thorn
    replied
    Originally posted by Chris
    Actually, as scary as it may sound, we are already planning next year's contest. ...
    You know, that really is scary. Of course, I'm the fool who couldn't sleep on the red-eye and was thinking "Well, if we changed this, then it might add a nice twist..."

    Render and 1master, neither you guys really shouldn't feel bad about Tag. You both stuck with it and had fun. And you were both good sports about taking the ribbing at the closing ceremonies.

    Leave a comment:


  • Chris
    replied
    Actually, as scary as it may sound, we are already planning next year's contest. We are planning to take the good from this year and expand it and take the bad from this year and ditch it.

    I really liked the way the mini games turned out. I thought that having you guys all congregate across the hall from my room and work together somewhat turned out to be very cool.

    One thing that will definitely be gone next year is the 'every man for himself' aspect. It is something that seemed like a good idea at the time, but in retrospect was kinda sucky. Next year the teams will be back. Not giving away too much now (especially since it will change 50 times between now and next year) but I think if you enjoyed this year's contest you will enjoy next year's more. If you hated certain aspects, drop me a line at chris at defcon dot org and let me know what you hated.

    The contest is supposed to be fun. If it isn't fun, we failed, not you. The onsite feedback I got was almost 100% positive with the exception of people missing the teamwork aspect. We'll fix that. Let me know what else we need to fix.

    1Master. You did a fantastic job this year and I totally appreciate it. Thanks for not registering www.chrissucks.com after last year. You deserved to win and you played the game perfectly.

    Leave a comment:


  • renderman
    replied
    Originally posted by 1master
    Chris plot to have me away from the con as much as possible really works. I was at the con less than 10h. Next year I hope the rules change so I have the opportunity to get drunk a least once.


    Thanks and see u all next year.

    André aka 1master
    Stick to the mini-contests next year like I did. Alot more enjoyable.

    Besides, I look forward to the competition next year, we both need to redeem ourselves after the mess that was the tag me game

    Leave a comment:


  • 1master
    started a topic Wardrive

    Wardrive

    Finally home in Sweden after traveling for more than 24h. This year with all the luggage and without any delays.

    First I would like to thank all the organizers for the wireless contests especially converge ho always have to stay up all night and fixing the scripts.

    Chris plot to have me away from the con as much as possible really works. I was at the con less than 10h. Next year I hope the rules change so I have the opportunity to get drunk a least once.


    Thanks and see u all next year.

    André aka 1master
Working...
X