top of page
  • BlueDolphin

SANS - KringleCon Objective 3



This is really cool challenge that we never expected. I recall in previous KringleCon challenges we were also presented with a ProxMark spoofing challenge and a Social engineering challenge. This year we have a Wi-FI challenge that is a ton of fun. It starts off with some wandering around we eventually find the signal.

  1. Traveling by foot to detect wi-fi signal.

  2. Discover the FROST-Nidus-Setup ESSID with "iwlist wlan0 scanning"

  3. Connect to the device - "iwconfig wlan0 essid FROST-Nidus-Setu"

  4. Make an HTTP Curl request

  5. --dada-binary followed by data to send

Greasy Gopherguts

iwlist wlan0 scanning while standing at the front entrace

We find these results

From there we pivot and use iwconifig to connect to the device. We are then presented with a landing banner that suggests we visit http://nidus-setup:8080.

There is a new landing page that talks about our Nidus thermostat not being configured. We are directed to /register our thermostat in order to fully activate it. We are also provided with an API document and location.

iwconfig wlan0 essid FROST-Nidus-Setup

Suggested process in the following order.

  1. Register our thermostat /register

  2. Utilize the API for our Nidus Thermostat

  3. Device will fully activate

  4. Manipulate the temperature

The writeup below is practically laid out before us, of what to do.

We run the api/cool command and receive information regarding our operating system "nidus".

From here we use the temperate function to change the temp to plus 40, the ice melts and we are in!

2 views0 comments

Recent Posts

See All


bottom of page