SANS - KringleCon Objective 3
This is really cool challenge that we never expected. I recall in previous KringleCon challenges we were also presented with a ProxMark spoofing challenge and a Social engineering challenge. This year we have a Wi-FI challenge that is a ton of fun. It starts off with some wandering around we eventually find the signal.
Traveling by foot to detect wi-fi signal.
Discover the FROST-Nidus-Setup ESSID with "iwlist wlan0 scanning"
Connect to the device - "iwconfig wlan0 essid FROST-Nidus-Setu"
Make an HTTP Curl request
--dada-binary followed by data to send
iwlist wlan0 scanning while standing at the front entrace
We find these results
From there we pivot and use iwconifig to connect to the device. We are then presented with a landing banner that suggests we visit http://nidus-setup:8080.
There is a new landing page that talks about our Nidus thermostat not being configured. We are directed to /register our thermostat in order to fully activate it. We are also provided with an API document and location.
iwconfig wlan0 essid FROST-Nidus-Setup
Suggested process in the following order.
Register our thermostat /register
Utilize the API for our Nidus Thermostat
Device will fully activate
Manipulate the temperature
The writeup below is practically laid out before us, of what to do.
We run the api/cool command and receive information regarding our operating system "nidus".
From here we use the temperate function to change the temp to plus 40, the ice melts and we are in!