Team Information
- Number
- Team 4
- Name
- Cyber Siths
- IP Range
- 200.2.96.0/24
- Domain
- team4.isucdc.com
- Current Place
- 9th
- Red Teamer(s)
- None
Service Status
| AD LDAP |
| AD RDP |
| WWW HTTP |
| WWW SSH |
| LP RDP |
| LP SMB |
| WMS HTTP |
| WMS SSH |
| DB SSH |
| DB SQL |
Nmap
christy.davis:CLEARTEXT:qam413qaz
jacqueline.elliott:CLEARTEXT:saf342gur
jennifer.freeman:CLEARTEXT:dun618wuz
anna.pugh:CLEARTEXT:tum468yuv
craig.brown:CLEARTEXT:nup127lag
travis.hebert:CLEARTEXT:cip133sen
david.bailey:CLEARTEXT:vaq720tiw
scott.avila:CLEARTEXT:pur877ram
joseph.smith:CLEARTEXT:gak796yan
sandra.henderson:CLEARTEXT:ROCK123
darren.williams:CLEARTEXT:blues22
allison.hamilton:CLEARTEXT:tiny85
lori.petersen:CLEARTEXT:ricale
john.leguizamo:CLEARTEXT:lordoftheflame
jacqueline.elliott:CLEARTEXT:saf342gur
jennifer.freeman:CLEARTEXT:dun618wuz
anna.pugh:CLEARTEXT:tum468yuv
craig.brown:CLEARTEXT:nup127lag
travis.hebert:CLEARTEXT:cip133sen
david.bailey:CLEARTEXT:vaq720tiw
scott.avila:CLEARTEXT:pur877ram
joseph.smith:CLEARTEXT:gak796yan
sandra.henderson:CLEARTEXT:ROCK123
darren.williams:CLEARTEXT:blues22
allison.hamilton:CLEARTEXT:tiny85
lori.petersen:CLEARTEXT:ricale
john.leguizamo:CLEARTEXT:lordoftheflame
2026-04-25_13:49:42 root, taco, From: 12.110.242.173
2026-04-25_13:50:02 jennifer.freeman, dun618wuz, From: 12.110.242.187
2026-04-25_13:55:02 jennifer.freeman, dun618wuz, From: 68.32.254.50
2026-04-25_14:00:02 christy.davis, qam413qaz, From: 12.110.242.189
2026-04-25_14:04:32 root, taco, From: 12.110.242.128
2026-04-25_13:50:02 jennifer.freeman, dun618wuz, From: 12.110.242.187
2026-04-25_13:55:02 jennifer.freeman, dun618wuz, From: 68.32.254.50
2026-04-25_14:00:02 christy.davis, qam413qaz, From: 12.110.242.189
2026-04-25_14:04:32 root, taco, From: 12.110.242.128
Starting Nmap 7.94SVN ( https://nmap.org ) at 2026-04-25 13:18 UTC
Nmap scan report for 192.168.1.1Host is up (0.0033s latency).
All 65535 scanned ports on 192.168.1.1 are in ignored states.
Not shown: 65535 filtered tcp ports (no-response)
MAC Address: BC:24:11:5B:33:F1 (Unknown)
Nmap scan report for 192.168.1.106
Host is up (0.00024s latency).
All 65535 scanned ports on 192.168.1.106 are in ignored states.
Not shown: 65535 closed tcp ports (reset)
MAC Address: BC:24:11:C9:5F:BE (Unknown)
Nmap scan report for 192.168.1.108
Host is up (0.00040s latency).
Not shown: 65533 closed tcp ports (reset)
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
MAC Address: BC:24:11:AF:DF:6C (Unknown)
Nmap scan report for 192.168.1.100
Host is up (0.000023s latency).
Not shown: 65524 closed tcp ports (reset)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
53/tcp open domain
79/tcp open finger
110/tcp open pop3
143/tcp open imap
993/tcp open imaps
995/tcp open pop3s
1521/tcp open oracle
8080/tcp open http-proxy
Nmap done: 254 IP addresses (4 hosts up) scanned in 81.80 seconds
*] Reading and decrypting hashes from \\ad.team4.isucdc.com\ADMIN$\Temp\bzQicXVd.tmp
Administrator:500:aad3b435b51404eeaad3b435b51404ee:e0bb9af4b569f7fddd3a89e87bc657f8:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
troy.tomson:1001:aad3b435b51404eeaad3b435b51404ee:6aa15b3d14492d3fa4aa7c5e9cdc0e6a:::
cdc:1002:aad3b435b51404eeaad3b435b51404ee:6aa15b3d14492d3fa4aa7c5e9cdc0e6a:::
AD$:1003:aad3b435b51404eeaad3b435b51404ee:a28227850c603ac204f083ca34eb54b7:::
krbtgt:502:aad3b435b51404eeaad3b435b51404ee:e02aac6b2a700008326d74e600d8d5cb:::
christy.davis:1110:aad3b435b51404eeaad3b435b51404ee:4e203f96f28b2455c2299a77e875c3f2:::
jacqueline.elliott:1111:aad3b435b51404eeaad3b435b51404ee:593fd5aa13d4f6e6065dae0e68d2e607:::
jennifer.freeman:1112:aad3b435b51404eeaad3b435b51404ee:609eeb168e26dd5515af39f1f80dd291:::
anna.pugh:1113:aad3b435b51404eeaad3b435b51404ee:8b31a47d1b231530d2588225ad32c42b:::
craig.brown:1114:aad3b435b51404eeaad3b435b51404ee:db27b7c18ab64cf51a22c8490946509c:::
travis.hebert:1115:aad3b435b51404eeaad3b435b51404ee:3025180bf09a73c7e53458687065519d:::
david.bailey:1116:aad3b435b51404eeaad3b435b51404ee:bbcc9d15f4ffe89736b05ea4742ebb84:::
scott.avila:1117:aad3b435b51404eeaad3b435b51404ee:fc4ddc53e6018c7bbe38ed8fc8b38347:::
joseph.smith:1118:aad3b435b51404eeaad3b435b51404ee:16f605fd926de73690662742bbfa1f51:::
sandra.henderson:1119:aad3b435b51404eeaad3b435b51404ee:888bdb846c6ced6d86ede64c52038bb1:::
darren.williams:1120:aad3b435b51404eeaad3b435b51404ee:1d4e5459c4b1e83948a5e500d3457a51:::
allison.hamilton:1121:aad3b435b51404eeaad3b435b51404ee:dc6805f77b07f33e2bd1a4f6c1943339:::
lori.petersen:1122:aad3b435b51404eeaad3b435b51404ee:639c22b12e5c5664d3290241435f6088:::
john.leguizamo:1123:aad3b435b51404eeaad3b435b51404ee:b3d45fcfc4ca6b0ed8180e280b470a20:::
LP$:1124:aad3b435b51404eeaad3b435b51404ee:2de0a0c2ba1787ff3ff11b99960eca5a:::
DB$:1125:aad3b435b51404eeaad3b435b51404ee:e0e8014e561b7c1e5d2c3a67b4e27b5b:::
WWW$:1126:aad3b435b51404eeaad3b435b51404ee:41a04d2945dc95064b7253ab0941c51a:::
WMS$:1127:aad3b435b51404eeaad3b435b51404ee:a119a0e72a8be83b0faf3ef95baec738:::
team4.isucdc.com\dale.gribble:1128:aad3b435b51404eeaad3b435b51404ee:d938c640725cbd1d043eddd426ed3212:::
[*] Kerberos keys from \\ad.team4.isucdc.com\ADMIN$\Temp\bzQicXVd.tmp
Administrator:aes256-cts-hmac-sha1-96:2b8aa6627dc7be243133d448d08756c310eb04baa2e5c6de09a7b978fa792352
Administrator:aes128-cts-hmac-sha1-96:1545a4810e7421bc2965d704f579d7fb
Administrator:des-cbc-md5:018af16bf8a87564
AD$:aes256-cts-hmac-sha1-96:471e8a9128bb9bc39d99e5a29c759d325d626c2be88b48b542cd03c358c99256
AD$:aes128-cts-hmac-sha1-96:31cd9c55ad58bd4548b3346102c6c146
AD$:des-cbc-md5:191a91cdef8689e3
krbtgt:aes256-cts-hmac-sha1-96:9978cec490cdf2e373cba4695610801df5fabca8eeba6beb1f24bb1f63998ceb
krbtgt:aes128-cts-hmac-sha1-96:415734bd00f94cf8ea8934246c38069e
krbtgt:des-cbc-md5:9b832f91fdf82c9b
christy.davis:aes256-cts-hmac-sha1-96:514ec010b2133905db88198de1d43b561eb1185aad6bb5c4b0accf2555f0215c
christy.davis:aes128-cts-hmac-sha1-96:b1d4ab7697fbbd2037602f0a9b95765b
christy.davis:des-cbc-md5:c137f73ba2987398
jacqueline.elliott:aes256-cts-hmac-sha1-96:c3dc5305f99a3da6d8d322a67cd20816868f3465db324d507e66bb44998e77fa
jacqueline.elliott:aes128-cts-hmac-sha1-96:16de817975d6c4aa409f9e0b8399fb19
jacqueline.elliott:des-cbc-md5:7937ad547f38498c
jennifer.freeman:aes256-cts-hmac-sha1-96:3b12d8f78792fb1ac08d612d0a073e1efd535c27c77c000d0b0f232811895c42
jennifer.freeman:aes128-cts-hmac-sha1-96:1711adb9cd83c9a31c307035095524c0
jennifer.freeman:des-cbc-md5:8caeef91da573e0b
anna.pugh:aes256-cts-hmac-sha1-96:0c64d3f709a131d4293137d0e467ed6a53ed2b76894bd26d6908be8efeb72348
anna.pugh:aes128-cts-hmac-sha1-96:7e53fae11b0281d182594db823cfc3b4
anna.pugh:des-cbc-md5:68238ca8762cf1ab
craig.brown:aes256-cts-hmac-sha1-96:03d3658bca39438d64ef1699bdde7e396f15f284b4b1cb136f583e75d01bb08e
craig.brown:aes128-cts-hmac-sha1-96:d70467fa265345963118499a033a262f
craig.brown:des-cbc-md5:8398ea237c4308a4
travis.hebert:aes256-cts-hmac-sha1-96:c68aa0fed7e87719a42d9248d0bb43ce3b4a3c9fd5cbef3d7d4f1a3f16d32f89
travis.hebert:aes128-cts-hmac-sha1-96:0879b23c1c95a16ad279bfc7f16a5769
travis.hebert:des-cbc-md5:104cb5f45737bc4a
david.bailey:aes256-cts-hmac-sha1-96:6be681b16843aa14067ff6225329421a7d75afe7ce583ddd74d9b9ef95b8fb81
david.bailey:aes128-cts-hmac-sha1-96:fccec810346478e17713e8d49468aeb2
david.bailey:des-cbc-md5:456b97bc3bbffd80
scott.avila:aes256-cts-hmac-sha1-96:88ded73d88baba4562bbc8312d7cfdc0c8fc789610acfb0f7b5670ea1b6951f8
scott.avila:aes128-cts-hmac-sha1-96:2af33cf8a846de5f40413718cec3382e
scott.avila:des-cbc-md5:6d3da11fd37f86b6
joseph.smith:aes256-cts-hmac-sha1-96:8a839d392297a3f7b7294c300154187c36a0bd874e045d58b5329d625bbe505b
joseph.smith:aes128-cts-hmac-sha1-96:e3e7e8b562cc3da255905fd845955be3
joseph.smith:des-cbc-md5:26d32f018ca42a26
sandra.henderson:aes256-cts-hmac-sha1-96:036626c909e6a491065f1653a158806a93c1697d5acbc4de0b9994d06371e0c3
sandra.henderson:aes128-cts-hmac-sha1-96:fc728b9e17361a12c2eb1eacdf770a48
sandra.henderson:des-cbc-md5:80d3ec0b4a29e351
darren.williams:aes256-cts-hmac-sha1-96:05ef9a5c6cd342f02654227d9f4aabe643c0d39ff8cfabf8dec04c869d011bd7
darren.williams:aes128-cts-hmac-sha1-96:f4c9328c423be6a4056e56697507f2dc
darren.williams:des-cbc-md5:cbadfe6d19164616
allison.hamilton:aes256-cts-hmac-sha1-96:d79d0bd61c5b0c2ba2cadd05936a7091a8f6460bdf3f0646ccc72698e744d6e8
allison.hamilton:aes128-cts-hmac-sha1-96:46d65625f951fc7eed75c231c2c5d30b
allison.hamilton:des-cbc-md5:daa785a8b57658a1
lori.petersen:aes256-cts-hmac-sha1-96:b98e0fd15ab0f3b2516dfd918e1627266457724333abd0699a35b897fa9f175c
lori.petersen:aes128-cts-hmac-sha1-96:fd90775691d60b487bf6c18d6727001f
lori.petersen:des-cbc-md5:b529df7c1feffbf4
john.leguizamo:aes256-cts-hmac-sha1-96:f45af0545198d3246a85d14955d1023ca73eee0048470ee2828168c66cf2c81e
john.leguizamo:aes128-cts-hmac-sha1-96:114e58b1ddd839eaf394f239ba835812
john.leguizamo:des-cbc-md5:46fb31fe5e49750b
LP$:aes256-cts-hmac-sha1-96:e7453940d0e5229598c1bc24a565adc409e0c769606f45ac2b728f8f110c8f9d
LP$:aes128-cts-hmac-sha1-96:144e0297c371da2fdfa0bc48c9ef41d0
LP$:des-cbc-md5:c73ec23bf785d6b5
DB$:aes256-cts-hmac-sha1-96:20ec524fe42929cdc1a13be8c2a13428b46f7df1b92d19394475f70e142f7277
DB$:aes128-cts-hmac-sha1-96:efa53451067deacada7c11f4a14685ef
DB$:des-cbc-md5:1a4052eab916765b
WWW$:aes256-cts-hmac-sha1-96:e9b4619a5d750b068dcdcc3ac21a9a9c3eee4766984256d1b212e07a3014d1f4
WWW$:aes128-cts-hmac-sha1-96:1f1178dddf7909f84148d4ab3b518c87
WWW$:des-cbc-md5:58ae735ec1ab75b3
WMS$:aes256-cts-hmac-sha1-96:fb0ace128b7b0b376df4c595997d4c229804513e111c44c539a22db7d8e9c757
WMS$:aes128-cts-hmac-sha1-96:12f1ffdcea4f814c85e3091986400d3f
WMS$:des-cbc-md5:5dbac87cea254ac2
team4.isucdc.com\dale.gribble:aes256-cts-hmac-sha1-96:a904c2144a4fad4daad40a3f34475fe46bfa7bb0af2e417d78898059abec51b5
team4.isucdc.com\dale.gribble:aes128-cts-hmac-sha1-96:53e86e6f8742fba63c943b7b5c220c18
team4.isucdc.com\dale.gribble:des-cbc-md5:861f3ec7cd8cf12f
[*] ClearText password from \\ad.team4.isucdc.com\ADMIN$\Temp\bzQicXVd.tmp
Administrator:CLEARTEXT:WalkingBird27!
AD$:CLEARTEXT:0x1578596e90bb573e67ea5e01d3f477810b66399466d0e8603a26cee124eab07d5ac47cfc5817f1e88860dc1848f91ffc462f7a3e19931505f991a6c2b7ccad2763adb5ff4091fdb739dfe3dfac994b65e095fbe35f967d17e6fe77d072448ca388cbe1086de5e4c3bacd4ec5254ccdf173f62bcbbfc2f3fb775d8d09070d7ed9f5d34b346ea49c07a5bda5b00c4ddac15c18e51cbaf91d97c31e17a664909f88840463c0c37dc4449f1a214bd7bb6ce81ef04608ca8a5d470f233d20f330b8b0c2ffa788b5e0e780db4b183cf836e5f67b95efca2b2538b794b5a633171647314115ae45dc66ecf6ae08dc5c9fe41fde
krbtgt:CLEARTEXT:0x897ccac1133062972be7fcfa6c6bb0b9dc92f476acc07909dcad148b7cc332e27b4dc0c53e24a46d69e2b6505fb2880ea2b0290aad7a072d4a921f42400e55241241a8ccb8cb7430c8ed8e7775383ab445c77587c64fd25645628a7f6daab5cc45d18b1e68e6f4d77de728b959991649997a5ead5cd3d425b261a6ee0731c8e90b4b80e0613fb82bfe609d59cec51e3c1410a80db4dd7f614a4cd349b01d63a454e9fad6c636497b475726431b1229ff70965288eb92c96943da98bcba0a065be07fd17b0701a5171c5e84ac8a3312ad7bde9a7d23ff2da73426f317c82a854afd879ff4a69cfbc77080a66cf32bc4cc369cc018687868d85ce1e11c338c4f54963738f2347015dbbe4c9cb73136125ec35b9fb0d31081ab69c1eb835072252474b8bab7b5ffaa8d741cc3574c2ded1c7ee0983f96cfb70f4f5e53d76db378a256e222303eab0add49f74f05696bcd19878b96db84018c7cc6b40b2cabeb6d103e2006ee0ee77794aa36c42ab3417aefbba69ecd75c22aeae2869956086f1eaf67cbfcd16208b0e5c0d248e233e381f6ae793b3310851663360fa0c282a2d2592d229cc6dd5c680850fadfadac47cbe31302544b74a0735160404dd8373aab220819f6556a3e26b2c9b20c6eaf4bd78edaacc19bb62c48e72a63bb1cf13dd2fe08e71599c651a08ae30f73986463748d6f61d018011146670da17f9b70b2f753
christy.davis:CLEARTEXT:qam413qaz
jacqueline.elliott:CLEARTEXT:saf342gur
jennifer.freeman:CLEARTEXT:dun618wuz
anna.pugh:CLEARTEXT:tum468yuv
craig.brown:CLEARTEXT:nup127lag
travis.hebert:CLEARTEXT:cip133sen
david.bailey:CLEARTEXT:vaq720tiw
scott.avila:CLEARTEXT:pur877ram
joseph.smith:CLEARTEXT:gak796yan
sandra.henderson:CLEARTEXT:ROCK123
darren.williams:CLEARTEXT:blues22
allison.hamilton:CLEARTEXT:tiny85
lori.petersen:CLEARTEXT:ricale
john.leguizamo:CLEARTEXT:lordoftheflame
LP$:CLEARTEXT:0x5cd9fe2c53aeb7cd8d7a63347c2fa4ff9bb469d042730ad73658cf6ce77a60f80e0577ca4e424ddc98093ab6a5d710aa0401851475f1587c71440f3896164a86b2720d890489374343755e8709c67f1aa3838d9fe177bc328db0d8291bf557b3fded801371fbe5abfca35d3933c4e6eb2ddaa3ffd34cf599715a0f0a541592cabccb9b12aea10162caf7dcacd506c5a8f8dec6d751e9ce4e8089151c3c9c99e8c0e7242836d6cf2a270044e6dfd4aeb4beb39deacce9753bee2df21fced602c0d04110dd9dcc78ca5f8da433ca1d46eaec171a7b72bc139fb18ef42880a892746ea0884ec233622d4289211e57c48338
DB$:CLEARTEXT:#J<TPGU+yN;H1]LSI\OjA1>C-i8sK+Q/N+v^oOGK%bScABlyxH?)TO<3B1CW@8zWPdt<8iSnd@K*>KGeKNOJ)/*6Acx\&W.Pt0qYFMMfI?B^tcdKT*Jz(tQK
WWW$:CLEARTEXT:6)RV<,SdqN.0:D0Ywy7bbLJ>pVtFzrlzo2Ub_^Ga7&&Jg?Vu)+ej*cN\l<A]g#Pf8NmR[[rVt[.QgCyb-_u6;E-:E06-D5p9GM^sESi39^j5rs]Rzj5/v26)
WMS$:CLEARTEXT:;rx\gbkIY06]zsl9ZmXsKUe)kJz4\/((h>Q<zpQyYNRv8]yl)X>&<na<.pKM,<MNiuOwUPp023.M;;5ZAhLG%8%M<(+G9,<\_N1kHTTyG@HXdk=0o_/(wo)2
team4.isucdc.com\dale.gribble:CLEARTEXT:Redteamuser123
Notable Vulnerabilities
wms.team4.isucdc.com SSH uses default creds (cdc:cdc)
db.team4.isucdc.com SSH for richard (richard:cdc)
Taken from pam sniffer on db
2026-04-25_13:49:42 root, taco, From: 12.110.242.173
2026-04-25_13:50:02 jennifer.freeman, dun618wuz, From: 12.110.242.187
2026-04-25_13:55:02 jennifer.freeman, dun618wuz, From: 68.32.254.50
2026-04-25_14:00:02 christy.davis, qam413qaz, From: 12.110.242.189
2026-04-25_13:50:02 jennifer.freeman, dun618wuz, From: 12.110.242.187
2026-04-25_13:55:02 jennifer.freeman, dun618wuz, From: 68.32.254.50
2026-04-25_14:00:02 christy.davis, qam413qaz, From: 12.110.242.189
Notable Defenses
Add content here...
Team Spirit Issues
Add content here...