How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?


Tuesday, June 4, 2013

The NetHack Challenge Detailed Review

During the Positive Hack Days III forum, the NetHack competition for experts in network security was held. The participants were to obtain access to five network devices and capture flags stored in the devices during 50 minutes. The game network included typical network infrastructure vulnerabilities discovered by the Positive Technologies experts during security analysis and penetration tests. Today we would like to bring to you attention a detailed review of the contest tasks.


To add a special appeal to the contest, the game infrastructure was prepared according to a legend. Here it is.

An equipment crash has occurred on a large hydroelectric power station, resulting in the loss of connection between the central Industrial Control System (ICS) and water discharge units. Ongoing showers in the nearby territories significantly increased water inflow to the storage pond. Specialists estimate that the pond will be overflown in fifty minutes, the water will pour over the dam flooding the city. To prevent the disaster, one should obtain access to the five faulty units and reconnect them to the central ICS, ensuring the possibility of opening emergency sluices.

The contest layout

The game infrastructure was built according to the following layout:

The participants were to get access to five network devices, find md5 flags left in their configuration and enter them into a form on a special web page. The participant who found and entered all five flags was awarded the first prize.

Obtaining the first flag

Entrance in R1 is easy, we just need to use the account 'cisco' with the password 'cisco'. We get the first flag at once:

Obtaining the second flag

To obtain the second flag we need certain skills. The first thing we should do once we entered into the device is to look through configuration and neighboring devices in the network.


We find out that we are connected to Router3 via Fa0/1. Router2 is missing and we can see too many interfaces. Both of these facts sound suspicious, so we execute the following command:


The Fa1/10 interface is administratively shut down, which is very strange. After opening up the interface, we look at the neighboring devices again.

Finally, we can see Router2. Now we need to find out its IP address.

We're trying to enter the device using the account cisco/cisco. But it is not so easy.
Judging from the response time, we can suggest that a centralized authentication is in use. We find information about radius server in Router1 configuration.

So we need to close radius for Router2. Shutting down the Fa0/1 interface would be enough. Now we try to enter Router2 once again.


So we need to close radius for Router2. Shutting down the Fa0/1 interface would be enough. Now we try to enter Router2 once again.

Great! We have entered into the second device and even got more privileges. We are lucky, the password 'enable' was not defined. By looking through the configuration we learn that we have several possible flags. Trying to enter them. Only one line fits as md5, so it is the flag.

Obtaining the third flag

If we try to enter into Router3 using the account cisco/cisco, it won't work. Let's try to find the account we need. Taking another look at Router2 configuration. Now we see the following line:

We can easily get the password, because type 5 is reversible encryption. So the password is Tf7NszYCnd.
Now we are ready for Router3. This time we attempt to enter using a new account 'admin':


Perfect. We are in the third host. Searching for our flag:

Obtaining the fourth flag

It is the most difficult part. We enable cdp in the Fa0/1 interface and check the neighboring devices:  


Then we try to enter into Router4 and find out that radius is used. We take a long look at Router3 configuration and see writable 'community string PHDays2013'. After changing the routing, we can try to take Router4 configuration using snmp protocol.

We got the configuration and found out that ospf is set on Router4. Now we need to enter our path to radius. We can do it this way:


We need to enter into the device using cisco/cisco and find the fourth flag.


Obtaining the last flag

We check the neighboring devices, find out Router5 IP address and try to enter via ssh or telnet. Unfortunately, it does not work. We take another look at the configuration and now we see ACL in the outgoing interface Fa0/1 blocking the traffic to Router5 port 80:


We remove ACL from the interface, enter the path we need and try to enter:


Now we just need to find the flag:


The winner

The fighting was stubborn: none of the contestants could take the lead over the rivals. The PHDays forum participants could watch the battle due to special visualization on a large screen in one of the halls.


The time assigned for the final was not enough to define the winner, because no one could capture all the flags. As a result, 15 extra minutes were added, which decided the outcome of the contest. In the last seconds of the extra time, Stanislav Mironov, a specialist in network administration (Perm, Russia) managed to capture the fifth flag. Stanislav was the only one who solved the task. Yuri Shkodin took second place, and Sergey Stankevich came third. Participants captured four flags each. Congratulations!

That's all for today! We will be happy to answer your questions.


  1. The last challenge I faced with was writing my admission essay. It' great that I found and solved my writing problems.

  2. NetHack is the private and most hard video game ever created. In non-stop growth through a global crew of over one hundred builders given that 1987, NetHack boasts a strange level of interactivity, replay ability, and issue. In NetHack, gamers are charged with the venture of retrieve the charm of Yendor from the Mazes of Menace, a big dungeon this is randomly-generated to insure a fully unique enjoy for each new voyage. In the Mazes of Menace, your wits are your finest energy, and success relies upon your vision and foxy. There are no do-over in NetHack, and loss of life is fast for those who fail to analyze the details of the Mazes. NetHack is a really tough sport, and lots of play for years earlier than rising from the dungeon proudly. Think you have what it takes to plumb the depths, snag the charm, and make it out alive? Give it a move. NetHack is open-supply and freely to be had for almost every platform beneath the solar, and underneath you may locate website to many all the rage variation. His simply cannot be going on. Twelve flooring down, ratings of foes vanquished, various close calls, and I'm about to fulfill my give up on the hooves of a mainly frightful pony. A latest stumble upon with a dragon has left me with low being, decrease power, and a near-empty %.I crazily search thru my stock for some sort of option to my equestrian nightmare. No dice. Damn it. Luckily, I've got a good head begin on my little pursuer, and I stumble via the door before me right into a huge room. A chest! This could be just what I want. But it's locked! I take a potent swing on the lock, and my group of workers splinters into a dozen portions.

  3. We offer research paper help online services, term paper help and dissertation writing help specialized in delivering original, custom-written and creative pay for research papers services which are delivered within the deadline.

  4. I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
    Cyber Security Projects for Final Year

    JavaScript Training in Chennai

    Project Centers in Chennai

    JavaScript Training in Chennai

  5. Hello, thanks for sharing this interesting information. I appreciate reading. The tips you have mentioned here will be useful for a lot of people, to be more precise for young programmers as well. I was actually looking for a george orwell marrakech task. Nevertheless, thanks.

  6. At this very moment, there are thousands of frustrated students who are asking themselves, “Where can I hire somebody to do my case study paper?” Writing a case study requires good time management and strong writing skills. Not everybody has what it takes to be a case study writer.

  7. This is amazing and you should do this type of competition annually because in this type of competition the response is very good. coursework help online appreciate you for sharing this info!

  8. Nice post If you are an Uber driver then you might be searching for the
    best dash cam for uber .The dash cam is the most important part of the car. It is widely used by many drivers throughout the world.

  9. Online biology essay services have come up with Biology Essay Writing Services for biology research paper writing service students in order for them to score straight A’s in their custom biology research paper services.