Single email to a production web server to many customers Now because of recent Solarwinds and Kaseya supply chain attacks, it was clear to me that we needed to use our unprivileged access to the build server to add a backdoor to the executables hosted in this public web page. This is the same server from the illustration’s step 4.
#Defcon 29 download#
This web server that hosts the compiled clients of Wuphf that Lunarfire’s customers that will download and get updates from. Now the current company that we have access to is LunarfireĪnd one of the products they offer is a chat application, Wuphf. We are trying to exploit the build server.
One of them was a dev machine with SSH keys to the build server
Using the account, we were able to dump hashes on the machine. The document is opened and we get a shell on the HR machine. We use OSINT to get a target HR employee and send a fake job application which contains a malicious document.For this, I will use illustration from my previous blog post on lateral movement. Let me first describe the scenario so far. Part of this turned out to be an unintended solution. This is about implementing a supply chain attack to get to the next stages of the CTF. This became my main contribution to my team during the finals. This is a long scenario with different stages to it, and this blog post will focus only on a specific part of the scenario that I solved.
#Defcon 29 pro#
It’s a red team simulation similar to boxes and pro labs in Hackthebox where you have to get an initial foothold in the network and pivot through the different machines to go deeper and deeper. We wanted to try to win this year but you needed to be a paid attendee to participate… so we decided to focus on RTV CTF instead.)įor this blog post, I will focus on the RTV finals CTF. (Last year, we joined DEFCON 28 Blue Team CTF where we got into the finals. We got 3rd out of 650 in the qualifiers and the 3rd out of 20 finals! I joined with my team, the hackstreetboys. This year I was able to join the DEFCON 29 Red Team Village’s CTF since the event was held online for free.