Overview¶
Flag Slurper contains a utility for automatically attempting default credentails against teams’ SSH hosts. This works by grabbing the team list from IScorE and a list of all the services. The default credentails it uses are:
root:cdc
cdc:cdc
Requirements¶
AutoPWN requires a database. For many cases sqlite will do, but in order to use parallel AutoPWN, a server-based database (such as postgres) is required. This is due to sqlite only allowing one writer at a time. The database can be configured in your flagrc file:
[database]
; For sqlite (default)
url=sqlite:///{{ project }}/db.sqlite
; For postgres
url=postgres:///splurper
The {{ project }}
variable is the file path to the current project and is optional.
Usage¶
You first need to create a project and result database:
flag-slurper project init -b ~/cdcs/isu2-18 --name "ISU2 2018"
flag-slurper project create-db
To generate the team and service list you can simply run:
flag-slurper autopwn generate
This will cache the team and service lists into the database. This will be used by other autopwn
commands so they
don’t need to keep hitting the IScorE API during the attack phase when the API is getting hammered.
After generating the local files, you can then pwn all the things!
flag-slurper autopwn pwn
This will print out what credentials worked on which machines and any flags found. These results are recorded in the database and can be viewed like this:
flag-slurper autopwn results
New in version 0.9.0: The pwn
command now accepts a --random
or -r
flag to randomize the attack order. This can be set by
default in your .flagrc
with the autopwn>random
config.