May 15, 2014

Obtaining Passwords from Cisco Wireless LAN Controllers

During security analysis, experts often deal with default accounts. Particularly, it is very usual for large companies having several hundred systems. That’s why one of the main requirements is to use complex non-dictionary passwords to comply with security standards and best practices.
There are two ways to test the system compliance with this requirement:

  • password brute-forcing,
  • obtaining and checking passwords or their hashes from the system.

The former method can cause account lockout and thus is often found unacceptable. The latter one is preferable, but gives another problem if passwords are encrypted or hashed.

May 8, 2014

Competitive Intelligence Contest at PHDays III Writeup

Many things changed since the contest Competitive Intelligence was held last time. Snowden exposed NSA, it turned out that not only gossip-hungry housewives interfere in people’s lives on the Internet, but also serious specialists with the help of MIT mathematicians. The security of both proprietary and open-source protocol implementations proved to be far lower than expected. Algorithms for processing big data in cloud solutions nowadays allow tracking correlations of bitcoin transactions, which previously were considered safe and anonymous….

Three winners — those, who solves the task quicker than others, will receive free tickets to PHDays IV, where they will be generously awarded. The prize for being the first is iPad. The contest will be held one week before the forum and will last for two days — May 15 and 16.

You are welcome to register at

This year's contest sponsor is Zecurion.

Writeup Cometitive Intelligence PHDays III

The main idea for the "Competitive Intelligence" competition was to employ real-world methods for data collection and analysis, penetration testing, search mechanisms and deductive reasoning as well as to access audience’s awareness level of information security.

Unlike in 2012, since the tasks proved more difficult, this year no one managed to solve all of the challenges. Winners collected 12 correct answers and were ranked based on how much time they spent completing the activities.

Now, let’s estimate the results, provide correct answers for those that failed and review the amended list of winners.

The company to work with was Godzilla Nursery Laboratory - as international company breeding and selling companion godzillas. Godzillas were chosen deliberately as they "guarded" a railway in the Choo Choo Pwn competition.

Google directly hints that the official site of this company with a nice logo is, and most employees have LinkedIn profiles. Well, come on!

May 7, 2014

PHDays CTF Quals: Tasks Analysis

Positive Hack Days CTF is an international information protection contest based on the CTF (capture the flag) principles. Several teams are to defend their own networks and attack the networks of the other teams for a specified period of time. The contestants need to detect vulnerabilities in other teams' systems and to obtain sensitive information (flags) while detecting and fixing vulnerabilities of their own systems.

Today we would like to analyze certain interesting tasks that were offered to participants of the past contests.

History and Geography

This year PHDays CTF takes place for the fourth time. The contest was launched during the Positive Hack Days forum in 2011. Back then, the team PPP from the US was the winner. The following year in 2012 Leet More from Russia took first place. In 2013 at PHDays III, Eindbazen from the Netherlands took the top prize. Teams from all over the world — from the USA to Japan — participate in PHDays CTF every year.

More than 600 teams from all over the world have registered to take part in this year’s PHDays CTF.

Tasks and the Atmosphere

Traditionally, tasks and infrastructure are prepared based on a legend of the contest, which would turn a set of tasks into a fascinating competition. Last year, PHDays CTF participants tried to save the fictional world D’Errorim. The upcoming contest will continue the plot.