• Donald Ashdown

SANS - KringleCon Objective 3

Objective

Challenge

This is really cool challenge that we never expected. I recall in previous KringleCon challenges we were also presented with a ProxMark spoofing challenge and a Social engineering challenge. This year we have a Wi-FI challenge that is a ton of fun. It starts off with some wandering around we eventually find the signal.


  1. Traveling by foot to detect wi-fi signal.

  2. Discover the FROST-Nidus-Setup ESSID with "iwlist wlan0 scanning"

  3. Connect to the device - "iwconfig wlan0 essid FROST-Nidus-Setu"

  4. Make an HTTP Curl request

  5. --dada-binary followed by data to send

Greasy Gopherguts



iwlist wlan0 scanning while standing at the front entrace


We find these results


From there we pivot and use iwconifig to connect to the device. We are then presented with a landing banner that suggests we visit http://nidus-setup:8080.

There is a new landing page that talks about our Nidus thermostat not being configured. We are directed to /register our thermostat in order to fully activate it. We are also provided with an API document and location.

iwconfig wlan0 essid FROST-Nidus-Setup


Suggested process in the following order.

  1. Register our thermostat /register

  2. Utilize the API for our Nidus Thermostat

  3. Device will fully activate

  4. Manipulate the temperature


The writeup below is practically laid out before us, of what to do.


We run the api/cool command and receive information regarding our operating system "nidus".

From here we use the temperate function to change the temp to plus 40, the ice melts and we are in!


0 views0 comments