Competing at the Collegiate Penetration Testing Competition was a great opportunity to experience realistic security work. UT placed second in the North East Regionals. I was responsible for working on the windows boxes. Finding an anonymous FTP server gave me access to windows back-ups. From these back-ups, I was able to extract ssh keys. The FTP server allowed the use of the PORT command, which allowed me to perform an FTP bounce attack. I used the attack to try to gain access to other subnets. We later learned that we weren't able to access the other subnets because they were down due to technical difficulties with the competition. As part of the competition, each team presents its findings as a report. Linked is our final report.
Tags: pentesting cptc