Team 8 Wiki Page

Signup Login
Team Information
Team ISEd Tea logo
Number
Team 8
Name
ISEd Tea
IP Range
104.190.101.0/24
Domain
team8.isucdc.com
Current Place
2nd
Red Teamer(s)
None
Flag Status
Blue Flags
AD C:\Windows\System32\ JD C:\Windows\System32\ LTV /etc/ NEWS /etc/ WSTN /etc/ WWW /etc/ TX Arduino LoRa x-api-key-flag
Red Flags
AD C:\Users\Administrator\ JD C:\Users\Administrator\ LTV /root/ NEWS /root/ WSTN /root WWW /root
Service Status
AD LDAP
AD RDP
JD RDP
LTV SSH
NEWS SSH
NEWS HTTP
WSTN SSH
WSTN MQTT
WWW SSH
WWW HTTP
Nmap
Uploaded Files: TEAM8
AD

PORT     STATE SERVICE       VERSION
389/tcp  open  ldap          Microsoft Windows Active Directory LDAP (Domain: team8.isucdc.com0., Site: Default-First-Site-Name)
3389/tcp open  ms-wbt-server Microsoft Terminal Services
| rdp-ntlm-info: 
|   Target_Name: TEAM8
|   NetBIOS_Domain_Name: TEAM8
|   NetBIOS_Computer_Name: AD
|   DNS_Domain_Name: team8.isucdc.com
|   DNS_Computer_Name: ad.team8.isucdc.com
|   DNS_Tree_Name: team8.isucdc.com
|   Product_Version: 10.0.17763
|_  System_Time: 2025-10-04T14:52:17+00:00
| ssl-cert: Subject: commonName=ad.team8.isucdc.com
| Not valid before: 2025-09-05T01:19:49
|_Not valid after:  2026-03-07T01:19:49
|_ssl-date: 2025-10-04T14:52:22+00:00; -3s from scanner time.
Service Info: Host: AD; OS: Windows; CPE: cpe:/o:microsoft:windows

JD

PORT     STATE SERVICE       VERSION
3389/tcp open  ms-wbt-server Microsoft Terminal Services
|_ssl-date: TLS randomness does not represent time
| rdp-ntlm-info: 
|   Target_Name: TEAM8
|   NetBIOS_Domain_Name: TEAM8
|   NetBIOS_Computer_Name: JD
|   DNS_Domain_Name: team8.isucdc.com
|   DNS_Computer_Name: jd.team8.isucdc.com
|   DNS_Tree_Name: team8.isucdc.com
|   Product_Version: 10.0.22621
|_  System_Time: 2025-10-04T14:54:00+00:00
| ssl-cert: Subject: commonName=jd.team8.isucdc.com
| Not valid before: 2025-09-07T16:21:52
|_Not valid after:  2026-03-09T16:21:52
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

LTV

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   1024 0c:7c:02:eb:5a:9f:e2:95:66:c1:1e:06:cf:84:cf:47 (DSA)
|   2048 45:37:39:b5:8f:c6:b9:78:ab:1e:41:dd:81:59:6e:cf (RSA)
|   256 89:e9:f1:4a:c8:d9:39:1f:07:8d:d4:60:3c:19:c4:dd (ECDSA)
|_  256 58:de:71:85:95:40:51:64:3b:9e:e9:9c:eb:fd:f8:38 (ED25519)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

NEWS

PORT     STATE SERVICE    VERSION
22/tcp   open  ssh        OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   2048 35:79:94:a9:8d:d5:06:f3:5b:b6:c7:31:79:62:de:08 (RSA)
|   256 95:a6:a9:0f:80:04:10:e4:8b:a0:0b:68:6b:39:07:e8 (ECDSA)
|_  256 95:78:e1:ee:dc:0e:f6:2b:a3:0d:dd:aa:e0:8f:a7:cd (ED25519)
8080/tcp open  http-proxy
|_http-title: Site doesn't have a title (application/json).
| fingerprint-strings: 
|   FourOhFourRequest: 
|     HTTP/1.1 404 
|     Vary: Origin
|     Vary: Access-Control-Request-Method
|     Vary: Access-Control-Request-Headers
|     Content-Disposition: inline;filename=f.txt
|     Content-Type: application/json
|     Date: Sat, 04 Oct 2025 14:54:13 GMT
|     Connection: close
|     {"timestamp":"2025-10-04T14:54:13.802+00:00","status":404,"error":"Not Found","path":"/nice%20ports%2C/Tri%6Eity.txt%2ebak"}
|   GetRequest: 
|     HTTP/1.1 404 
|     Vary: Origin
|     Vary: Access-Control-Request-Method
|     Vary: Access-Control-Request-Headers
|     Content-Type: application/json
|     Date: Sat, 04 Oct 2025 14:54:13 GMT
|     Connection: close
|     {"timestamp":"2025-10-04T14:54:13.644+00:00","status":404,"error":"Not Found","path":"/"}
|   HTTPOptions: 
|     HTTP/1.1 404 
|     Vary: Origin
|     Vary: Access-Control-Request-Method
|     Vary: Access-Control-Request-Headers
|     Content-Type: application/json
|     Date: Sat, 04 Oct 2025 14:54:13 GMT
|     Connection: close
|     {"timestamp":"2025-10-04T14:54:13.680+00:00","status":404,"error":"Not Found","path":"/"}
|   RTSPRequest, Socks5: 
|     HTTP/1.1 400 
|     Content-Type: text/html;charset=utf-8
|     Content-Language: en
|     Content-Length: 435
|     Date: Sat, 04 Oct 2025 14:54:13 GMT
|     Connection: close
|     HTTP Status 400 <br>|     Requestbody {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}

HTTP Status 400 
|_    Request


WSTN

PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 8.4p1 Debian 5+deb11u3 (protocol 2.0)
| ssh-hostkey: 
|   3072 5a:18:5d:f5:ed:78:64:cc:53:87:40:4b:b6:10:86:3a (RSA)
|   256 e4:74:12:60:41:a3:53:40:67:ee:ea:da:c5:42:e3:fd (ECDSA)
|_  256 07:99:db:38:3a:fe:5a:ba:fc:5c:27:c9:ea:83:c3:c5 (ED25519)
1883/tcp open  mqtt
|_mqtt-subscribe: Connection rejected: Not Authorized
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

WWW

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 9.2p1 Debian 2+deb12u7 (protocol 2.0)
| ssh-hostkey: 
|   256 a0:6a:89:c7:a4:b1:37:23:2d:3a:a1:24:c3:76:10:06 (ECDSA)
|_  256 a8:7c:35:3d:df:2b:92:07:2b:1e:c8:5a:8d:d3:7e:0f (ED25519)
80/tcp open  http    Apache httpd
|_http-title: Site doesn't have a title (text/html;charset=utf-8).
|_http-server-header: Apache
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel





Notable Vulnerabilities
Just disabled the user on news.
root:!$1$dgQLqdog$sDKuQFfXEzcOWXUkfFljy1:20330:0:99999:7:::


Logged in and dumped using pamspy
`tina.bell, quw327leh`
2025-10-04_15:25:15  tina.bell, quw327leh, From: 49.10.235.154
2025-10-04_15:30:15  jennifer.smith, yaj747pus, From: 49.10.235.154

Notable Defenses
wazuh, fail2ban,
Team Spirit Issues
Disabled user accounts...

Banning IP addresses for normal user actions.