Team 1 Wiki Page

Signup Login

Number: Team 1
Name: IPv6 Hate Club
IP Range: 64.39.3.0/24
Domain: team1.isucdc.com
Current Place: 2nd
Red Teamer(s): None

Blue Flags
LTV /etc/ AD C:\Windows\System32\ JD C:\Windows\System32\ NEWS /etc/ WSTN /etc/ WWW /etc/ x-api-key-flag TX Arduino LoRa

Red Flags
WSTN /root/ WWW /root/ AD C:\Users\Administrator\ JD C:\Users\Administrator\ LTV /root/ NEWS /root/

AD LDAP

AD RDP

JD RDP

LTV SSH

NEWS SSH

NEWS HTTP

WSTN SSH

WSTN MQTT

WWW SSH

WWW HTTP

2025-12-06_14:05:13 david.ward, geh100rig, From: 49.10.235.154

2025-12-06_14:10:13 matthew.hansen, yih559ten, From: 49.10.235.154

LTV
2025-12-06_14:17:50 cdc, hygDag-kadvi8, From: 10.10.40.10

# Nmap 7.93 scan initiated Sat Dec 6 08:21:28 2025

Nmap scan report for ad.team1.isucdc.com (64.39.3.10)

Host is up (0.0091s latency).

rDNS record for 64.39.3.10: rufriends.com

Not shown: 65531 filtered tcp ports (no-response)

PORT STATE SERVICE VERSION

80/tcp open http Apache httpd 2.4.65 ((Debian))

|_http-title: Arrow pointing to the left

|_http-server-header: Apache/2.4.65 (Debian)

1883/tcp open mqtt

|_mqtt-subscribe: Connection rejected: Not Authorized

3389/tcp open ms-wbt-server Microsoft Terminal Services

| rdp-ntlm-info:

| Target_Name: TEAM1

| NetBIOS_Domain_Name: TEAM1

| NetBIOS_Computer_Name: AD

| DNS_Domain_Name: team1.isucdc.com

| DNS_Computer_Name: ad.team1.isucdc.com

| DNS_Tree_Name: team1.isucdc.com

| Product_Version: 10.0.17763

|_ System_Time: 2025-12-06T14:34:47+00:00

|_ssl-date: 2025-12-06T14:34:53+00:00; -1s from scanner time.

| ssl-cert: Subject: commonName=ad.team1.isucdc.com

| Not valid before: 2025-11-04T03:15:22

|_Not valid after: 2026-05-06T03:15:22

8080/tcp open http-proxy

|_http-title: Site doesn't have a title.

| fingerprint-strings:

| FourOhFourRequest:

| HTTP/1.1 401

| WWW-Authenticate: Basic realm="Realm"

| Content-Length: 0

| Date: Sat, 06 Dec 2025 14:34:37 GMT

| Connection: close

| GetRequest, HTTPOptions:

| HTTP/1.1 401

| WWW-Authenticate: Basic realm="Realm"

| X-Content-Type-Options: nosniff

| X-XSS-Protection: 1; mode=block

| Cache-Control: no-cache, no-store, max-age=0, must-revalidate

| Pragma: no-cache

| Expires: 0

| X-Frame-Options: DENY

| Content-Length: 0

| Date: Sat, 06 Dec 2025 14:34:37 GMT

| Connection: close

| RTSPRequest, Socks5:

| HTTP/1.1 400

| Content-Type: text/html;charset=utf-8

| Content-Language: en

| Content-Length: 435

| Date: Sat, 06 Dec 2025 14:34:37 GMT

| Connection: close

| HTTP Status 400

| Requestbody {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}

HTTP Status 400

|_ Request

| http-auth:

| HTTP/1.1 401 \x0D

|_ Basic realm=Realm

1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :

SF-Port8080-TCP:V=7.93%I=7%D=12/6%Time=69343EFC%P=i686-pc-windows-windows%

SF:r(GetRequest,139,"HTTP/1\.1\x20401\x20\r\nWWW-Authenticate:\x20Basic\x2

SF:0realm=\"Realm\"\r\nX-Content-Type-Options:\x20nosniff\r\nX-XSS-Protect

SF:ion:\x201;\x20mode=block\r\nCache-Control:\x20no-cache,\x20no-store,\x2

SF:0max-age=0,\x20must-revalidate\r\nPragma:\x20no-cache\r\nExpires:\x200\

SF:r\nX-Frame-Options:\x20DENY\r\nContent-Length:\x200\r\nDate:\x20Sat,\x2

SF:006\x20Dec\x202025\x2014:34:37\x20GMT\r\nConnection:\x20close\r\n\r\n")

SF:%r(HTTPOptions,139,"HTTP/1\.1\x20401\x20\r\nWWW-Authenticate:\x20Basic\

SF:x20realm=\"Realm\"\r\nX-Content-Type-Options:\x20nosniff\r\nX-XSS-Prote

SF:ction:\x201;\x20mode=block\r\nCache-Control:\x20no-cache,\x20no-store,\

SF:x20max-age=0,\x20must-revalidate\r\nPragma:\x20no-cache\r\nExpires:\x20

SF:0\r\nX-Frame-Options:\x20DENY\r\nContent-Length:\x200\r\nDate:\x20Sat,\

SF:x2006\x20Dec\x202025\x2014:34:37\x20GMT\r\nConnection:\x20close\r\n\r\n

SF:")%r(RTSPRequest,24E,"HTTP/1\.1\x20400\x20\r\nContent-Type:\x20text/htm

SF:l;charset=utf-8\r\nContent-Language:\x20en\r\nContent-Length:\x20435\r\

SF:nDate:\x20Sat,\x2006\x20Dec\x202025\x2014:34:37\x20GMT\r\nConnection:\x

SF:20close\r\n\r\nHTTP

SF:\x20Status\x20400\x20\xe2\x80\x93\x20Bad\x20Request

SF:pe=\"text/css\">body\x20{font-family:Tahoma,Arial,sans-serif;}\x20h1,\x

SF:20h2,\x20h3,\x20b\x20{color:white;background-color:#525D76;}\x20h1\x20{

SF:font-size:22px;}\x20h2\x20{font-size:16px;}\x20h3\x20{font-size:14px;}\

SF:x20p\x20{font-size:12px;}\x20a\x20{color:black;}\x20\.line\x20{height:1

SF:px;background-color:#525D76;border:none;}

HTTP\

SF:x20Status\x20400\x20\xe2\x80\x93\x20Bad\x20Request")

SF:%r(FourOhFourRequest,83,"HTTP/1\.1\x20401\x20\r\nWWW-Authenticate:\x20B

SF:asic\x20realm=\"Realm\"\r\nContent-Length:\x200\r\nDate:\x20Sat,\x2006\

SF:x20Dec\x202025\x2014:34:37\x20GMT\r\nConnection:\x20close\r\n\r\n")%r(S

SF:ocks5,24E,"HTTP/1\.1\x20400\x20\r\nContent-Type:\x20text/html;charset=u

SF:tf-8\r\nContent-Language:\x20en\r\nContent-Length:\x20435\r\nDate:\x20S

SF:at,\x2006\x20Dec\x202025\x2014:34:37\x20GMT\r\nConnection:\x20close\r\n

SF:\r\nHTTP\x20Status\

SF:x20400\x20\xe2\x80\x93\x20Bad\x20Request

SF:ss\">body\x20{font-family:Tahoma,Arial,sans-serif;}\x20h1,\x20h2,\x20h3

SF:,\x20b\x20{color:white;background-color:#525D76;}\x20h1\x20{font-size:2

SF:2px;}\x20h2\x20{font-size:16px;}\x20h3\x20{font-size:14px;}\x20p\x20{fo

SF:nt-size:12px;}\x20a\x20{color:black;}\x20\.line\x20{height:1px;backgrou

SF:nd-color:#525D76;border:none;}

HTTP\x20Status\x

SF:20400\x20\xe2\x80\x93\x20Bad\x20Request");

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

OS fingerprint not ideal because: Missing a closed TCP port so results incomplete

No OS matches for host

Network Distance: 1 hop

Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:

|_clock-skew: mean: -1s, deviation: 0s, median: -2s

TRACEROUTE (using port 80/tcp)

HOP RTT ADDRESS

1 7.00 ms rufriends.com (64.39.3.10)

Nmap scan report for jd.team1.isucdc.com (64.39.3.20)

Host is up (0.0079s latency).

Not shown: 65534 filtered tcp ports (no-response)

PORT STATE SERVICE VERSION

1883/tcp open mqtt

|_mqtt-subscribe: Connection rejected: Not Authorized

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

OS fingerprint not ideal because: Missing a closed TCP port so results incomplete

No OS matches for host

Network Distance: 1 hop

TRACEROUTE (using port 80/tcp)

HOP RTT ADDRESS

1 7.00 ms 64.39.3.20

Nmap scan report for ltv.team1.isucdc.com (64.39.3.30)

Host is up (0.0084s latency).

Not shown: 65531 filtered tcp ports (no-response)

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)

| ssh-hostkey:

| 1024 0c7c02eb5a9fe29566c11e06cf84cf47 (DSA)

| 2048 453739b58fc6b978ab1e41dd81596ecf (RSA)

| 256 89e9f14ac8d9391f078dd4603c19c4dd (ECDSA)

|_ 256 58de7185954051643b9ee99cebfdf838 (ED25519)