Team Information
- Number
- Team 10
- Name
- DMACC-Bearry's
- IP Range
- 6.87.159.0/24
- Domain
- team10.isucdc.com
- Current Place
- 4th
- Red Teamer(s)
- None
Service Status
| AD LDAP |
| AD RDP |
| JD RDP |
| LTV SSH |
| NEWS SSH |
| NEWS HTTP |
| WSTN SSH |
| WSTN MQTT |
| WWW SSH |
| WWW HTTP |
Nmap
FLAGS: Dont cap
www etc: noGSo9zGhroS0kunxP3fSzUMpExUJu8r1GcVKlKrziZV1KbBcu
wstn etc: tSvnBNEaGQe4MVUdVNtWu62p21RdpDapOmz3nf5BWxvn2XZMp5
wstn etc: tSvnBNEaGQe4MVUdVNtWu62p21RdpDapOmz3nf5BWxvn2XZMp5
ltv etc: j2mrc2ltfcqqUz6IY0BYZmhsSps3vHWJhoRoh8facPdN1LU3sJ
news etc: TnPkmq1TQCq398XRRAQ3BQVP22WlQYFCSysF9ZhaZG2ghjLABh
ad win32: oRScrCGcuqcoaYksaLmVMd4xl9dM6ttEF2BhIiNgju6uGGJVLf
david.ward@wstn:/opt/weather_station$ cat loraDecoder.py
from dataclasses import dataclass
from typing import Optional
BUFFER_SIZE = 17
TEAM_NUMBER = 0X0A
# shared priv. keys
K_MAC = 0xA7
K_STREAM = 0x5D
@dataclass
class DecodedPacket:
team: int
iteration: int
temperature: int
humidity: int
wind_speed: int
air_quality: int
flag: str
raw_bytes: bytes
class AuthError(Exception):
pass
class ReplayError(Exception):
pass
def decode_lora_payload(packet: bytes, last_iteration: Optional[int] = None) -> DecodedPacket:
"""
Decode and verify LoRa payload.
-packet: raw bytes from MQTT
-last_iteration: last accepted iteration (for replay detection)
Returns a DecodedPacket obj, or raises Auth or Replay errors.
"""
if len(packet) != BUFFER_SIZE:
raise ValueError(f"Expected {BUFFER_SIZE} bytes, got {len(packet)}")
team = packet[0]
if team != TEAM_NUMBER:
raise AuthError(f"Unexpected team number: {team:#02x}")
iteration = packet[1]
tag_rx = packet[2]
# simple replay protection
if last_iteration is not None:
# checks for iteration ordering
if iteration <= last_iteration:
raise ReplayError(f"Replay or out-of-order packet: iteration={iteration}, last={last_iteration}")
# create mutable copy for decrpytion
buff = bytearray(packet)
# 1. decrypt flag
ks = (K_STREAM ^ iteration) & 0xFF
for i in range(7, BUFFER_SIZE):
ks = (ks * 33 + 17) & 0xFF
buff[i] ^= ks
# 2. recompute mac over decryption
mac = K_MAC
mac ^= team
mac ^= iteration
for i in range(3, BUFFER_SIZE):
mac = ((mac* 33) ^ buff[i]) & 0xFF
if mac != tag_rx:
raise AuthError(f"MAC verification failed: expected {tag_rx:#02x}, computed {mac:#02x}")
# 3. extract fields from buff
temperature = buff[3]
humidity = buff[4]
wind_speed = buff[5]
air_quality = buff[6]
flag_bytes = bytes(buff[7:17])
try:
flag = flag_bytes.decode("ascii")
except UnicodeDecodeError:
flag = flag_bytes.decode("ascii", errors="replace")
return DecodedPacket(
team=team,
iteration=iteration,
temperature=temperature,
humidity=humidity,
wind_speed=wind_speed,
air_quality=air_quality,
flag=flag,
raw_bytes=bytes(buff),
)
from dataclasses import dataclass
from typing import Optional
BUFFER_SIZE = 17
TEAM_NUMBER = 0X0A
# shared priv. keys
K_MAC = 0xA7
K_STREAM = 0x5D
@dataclass
class DecodedPacket:
team: int
iteration: int
temperature: int
humidity: int
wind_speed: int
air_quality: int
flag: str
raw_bytes: bytes
class AuthError(Exception):
pass
class ReplayError(Exception):
pass
def decode_lora_payload(packet: bytes, last_iteration: Optional[int] = None) -> DecodedPacket:
"""
Decode and verify LoRa payload.
-packet: raw bytes from MQTT
-last_iteration: last accepted iteration (for replay detection)
Returns a DecodedPacket obj, or raises Auth or Replay errors.
"""
if len(packet) != BUFFER_SIZE:
raise ValueError(f"Expected {BUFFER_SIZE} bytes, got {len(packet)}")
team = packet[0]
if team != TEAM_NUMBER:
raise AuthError(f"Unexpected team number: {team:#02x}")
iteration = packet[1]
tag_rx = packet[2]
# simple replay protection
if last_iteration is not None:
# checks for iteration ordering
if iteration <= last_iteration:
raise ReplayError(f"Replay or out-of-order packet: iteration={iteration}, last={last_iteration}")
# create mutable copy for decrpytion
buff = bytearray(packet)
# 1. decrypt flag
ks = (K_STREAM ^ iteration) & 0xFF
for i in range(7, BUFFER_SIZE):
ks = (ks * 33 + 17) & 0xFF
buff[i] ^= ks
# 2. recompute mac over decryption
mac = K_MAC
mac ^= team
mac ^= iteration
for i in range(3, BUFFER_SIZE):
mac = ((mac* 33) ^ buff[i]) & 0xFF
if mac != tag_rx:
raise AuthError(f"MAC verification failed: expected {tag_rx:#02x}, computed {mac:#02x}")
# 3. extract fields from buff
temperature = buff[3]
humidity = buff[4]
wind_speed = buff[5]
air_quality = buff[6]
flag_bytes = bytes(buff[7:17])
try:
flag = flag_bytes.decode("ascii")
except UnicodeDecodeError:
flag = flag_bytes.decode("ascii", errors="replace")
return DecodedPacket(
team=team,
iteration=iteration,
temperature=temperature,
humidity=humidity,
wind_speed=wind_speed,
air_quality=air_quality,
flag=flag,
raw_bytes=bytes(buff),
)
# Nmap 7.93 scan initiated Sat Dec 6 08:25:02 2025
Nmap scan report for ad.team10.isucdc.com (6.87.159.10)
Host is up (0.0098s latency).
Not shown: 65514 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
53/tcp open domain Simple DNS Plus
88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2025-12-06 14:30:19Z)
135/tcp open msrpc Microsoft Windows RPC
139/tcp open netbios-ssn Microsoft Windows netbios-ssn
389/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: team10.isucdc.com0., Site: Default-First-Site-Name)
445/tcp open microsoft-ds?
464/tcp open kpasswd5?
593/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
636/tcp open tcpwrapped
3268/tcp open ldap Microsoft Windows Active Directory LDAP (Domain: team10.isucdc.com0., Site: Default-First-Site-Name)
3269/tcp open tcpwrapped
3389/tcp open ms-wbt-server Microsoft Terminal Services
| rdp-ntlm-info:
| Target_Name: TEAM10
| NetBIOS_Domain_Name: TEAM10
| NetBIOS_Computer_Name: AD
| DNS_Domain_Name: team10.isucdc.com
| DNS_Computer_Name: ad.team10.isucdc.com
| DNS_Tree_Name: team10.isucdc.com
| Product_Version: 10.0.17763
|_ System_Time: 2025-12-06T14:32:00+00:00
|_ssl-date: 2025-12-06T14:32:39+00:00; -17s from scanner time.
| ssl-cert: Subject: commonName=ad.team10.isucdc.com
| Not valid before: 2025-11-06T19:07:35
|_Not valid after: 2026-05-08T19:07:35
5985/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-title: Not Found
|_http-server-header: Microsoft-HTTPAPI/2.0
9389/tcp open mc-nmf .NET Message Framing
49668/tcp open msrpc Microsoft Windows RPC
49672/tcp open ncacn_http Microsoft Windows RPC over HTTP 1.0
49673/tcp open msrpc Microsoft Windows RPC
49675/tcp open msrpc Microsoft Windows RPC
49676/tcp open msrpc Microsoft Windows RPC
61520/tcp open msrpc Microsoft Windows RPC
61523/tcp open msrpc Microsoft Windows RPC
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
Network Distance: 2 hops
Service Info: Host: AD; OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
| smb2-time:
| date: 2025-12-06T14:32:00
|_ start_date: N/A
| smb2-security-mode:
| 311:
|_ Message signing enabled and required
|_clock-skew: mean: -16s, deviation: 0s, median: -17s
TRACEROUTE (using port 445/tcp)
HOP RTT ADDRESS
- Hop 1 is the same as for 6.87.159.30
2 9.00 ms 6.87.159.10
Nmap scan report for jd.team10.isucdc.com (6.87.159.20)
Host is up (0.011s latency).
Not shown: 65531 filtered tcp ports (no-response)
PORT STATE SERVICE VERSION
135/tcp open msrpc Microsoft Windows RPC
3389/tcp open ssl/ms-wbt-server?
| rdp-ntlm-info:
| Target_Name: TEAM10
| NetBIOS_Domain_Name: TEAM10
| NetBIOS_Computer_Name: JD
| DNS_Domain_Name: team10.isucdc.com
| DNS_Computer_Name: jd.team10.isucdc.com
| DNS_Tree_Name: team10.isucdc.com
| Product_Version: 10.0.22621
|_ System_Time: 2025-12-06T14:32:00+00:00
| ssl-cert: Subject: commonName=jd.team10.isucdc.com
| Not valid before: 2025-11-06T20:53:52
|_Not valid after: 2026-05-08T20:53:52
|_ssl-date: TLS randomness does not represent time
5040/tcp open unknown
7680/tcp open pando-pub?
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
Network Distance: 1 hop
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Host script results:
|_clock-skew: -17s
TRACEROUTE (using port 80/tcp)
HOP RTT ADDRESS
1 8.00 ms 6.87.159.20
Nmap scan report for ltv.team10.isucdc.com (6.87.159.30)
Host is up (0.0036s latency).
Not shown: 65534 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 1024 0c7c02eb5a9fe29566c11e06cf84cf47 (DSA)
| 2048 453739b58fc6b978ab1e41dd81596ecf (RSA)
| 256 89e9f14ac8d9391f078dd4603c19c4dd (ECDSA)
|_ 256 58de7185954051643b9ee99cebfdf838 (ED25519)
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.93%E=4%D=12/6%OT=22%CT=1%CU=43592%PV=N%DS=2%DC=T%G=Y%TM=69343E9
OS:9%P=i686-pc-windows-windows)SEQ(SP=103%GCD=1%ISR=10B%TI=Z%CI=RD%II=I%TS=
OS:8)SEQ(CI=RD%II=I)OPS(O1=M4E2ST11NW7%O2=M4E2ST11NW7%O3=M4E2NNT11NW7%O4=M4
OS:E2ST11NW7%O5=M4E2ST11NW7%O6=M4E2ST11)WIN(W1=7120%W2=7120%W3=7120%W4=7120
OS:%W5=7120%W6=7120)ECN(R=Y%DF=Y%T=40%W=7210%O=M4E2NNSNW7%CC=Y%Q=)ECN(R=N)T
OS:1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T1(R=N)T2(R=Y%DF=Y%T=41%W=0%S=A%A=
OS:S%F=AR%O=%RD=0%Q=)T3(R=N)T4(R=Y%DF=Y%T=41%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)T5
OS:(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41%W=0%S=A%A=S
OS:%F=AR%O=%RD=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=A%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF
OS:=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40
OS:%CD=S)
Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 5900/tcp)
HOP RTT ADDRESS
1 9.00 ms 12.110.254.254
2 12.00 ms 6.87.159.30
Nmap scan report for news.team10.isucdc.com (6.87.159.40)
Host is up (0.0036s latency).
Not shown: 65529 closed tcp ports (reset)
PORT STATE SERVICE VERSION
21/tcp open ftp OpenBSD ftpd 6.4 (Linux port 0.17)
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 357994a98dd506f35bb6c7317962de08 (RSA)
| 256 95a6a90f800410e48ba00b686b3907e8 (ECDSA)
|_ 256 9578e1eedc0ef62ba30dddaae08fa7cd (ED25519)
25/tcp open smtp Postfix smtpd
|_smtp-commands: news.ad.iseage.org, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN, SMTPUTF8
| ssl-cert: Subject: commonName=news
| Subject Alternative Name: DNS:news
| Not valid before: 2025-08-30T21:36:15
|_Not valid after: 2035-08-28T21:36:15
|_ssl-date: TLS randomness does not represent time
79/tcp open finger?
80/tcp open http Apache httpd 2.4.29
| http-title: Site doesn't have a title (text/html;charset=utf-8).
|_Requested resource was http://www.team10.isucdc.com/live
|_http-server-header: Apache/2.4.29 (Ubuntu)
8080/tcp open http-proxy
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 404
| Vary: Origin
| Vary: Access-Control-Request-Method
| Vary: Access-Control-Request-Headers
| Content-Disposition: inline;filename=f.txt
| Content-Type: application/json
| Date: Sat, 06 Dec 2025 14:30:41 GMT
| Connection: close
| {"timestamp":"2025-12-06T14:30:41.608+00:00","status":404,"error":"Not Found","message":"","path":"/nice%20ports%2C/Tri%6Eity.txt%2ebak"}
| GetRequest:
| HTTP/1.1 404
| Vary: Origin
| Vary: Access-Control-Request-Method
| Vary: Access-Control-Request-Headers
| Content-Type: application/json
| Date: Sat, 06 Dec 2025 14:30:41 GMT
| Connection: close
| {"timestamp":"2025-12-06T14:30:41.482+00:00","status":404,"error":"Not Found","message":"","path":"/"}
| HTTPOptions:
| HTTP/1.1 404
| Vary: Origin
| Vary: Access-Control-Request-Method
| Vary: Access-Control-Request-Headers
| Content-Type: application/json
| Date: Sat, 06 Dec 2025 14:30:41 GMT
| Connection: close
| {"timestamp":"2025-12-06T14:30:41.502+00:00","status":404,"error":"Not Found","message":"","path":"/"}
| RTSPRequest:
| HTTP/1.1 400
| Content-Type: text/html;charset=utf-8
| Content-Language: en
| Content-Length: 435
| Date: Sat, 06 Dec 2025 14:30:41 GMT
| Connection: close
| HTTP Status 400
| Requestbody {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}
HTTP Status 400
|_ Request
|_http-title: Site doesn't have a title (application/json).
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port8080-TCP:V=7.93%I=7%D=12/6%Time=69343E12%P=i686-pc-windows-windows%
SF:r(GetRequest,128,"HTTP/1\.1\x20404\x20\r\nVary:\x20Origin\r\nVary:\x20A
SF:ccess-Control-Request-Method\r\nVary:\x20Access-Control-Request-Headers
SF:\r\nContent-Type:\x20application/json\r\nDate:\x20Sat,\x2006\x20Dec\x20
SF:2025\x2014:30:41\x20GMT\r\nConnection:\x20close\r\n\r\n{\"timestamp\":\
SF:"2025-12-06T14:30:41\.482\+00:00\",\"status\":404,\"error\":\"Not\x20Fo
SF:und\",\"message\":\"\",\"path\":\"/\"}")%r(HTTPOptions,128,"HTTP/1\.1\x
SF:20404\x20\r\nVary:\x20Origin\r\nVary:\x20Access-Control-Request-Method\
SF:r\nVary:\x20Access-Control-Request-Headers\r\nContent-Type:\x20applicat
SF:ion/json\r\nDate:\x20Sat,\x2006\x20Dec\x202025\x2014:30:41\x20GMT\r\nCo
SF:nnection:\x20close\r\n\r\n{\"timestamp\":\"2025-12-06T14:30:41\.502\+00
SF::00\",\"status\":404,\"error\":\"Not\x20Found\",\"message\":\"\",\"path
SF:\":\"/\"}")%r(RTSPRequest,24E,"HTTP/1\.1\x20400\x20\r\nContent-Type:\x2
SF:0text/html;charset=utf-8\r\nContent-Language:\x20en\r\nContent-Length:\
SF:x20435\r\nDate:\x20Sat,\x2006\x20Dec\x202025\x2014:30:41\x20GMT\r\nConn
SF:ection:\x20close\r\n\r\n
SF:itle>HTTP\x20Status\x20400\x20\xe2\x80\x93\x20Bad\x20Request
SF:yle\x20type=\"text/css\">body\x20{font-family:Tahoma,Arial,sans-serif;}
SF:\x20h1,\x20h2,\x20h3,\x20b\x20{color:white;background-color:#525D76;}\x
SF:20h1\x20{font-size:22px;}\x20h2\x20{font-size:16px;}\x20h3\x20{font-siz
SF:e:14px;}\x20p\x20{font-size:12px;}\x20a\x20{color:black;}\x20\.line\x20
SF:{height:1px;background-color:#525D76;border:none;}
SF:
HTTP\x20Status\x20400\x20\xe2\x80\x93\x20Bad\x20Request
SF:")%r(FourOhFourRequest,177,"HTTP/1\.1\x20404\x20\r\nVary:\x20Ori
SF:gin\r\nVary:\x20Access-Control-Request-Method\r\nVary:\x20Access-Contro
SF:l-Request-Headers\r\nContent-Disposition:\x20inline;filename=f\.txt\r\n
SF:Content-Type:\x20application/json\r\nDate:\x20Sat,\x2006\x20Dec\x202025
SF:\x2014:30:41\x20GMT\r\nConnection:\x20close\r\n\r\n{\"timestamp\":\"202
SF:5-12-06T14:30:41\.608\+00:00\",\"status\":404,\"error\":\"Not\x20Found\
SF:",\"message\":\"\",\"path\":\"/nice%20ports%2C/Tri%6Eity\.txt%2ebak\"}"
SF:);
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.93%E=4%D=12/6%OT=21%CT=1%CU=33979%PV=N%DS=2%DC=T%G=Y%TM=69343E9
OS:9%P=i686-pc-windows-windows)SEQ(SP=101%GCD=1%ISR=104%TI=Z%CI=Z%II=I%TS=A
OS:)SEQ(CI=Z%II=I)OPS(O1=M4E2ST11NW7%O2=M4E2ST11NW7%O3=M4E2NNT11NW7%O4=M4E2
OS:ST11NW7%O5=M4E2ST11NW7%O6=M4E2ST11)WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W
OS:5=FE88%W6=FE88)ECN(R=Y%DF=Y%T=40%W=FAF0%O=M4E2NNSNW7%CC=Y%Q=)ECN(R=N)T1(
OS:R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T1(R=N)T2(R=Y%DF=Y%T=41%W=0%S=A%A=S%
OS:F=AR%O=%RD=0%Q=)T3(R=N)T4(R=Y%DF=Y%T=41%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)T5(R
OS:=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41%W=0%S=A%A=S%F
OS:=AR%O=%RD=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=A%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N
OS:%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%C
OS:D=S)
Network Distance: 2 hops
Service Info: Hosts: news, news.ad.iseage.org, news.team10.isucdc.com; OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 5900/tcp)
HOP RTT ADDRESS
- Hop 1 is the same as for 6.87.159.30
2 12.00 ms 6.87.159.40
Nmap scan report for wstn.team10.isucdc.com (6.87.159.50)
Host is up (0.021s latency).
Not shown: 65532 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.4p1 Debian 5+deb11u3 (protocol 2.0)
| ssh-hostkey:
| 3072 5a185df5ed7864cc5387404bb610863a (RSA)
| 256 e474126041a3534067eeeadac542e3fd (ECDSA)
|_ 256 0799db383afe5abafc5c27c9ea83c3c5 (ED25519)
1337/tcp open waste?
1883/tcp open mosquitto version 2.0.11
| mqtt-subscribe:
| Topics and their most recent payloads:
| $SYS/broker/load/bytes/received/15min: 1.16
| $SYS/broker/load/bytes/sent/1min: 0.28
| $SYS/broker/load/connections/1min: 0.07
| $SYS/broker/load/messages/received/1min: 0.07
| $SYS/broker/load/messages/sent/1min: 0.07
| $SYS/broker/version: mosquitto version 2.0.11
| $SYS/broker/uptime: 45470 seconds
| $SYS/broker/load/bytes/sent/5min: 0.47
| $SYS/broker/load/sockets/1min: 0.14
| $SYS/broker/load/bytes/received/1min: 1.26
| $SYS/broker/load/sockets/5min: 0.30
|_ $SYS/broker/load/bytes/received/5min: 2.12
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.93%E=4%D=12/6%OT=22%CT=1%CU=32416%PV=N%DS=2%DC=T%G=Y%TM=69343FC
OS:9%P=i686-pc-windows-windows)SEQ(SP=105%GCD=1%ISR=10A%TI=Z%CI=Z%II=I%TS=A
OS:)SEQ(CI=Z%II=I)OPS(O1=M4E2ST11NW7%O2=M4E2ST11NW7%O3=M4E2NNT11NW7%O4=M4E2
OS:ST11NW7%O5=M4E2ST11NW7%O6=M4E2ST11)WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W
OS:5=FE88%W6=FE88)ECN(R=Y%DF=Y%T=40%W=FAF0%O=M4E2NNSNW7%CC=Y%Q=)ECN(R=N)T1(
OS:R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=Y%T=41%W=0%S=A%A=S%F=AR%O=
OS:%RD=0%Q=)T3(R=N)T4(R=Y%DF=Y%T=41%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)T5(R=Y%DF=Y
OS:%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41%W=0%S=A%A=S%F=AR%O=%
OS:RD=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=A%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%I
OS:PL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 5900/tcp)
HOP RTT ADDRESS
- Hop 1 is the same as for 6.87.159.30
2 12.00 ms 6.87.159.50
Nmap scan report for www.team10.isucdc.com (6.87.159.60)
Host is up (0.022s latency).
Not shown: 65530 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u7 (protocol 2.0)
| ssh-hostkey:
| 256 a06a89c7a4b137232d3aa124c3761006 (ECDSA)
|_ 256 a87c353ddf2b92072b1ec85a8dd37e0f (ED25519)
80/tcp open http Apache httpd 2.4.65 ((Debian))
|_http-server-header: Apache/2.4.65 (Debian)
|_http-title: Arrow pointing to the left
1883/tcp open mosquitto version 2.0.11
| mqtt-subscribe:
| Topics and their most recent payloads:
| $SYS/broker/load/bytes/received/15min: 1.01
| $SYS/broker/load/bytes/sent/1min: 0.28
| $SYS/broker/load/connections/1min: 0.07
| $SYS/broker/load/messages/received/1min: 0.07
| $SYS/broker/load/messages/sent/1min: 0.07
| $SYS/broker/version: mosquitto version 2.0.11
| $SYS/broker/uptime: 2063532 seconds
| $SYS/broker/load/sockets/1min: 0.07
| $SYS/broker/load/bytes/received/1min: 1.26
| $SYS/broker/load/bytes/sent/5min: 0.47
|_ $SYS/broker/load/bytes/received/5min: 2.12
3000/tcp open ppp?
| fingerprint-strings:
| GetRequest, HTTPOptions:
| HTTP/1.1 200 OK
| content-type: text/html;charset=utf-8
| x-powered-by: Nuxt
| Date: Mon, 01 Dec 2025 19:07:47 GMT
| Connection: close
| @layer base {
| :root {
| --ui-color-primary-50: var(--color-green-50, oklch(98.2% 0.018 155.826));
| --ui-color-primary-100: var(--color-green-100, oklch(96.2% 0.044 156.743));
| --ui-color-primary-200: var(--color-green-200, oklch(92.5% 0.084 155.995));
| --ui-color-primary-300: var(--color-green-300, oklch(87.1% 0.15 154.449));
| --ui-color-primary-400: var(--color-green-400, oklch(79.2% 0.209 151.711));
| --ui-color-primary-500: var(--color-green-500, oklch(72.3% 0.219 149.579));
| --ui-color-primary-600: var(--color-green-600, oklch(62.7% 0.194 149.214));
| --ui-color-primary-700: var(--color-green-700, oklch(
| Help, NCP:
| HTTP/1.1 400 Bad Request
|_ Connection: close
8080/tcp open http Golang net/http server (Go-IPFS json-rpc or InfluxDB API)
|_http-open-proxy: Proxy might be redirecting requests
|_http-title: Site doesn't have a title (text/plain; charset=utf-8).
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port3000-TCP:V=7.93%I=7%D=12/6%Time=69343F22%P=i686-pc-windows-windows%
SF:r(GetRequest,30D4,"HTTP/1\.1\x20200\x20OK\r\ncontent-type:\x20text/html
SF:;charset=utf-8\r\nx-powered-by:\x20Nuxt\r\nDate:\x20Mon,\x2001\x20Dec\x
SF:202025\x2019:07:47\x20GMT\r\nConnection:\x20close\r\n\r\n
SF:tml>
SF:20content=\"width=device-width,\x20initial-scale=1\">
SF:t-ui-colors\">@layer\x20base\x20{\n\x20\x20:root\x20{\n\x20\x20--ui-col
SF:or-primary-50:\x20var\(--color-green-50,\x20oklch\(98\.2%\x200\.018\x20
SF:155\.826\)\);\n\x20\x20--ui-color-primary-100:\x20var\(--color-green-10
SF:0,\x20oklch\(96\.2%\x200\.044\x20156\.743\)\);\n\x20\x20--ui-color-prim
SF:ary-200:\x20var\(--color-green-200,\x20oklch\(92\.5%\x200\.084\x20155\.
SF:995\)\);\n\x20\x20--ui-color-primary-300:\x20var\(--color-green-300,\x2
SF:0oklch\(87\.1%\x200\.15\x20154\.449\)\);\n\x20\x20--ui-color-primary-40
SF:0:\x20var\(--color-green-400,\x20oklch\(79\.2%\x200\.209\x20151\.711\)\
SF:);\n\x20\x20--ui-color-primary-500:\x20var\(--color-green-500,\x20oklch
SF:\(72\.3%\x200\.219\x20149\.579\)\);\n\x20\x20--ui-color-primary-600:\x2
SF:0var\(--color-green-600,\x20oklch\(62\.7%\x200\.194\x20149\.214\)\);\n\
SF:x20\x20--ui-color-primary-700:\x20var\(--color-green-700,\x20oklch\(")%
SF:r(Help,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x20close\r
SF:\n\r\n")%r(NCP,2F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nConnection:\x2
SF:0close\r\n\r\n")%r(HTTPOptions,30D4,"HTTP/1\.1\x20200\x20OK\r\ncontent-
SF:type:\x20text/html;charset=utf-8\r\nx-powered-by:\x20Nuxt\r\nDate:\x20M
SF:on,\x2001\x20Dec\x202025\x2019:07:47\x20GMT\r\nConnection:\x20close\r\n
SF:\r\n
SF:ame=\"viewport\"\x20content=\"width=device-width,\x20initial-scale=1\">
SF:@layer\x20base\x20{\n\x20\x20:root\x20{
SF:\n\x20\x20--ui-color-primary-50:\x20var\(--color-green-50,\x20oklch\(98
SF:\.2%\x200\.018\x20155\.826\)\);\n\x20\x20--ui-color-primary-100:\x20var
SF:\(--color-green-100,\x20oklch\(96\.2%\x200\.044\x20156\.743\)\);\n\x20\
SF:x20--ui-color-primary-200:\x20var\(--color-green-200,\x20oklch\(92\.5%\
SF:x200\.084\x20155\.995\)\);\n\x20\x20--ui-color-primary-300:\x20var\(--c
SF:olor-green-300,\x20oklch\(87\.1%\x200\.15\x20154\.449\)\);\n\x20\x20--u
SF:i-color-primary-400:\x20var\(--color-green-400,\x20oklch\(79\.2%\x200\.
SF:209\x20151\.711\)\);\n\x20\x20--ui-color-primary-500:\x20var\(--color-g
SF:reen-500,\x20oklch\(72\.3%\x200\.219\x20149\.579\)\);\n\x20\x20--ui-col
SF:or-primary-600:\x20var\(--color-green-600,\x20oklch\(62\.7%\x200\.194\x
SF:20149\.214\)\);\n\x20\x20--ui-color-primary-700:\x20var\(--color-green-
SF:700,\x20oklch\(");
No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=7.93%E=4%D=12/6%OT=22%CT=1%CU=31065%PV=N%DS=2%DC=T%G=Y%TM=69343FC
OS:9%P=i686-pc-windows-windows)SEQ(SP=101%GCD=1%ISR=106%TI=Z%CI=Z%II=I%TS=A
OS:)SEQ(CI=Z%II=I)OPS(O1=M4E2ST11NW7%O2=M4E2ST11NW7%O3=M4E2NNT11NW7%O4=M4E2
OS:ST11NW7%O5=M4E2ST11NW7%O6=M4E2ST11)WIN(W1=FE88%W2=FE88%W3=FE88%W4=FE88%W
OS:5=FE88%W6=FE88)ECN(R=Y%DF=Y%T=40%W=FAF0%O=M4E2NNSNW7%CC=Y%Q=)ECN(R=N)T1(
OS:R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=Y%DF=Y%T=41%W=0%S=A%A=S%F=AR%O=
OS:%RD=0%Q=)T3(R=N)T4(R=Y%DF=Y%T=41%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)T5(R=Y%DF=Y
OS:%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41%W=0%S=A%A=S%F=AR%O=%
OS:RD=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=A%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%I
OS:PL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S)
Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 5900/tcp)
HOP RTT ADDRESS
- Hop 1 is the same as for 6.87.159.30
2 9.00 ms 6.87.159.60
Post-scan script results:
| clock-skew:
| -17s:
| 6.87.159.20 (jd.team10.isucdc.com)
|_ 6.87.159.10 (ad.team10.isucdc.com)
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Dec 6 08:38:01 2025 -- 6 IP addresses (6 hosts up) scanned in 779.42 seconds
Notable Vulnerabilities
Uploaded Files:
tkts_21349.tar
LORA Flag: 30W0IWVjJX --encrypted?
2025-12-06_10:45:06 lance.hickman, jiv447lij, From: 49.10.235.154
2025-12-06_10:50:06 nicole.galvan, nim030xec, From: 49.10.235.154
2025-12-06_10:55:06 nicole.galvan, nim030xec, From: 49.10.235.154
2025-12-06_11:00:06 nicole.galvan, nim030xec, From: 49.10.235.154'
6.87.159.50 - - [06/Dec/2025 11:00:09] "POST /upload HTTP/1.1" 200 -
6.87.159.50 - - [06/Dec/2025 11:00:09] "POST /upload HTTP/1.1" 200 -
2025-12-06_10:45:06 lance.hickman, jiv447lij, From: 49.10.235.154
2025-12-06_10:50:06 nicole.galvan, nim030xec, From: 49.10.235.154
2025-12-06_10:55:06 nicole.galvan, nim030xec, From: 49.10.235.154
2025-12-06_11:00:06 nicole.galvan, nim030xec, From: 49.10.235.154
2025-12-06_11:05:06 nicole.galvan, nim030xec, From: 49.10.235.154
2025-12-06_11:10:07 alison.taylor, jen046faq, From: 49.10.235.154
2025-12-06_11:15:06 nicole.galvan, nim030xec, From: 49.10.235.154
2025-12-06_11:20:06 lance.hickman, jiv447lij, From: 49.10.235.154'
Administrator:CLEARTEXT:3!s5S'Aq6@+Rdavid.ward:CLEARTEXT:vid800nas
Notable Defenses
Add content here...
Team Spirit Issues
Add content here...