Sambox v4

Date

Validations

109 Compromissions 3%

Note  Notation

1
2
3
4
5
7 Votes

Description

Attention : this CTF-ATD is linked to the challenge "SamBox v4"

You are mandated to conduct a redteam assessment of a company. From the company’s parking garage you managed to capture Wi-Fi traffic, but alas it’s proven impossible to crack the WPA key. The next logical step is to attack the company through the internet.

Your objective is to obtain total control of all servers so that you may collect individual flags for each of them.

The flag to validate is made as following "flag server1 content+flag server2 content+flag server3 content+flag server4 content" without the "+".

The CTFATD validation file « passwd » is in the directory « C :\Documents and Settings\Administrator> ».

Note :
The downloadable archive is to be decrypted using the contents of the "2nd-part-flag.txt" as a password. By using this archive you should then be able to understand the joined PCAP file.

Download the files before launching the CTF :

Also, don’t forget that :

  • this CTF has several machines to pwn
  • only one of those is connected to the internet

Compromission time

4 hours

Operating system

 windows

start this virtual environnement

CTF Results CTF Results for Sambox v4

Pseudo Virtual Environnement Attackers count Time start Environnement compromised in
- Sambox v4 1 18 February 2019 at 18:20 -
- Sambox v4 0 14 February 2019 at 13:46 -
- Sambox v4 1 12 February 2019 at 14:07 -
- Sambox v4 1 12 February 2019 at 09:36 -
- Sambox v4 0 6 February 2019 at 12:34 -

 178 Virtual Environnements

Results Name Validations Difficulty   Difficulty Author Note  Notation
pas_valide I’m a Bl4ck H4t 6% 56
pas_valide Windows - krbtgt reuse 11% 199
pas_valide OpenClassrooms_SkP_Pentest_Web 0% 0
pas_valide AppArmorJail1 0% 0 nivram
pas_valide OpenClassrooms - P7 - Analyste SOC 0% 0
pas_valide Matrix terminal 6% 62
pas_valide End Droid 34% 1620
pas_valide Relative Path Overwrite 9% 158 Mizu
pas_valide AppArmorJail2 0% 0
pas_valide OpenClassrooms - P3 - Cybersecurity Bootcamp 0% 1
pas_valide C for C-cure 5% 21 nikost
pas_valide ARP Spoofing Man In The Middle 0% 0 o71, voydstack
pas_valide OpenClassrooms - P4 - RAP US 0% 0
pas_valide OpenClassrooms - P3 - Cybersecurity Bootcamp_test 0% 0 Titouan
pas_valide Open My Vault 0% 0
pas_valide Apprenti-Scraper 0% 1
pas_valide A bittersweet shellfony 12% 248 mayfly
pas_valide Docker - I am groot 50% 3484 Ech0
pas_valide dasbox1 10% 126
pas_valide sshocker 11% 185 Laluka
pas_valide Texode 15% 172 Mhd_Root
pas_valide BreakingRootme2020 15% 552 Laluka
pas_valide Nodeful 9% 87
pas_valide Texode_Back 8% 79
pas_valide getting-root-over-it-v1 10% 80
pas_valide djangocatz 18% 201
pas_valide root-me-spip 10% 125 real
pas_valide Windows - Group Policy Preferences Passwords 26% 695
pas_valide Websocket - 0 protection 7% 518 Worty
pas_valide Docker - Sys-Admin’s Docker 38% 1072 Ech0
pas_valide Docker - Talk through me 42% 751 Ech0
pas_valide Escalate-me 6% 24
pas_valide OpenClassrooms - DVWA 2% 98 Sh1n, EtienneC
pas_valide OpenClassrooms - Juice Shop 1% 9 Sh1n, EtienneC
pas_valide OpenClassrooms - Sécurité Active Directory 9% 201
pas_valide Windows - ASRepRoast 33% 531
pas_valide Windows - ZeroLogon 0% 0
pas_valide JIS-CTF-VulnUpload-CTF01 24% 31
pas_valide DeRPnStiNK 28% 44
pas_valide Windows XP pro 01 5% 507 g0uZ
pas_valide Acid: Server 11% 220
pas_valide Murdering Dexter 16% 49
pas_valide LoBOTomy 4% 9
pas_valide Vulnix 2% 14
pas_valide Xerxes 3% 18
pas_valide Infernal Hades 6% 15
pas_valide SkyTower 24% 217
pas_valide Bluebox - Microsoft Pentest 4% 431
pas_valide Acid: Reloaded 18% 178
pas_valide CsharpVulnJson 5% 14 notfound404