MACCDC 2015 – Badges

This year’s competition was called “Operation Transit Storm” and was based on public transportation. It was only fitting that our badges fit the same theme. Larry Pesce (@haxorthematrix) did the badges as he has done in years past.

Upon entering on Thursday we were each given a blue etched badge on a lanyard with a RFID card glue to the back of it, a RasberryPi B+, a 3 page manual(Derpypot 1.0 Instructions) and verbal instructions that “this is a honey pot to use it if you wish. The login name and operating instructions are in the packet but you’ll have to figure out the password to login.”

Our blue badges were completely etched with something base64 encoded. We were all instructed to move into the auditorium were we would be briefed on the following days schedule of events.

Blue Etched Badge
MACCDC2015 Blue Etched Badge

While waiting we took out our badges and plugged in the etching into a base64 decoder.

BASE64 Decode
BASE64 Decode

rootkitthenutwork.net??? was this a typo? We checked the DNS TXT records, for rootkitthenutwork.net and didn’t get anything. We tried rootkitthenetwork.net and got:

DNS TXT Record
DNS TXT Record

We tried navigating to both sites but neither had any pages published.

A quick googling using the half of the quote that was given to us yielded the other half quickly.

What do I care about law?
What do I care about law?

Later that night it was confirmed that one of the teams bought rootkithenutwork.net and stood up a page with false clues for solving the puzzle. I forget which school it was but I thought that buying the domain that morning was pretty good.

The next morning I approached Larry and asked did he intentionally throw us off with the typo “nutwork”. He said no and that who ever owns that domain was just having fun with us. The difference was in translating the encoding from the badge to the decoder. If you thought it was a “1” it came out ‘nutwork’ if you thought it was a lower case “L” it comes out ‘network’.

cm9vdGtpdHRoZW51dHdvcmsuY29tlGRucyB0eHQ=

cm9vdGtpdHRoZW5ldHdvcmsuY29tlGRucyB0eHQ=

On the Pi is Tom’s Honeypot.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s