Team 4 Wiki Page

Signup Login

Number: Team 4
Name: Terminal-ly Ill
IP Range: 200.2.96.0/24
Domain: team4.isucdc.com
Current Place: 3rd
Red Teamer(s): None

Blue Flags
LTV /etc/ AD C:\Windows\System32\ JD C:\Windows\System32\ NEWS /etc/ WSTN /etc/ WWW /etc/ x-api-key-flag TX Arduino LoRa

Red Flags
WSTN /root/ WWW /root/ AD C:\Users\Administrator\ JD C:\Users\Administrator\ LTV /root/ NEWS /root/

AD LDAP

AD RDP

JD RDP

LTV SSH

NEWS SSH

NEWS HTTP

WSTN SSH

WSTN MQTT

WWW SSH

WWW HTTP

# Nmap 7.93 scan initiated Sat Dec 6 08:24:22 2025

Nmap scan report for ad.team4.isucdc.com (200.2.96.10)

Host is up (0.056s latency).

Not shown: 65533 filtered tcp ports (no-response)

PORT STATE SERVICE VERSION

389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: team4.isucdc.com0., Site: Default-First-Site-Name)

3389/tcp open ms-wbt-server Microsoft Terminal Services

|_ssl-date: 2025-12-06T14:31:41+00:00; -1s from scanner time.

| ssl-cert: Subject: commonName=ad.team4.isucdc.com

| Not valid before: 2025-11-06T18:58:37

|_Not valid after: 2026-05-08T18:58:37

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

OS fingerprint not ideal because: Missing a closed TCP port so results incomplete

No OS matches for host

Network Distance: 1 hop

Service Info: Host: AD; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:

|_clock-skew: -1s

TRACEROUTE (using port 80/tcp)

HOP RTT ADDRESS

1 24.00 ms 200.2.96.10

Nmap scan report for jd.team4.isucdc.com (200.2.96.20)

Host is up (0.034s latency).

Not shown: 65534 filtered tcp ports (no-response)

PORT STATE SERVICE VERSION

3389/tcp open ms-wbt-server Microsoft Terminal Services

| ssl-cert: Subject: commonName=jd.team4.isucdc.com

| Not valid before: 2025-11-06T20:41:23

|_Not valid after: 2026-05-08T20:41:23

|_ssl-date: TLS randomness does not represent time

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

OS fingerprint not ideal because: Missing a closed TCP port so results incomplete

No OS matches for host

Network Distance: 1 hop

Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

TRACEROUTE (using port 80/tcp)

HOP RTT ADDRESS

1 23.00 ms 200.2.96.20

Nmap scan report for ltv.team4.isucdc.com (200.2.96.30)

Host is up (0.060s latency).

Not shown: 65534 filtered tcp ports (no-response)

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)

| ssh-hostkey:

| 1024 0c7c02eb5a9fe29566c11e06cf84cf47 (DSA)

| 2048 453739b58fc6b978ab1e41dd81596ecf (RSA)

| 256 89e9f14ac8d9391f078dd4603c19c4dd (ECDSA)

|_ 256 58de7185954051643b9ee99cebfdf838 (ED25519)

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

OS fingerprint not ideal because: Missing a closed TCP port so results incomplete

No OS matches for host

Network Distance: 1 hop

Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 80/tcp)

HOP RTT ADDRESS

1 34.00 ms 200.2.96.30

Nmap scan report for news.team4.isucdc.com (200.2.96.40)

Host is up (0.038s latency).

Not shown: 65533 filtered tcp ports (no-response)

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)

| ssh-hostkey:

| 2048 357994a98dd506f35bb6c7317962de08 (RSA)

| 256 95a6a90f800410e48ba00b686b3907e8 (ECDSA)

|_ 256 9578e1eedc0ef62ba30dddaae08fa7cd (ED25519)

8080/tcp open http-proxy

| fingerprint-strings:

| FourOhFourRequest:

| HTTP/1.1 404

| Vary: Origin

| Vary: Access-Control-Request-Method

| Vary: Access-Control-Request-Headers

| Content-Disposition: inline;filename=f.txt

| Content-Type: application/json

| Date: Sat, 06 Dec 2025 03:46:49 GMT

| Connection: close

| {"timestamp":"2025-12-06T03:46:49.337+00:00","status":404,"error":"Not Found","message":"","path":"/nice%20ports%2C/Tri%6Eity.txt%2ebak"}

| GetRequest:

| HTTP/1.1 404

| Vary: Origin

| Vary: Access-Control-Request-Method

| Vary: Access-Control-Request-Headers

| Content-Type: application/json

| Date: Sat, 06 Dec 2025 03:46:49 GMT

| Connection: close

| {"timestamp":"2025-12-06T03:46:49.100+00:00","status":404,"error":"Not Found","message":"","path":"/"}

| HTTPOptions:

| HTTP/1.1 404

| Vary: Origin

| Vary: Access-Control-Request-Method

| Vary: Access-Control-Request-Headers

| Content-Type: application/json

| Date: Sat, 06 Dec 2025 03:46:49 GMT

| Connection: close

| {"timestamp":"2025-12-06T03:46:49.229+00:00","status":404,"error":"Not Found","message":"","path":"/"}

| RTSPRequest:

| HTTP/1.1 400

| Content-Type: text/html;charset=utf-8

| Content-Language: en

| Content-Length: 435

| Date: Sat, 06 Dec 2025 03:46:49 GMT

| Connection: close

| HTTP Status 400 </div><div>| Requestbody {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}

HTTP Status 400

|_ Request

|_http-title: Site doesn't have a title (application/json).

1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :

SF-Port8080-TCP:V=7.93%I=7%D=12/6%Time=69343E3D%P=i686-pc-windows-windows%

SF:r(GetRequest,128,"HTTP/1\.1\x20404\x20\r\nVary:\x20Origin\r\nVary:\x20A

SF:ccess-Control-Request-Method\r\nVary:\x20Access-Control-Request-Headers

SF:\r\nContent-Type:\x20application/json\r\nDate:\x20Sat,\x2006\x20Dec\x20

SF:2025\x2003:46:49\x20GMT\r\nConnection:\x20close\r\n\r\n{\"timestamp\":\

SF:"2025-12-06T03:46:49\.100\+00:00\",\"status\":404,\"error\":\"Not\x20Fo

SF:und\",\"message\":\"\",\"path\":\"/\"}")%r(HTTPOptions,128,"HTTP/1\.1\x

SF:20404\x20\r\nVary:\x20Origin\r\nVary:\x20Access-Control-Request-Method\

SF:r\nVary:\x20Access-Control-Request-Headers\r\nContent-Type:\x20applicat

SF:ion/json\r\nDate:\x20Sat,\x2006\x20Dec\x202025\x2003:46:49\x20GMT\r\nCo

SF:nnection:\x20close\r\n\r\n{\"timestamp\":\"2025-12-06T03:46:49\.229\+00

SF::00\",\"status\":404,\"error\":\"Not\x20Found\",\"message\":\"\",\"path

SF:\":\"/\"}")%r(RTSPRequest,24E,"HTTP/1\.1\x20400\x20\r\nContent-Type:\x2

SF:0text/html;charset=utf-8\r\nContent-Language:\x20en\r\nContent-Length:\

SF:x20435\r\nDate:\x20Sat,\x2006\x20Dec\x202025\x2003:46:49\x20GMT\r\nConn

SF:ection:\x20close\r\n\r\n

SF:itle>HTTP\x20Status\x20400\x20\xe2\x80\x93\x20Bad\x20Request

SF:yle\x20type=\"text/css\">body\x20{font-family:Tahoma,Arial,sans-serif;}

SF:\x20h1,\x20h2,\x20h3,\x20b\x20{color:white;background-color:#525D76;}\x

SF:20h1\x20{font-size:22px;}\x20h2\x20{font-size:16px;}\x20h3\x20{font-siz

SF:e:14px;}\x20p\x20{font-size:12px;}\x20a\x20{color:black;}\x20\.line\x20

SF:{height:1px;background-color:#525D76;border:none;}

SF:

HTTP\x20Status\x20400\x20\xe2\x80\x93\x20Bad\x20Request

SF:")%r(FourOhFourRequest,177,"HTTP/1\.1\x20404\x20\r\nVary:\x20Ori

SF:gin\r\nVary:\x20Access-Control-Request-Method\r\nVary:\x20Access-Contro

SF:l-Request-Headers\r\nContent-Disposition:\x20inline;filename=f\.txt\r\n

SF:Content-Type:\x20application/json\r\nDate:\x20Sat,\x2006\x20Dec\x202025

SF:\x2003:46:49\x20GMT\r\nConnection:\x20close\r\n\r\n{\"timestamp\":\"202

SF:5-12-06T03:46:49\.337\+00:00\",\"status\":404,\"error\":\"Not\x20Found\

SF:",\"message\":\"\",\"path\":\"/nice%20ports%2C/Tri%6Eity\.txt%2ebak\"}"

SF:);

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

OS fingerprint not ideal because: Missing a closed TCP port so results incomplete

No OS matches for host

Network Distance: 1 hop

Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 80/tcp)

HOP RTT ADDRESS

1 31.00 ms 200.2.96.40

Nmap scan report for wstn.team4.isucdc.com (200.2.96.50)

Host is up (0.012s latency).

Not shown: 65533 filtered tcp ports (no-response)

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 8.4p1 Debian 5+deb11u3 (protocol 2.0)

| ssh-hostkey:

| 3072 5a185df5ed7864cc5387404bb610863a (RSA)

| 256 e474126041a3534067eeeadac542e3fd (ECDSA)

|_ 256 0799db383afe5abafc5c27c9ea83c3c5 (ED25519)

1883/tcp open mosquitto version 2.0.11

| mqtt-subscribe:

| Topics and their most recent payloads:

| $SYS/broker/clients/connected: 2

| $SYS/broker/load/messages/received/1min: 0.85

| $SYS/broker/bytes/received: 534

| $SYS/broker/load/sockets/5min: 0.46

| $SYS/broker/load/messages/received/15min: 0.99

| $SYS/broker/version: mosquitto version 2.0.11

| $SYS/broker/load/messages/sent/15min: 0.99

| $SYS/broker/load/bytes/received/1min: 1.70

| $SYS/broker/messages/received: 249

| $SYS/broker/load/sockets/15min: 0.29

| $SYS/broker/heap/current: 45152

| $SYS/broker/load/messages/received/5min: 0.97

| $SYS/broker/messages/sent: 249

| $SYS/broker/heap/maximum: 45504

| $SYS/broker/bytes/sent: 503

| $SYS/broker/load/sockets/1min: 1.36

| $SYS/broker/load/messages/sent/5min: 0.97

| $SYS/broker/load/bytes/received/5min: 1.95

| $SYS/broker/load/bytes/sent/1min: 1.70

| $SYS/broker/clients/disconnected: -1

| $SYS/broker/store/messages/bytes: 192

| $SYS/broker/clients/active: 2

| $SYS/broker/uptime: 14889 seconds

| $SYS/broker/clients/inactive: -1

| $SYS/broker/load/bytes/sent/15min: 1.98

| $SYS/broker/load/bytes/sent/5min: 1.95

| $SYS/broker/load/messages/sent/1min: 0.85

|_ $SYS/broker/load/bytes/received/15min: 1.98

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

OS fingerprint not ideal because: Missing a closed TCP port so results incomplete

No OS matches for host

Network Distance: 1 hop

Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 80/tcp)

HOP RTT ADDRESS

1 12.00 ms 200.2.96.50

Nmap scan report for www.team4.isucdc.com (200.2.96.60)

Host is up (0.0076s latency).

Not shown: 65533 filtered tcp ports (no-response)

PORT STATE SERVICE VERSION

22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u7 (protocol 2.0)

| ssh-hostkey:

| 256 a06a89c7a4b137232d3aa124c3761006 (ECDSA)

|_ 256 a87c353ddf2b92072b1ec85a8dd37e0f (ED25519)

80/tcp open http Apache httpd 2.4.65 ((Debian))

|_http-title: Arrow pointing to the left

|_http-server-header: Apache/2.4.65 (Debian)

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port

OS fingerprint not ideal because: Missing a closed TCP port so results incomplete

No OS matches for host

Network Distance: 1 hop

Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

TRACEROUTE (using port 80/tcp)

HOP RTT ADDRESS

1 11.00 ms 200.2.96.60

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

# Nmap done at Sat Dec 6 08:36:12 2025 -- 6 IP addresses (6 hosts up) scanned in 710.38 seconds

cat toomanysecrets.log
2025-12-05_22:52:04 david.ward, keq414buz, From: 49.10.235.154
2025-12-05_22:56:13 cdc, Vials!-ups-toto-%nessa%-counts-!pillow, From:

2025-12-05_22:57:04 matthew.hansen, zaz222qaw, From: 49.10.235.154

2025-12-06_10:40:07 alison.taylor, jez929wev, From: 49.10.235.154
2025-12-06_10:45:08 alison.taylor, jez929wev, From: 49.10.235.154

cdc, @UIDUYGVWY£UQYUK£EB&@Q^wuybbduyhqauyJgeuq7iyN&@^NW@Twu6ayg76yatggu7!N&@£%RQwsfbzyf@%^QVwau6bt7&23t6w5stzguajUKNHWu6tYU@Y£ngutaey7i£NY&UIYAUW(O£UH@Iy3egssyuz7yguahtb£@w5bsuygb6%Y£, From: 199.100.16.101
2025-12-06_11:00:08 alison.taylor, jez929wev, From: 49.10.235.154
2025-12-06_11:05:08 nicole.galvan, wej122bum, From: 49.10.235.154
2025-12-06_11:10:09 lance.hickman, mad627gok, From: 49.10.235.154
2025-12-06_11:14:45 david.ward, keq414buz, From: 12.110.177.0
2025-12-06_11:15:08 alison.taylor, jez929wev, From: 49.10.235.154
2025-12-06_11:20:08 lance.hickman, mad627gok, From: 49.10.235.154

All flags for team 4 except AD and red flags on www and news have been grabbed holding until we have all flags.

Team 4 Wiki Page

Team Information

Flag Status

Service Status

Nmap

HTTP Status 400

HTTP\x20Status\x20400\x20\xe2\x80\x93\x20Bad\x20Request

Notable Vulnerabilities

Notable Defenses

Team Spirit Issues