Public Panic2
Censored
Challenge
With the information we got from the previous problem we can surely get on their system!
For this challenge you can run nmap, but only against misc2.utctf.live on port 8622.
Solution
Upon running nmap, we can see that port 8622 is running ssh
nmap -sC -sV -oN nmap -Pn -p 8622 misc2.utctf.live
From the previous challenge, we know the password is defaultpw5678!
We just need to figure out the username, at first we thought the username was somewhere on twitter, but slowly we found out that doesn’t seem to be the case
So we thought of making up a wordlist of possible usernames using different naming conventions and running it with hydra
Here are the naming conventions that were used along with an example
name # kern
Name # Kern
lastname # sherman
Lastname # Sherman
firstletterofnameLastname # kSherman
firstletteroflastnameName # sKern
firstletterofnamelastname # ksherman
firstletteroflastnamename # skern
NameLastname # KernSherman
namelastname # kersherman
nameLastname # kernSherman
Namelastname # Kernsherman
Name_Lastname # Kern_Sherman
name_lastname # kern_sherman
name_Lastname # kern_Sherman
Name_lastname # Kern_sherman
Name.Lastname # Kern.Sherman
name.lastname # kern.sherman
name.Lastname # kern.Sherman
Name.lastname # Kern.sherman
LastnameName # ShermanKern
lastnamename # shermankern
lastnameName # shermanKern
Lastnamename # Shermankern
Lastname_Name # Sherman_Kern
lastname_name # sherman_kern
lastname_Name # sherman_Kern
Lastname_name # Sherman_kern
Lastname.Name # Sherman.Kern
lastname.name # sherman.kern
Lastname.name # Sherman.kern
lastname.Name # sherman.Kern
Use this naming convention for every member in SagishiTech(around 12 people i think) and you should be able to make a wordlist of about 350+ lines, run that with hydra and you’ll get a hit at cshackleford:defaultpw5678!
Flag
utflag{conventions_knowledge_for_the_win}