Entries in SuperflyAPTDongNinjas (1)


Kommand && KonTroll

The first time our team SuperFlyAPTDongNinjas encountered the Kommand && KonTroll CTF, we got blueshelled

Our team had skills, tools, even an 0 day or 2.  We still lost.  It stung and in our alcohol fueled debriefing, we knew we didn't just want to win, we wanted to take down every target including the Zeus C&C.  In looking back at the previous challenge, we realized the critical missing piece was  Communication!

@kingtuna came through in a huge way with his communication server, theTaint.  We set up secure communication and file sharing.  The chat room allowed us to share passwords, links, and c99 shells dropped on the boxes we owned.

The other tool that helped was Metasploit Pro.  Metasploit Pro's ability to share shells allowed one team member to pop the box and pass the shell to someone else to look for data.  Pro also saved the knowledge and download files and loot so that everyone on the team could review what was gained from the target.  Lastly, tagging allowed us to mark off which box we owned and what we still needed to compromise.  I also recommend setting Metasploit Pro to automatically set persistence in your shells.  We found a BeEF server with a hooked browser that lead to us taking down the C&C.  We set up Metasploit Pro to run a macro that made the session persistent knowing that if we lost the shell, we lost our chance to take down the target.

The secrets of our win: Communication and Teamwork.  

After we won, we celebrated with a night of victory karaoke (I don't give a F#@K) followed by a breakfast of lobster!

Big thanks to the team SuperFlyAPTDongNinjas, without every single person, we would have failed!  Also a big thanks to Rod and the %27 MiamiP0wnMachine team for setting up and running the CTF.  


@rodsoto was watching from the console when he saw us pop a Windows XP Machine and look for the Zeus. 



Final Scoreboard out of 10,000 points


 Flag from the C&C!


5lb Lobster