Let the Games Begin — Day One
When the three hour grace period was over, the Red Team slowly worked their way into attack mode. One member started to sort through the information they gleamed from their scans and investigated each possible exploit. Another member fired up a MySQL database client and started to poke around the students databases looking for sensitive data. The two others were adding/changing accounts to routers, firewalls, and systems. However, for the most part, the students were not being pelted with attacks. And this continued for the next several hours.
One interesting event occurred during this first stretch that warrants a mention. As it turns out, a team detected that their router’s default password did not work. They corrected this problem by uploading new configs to the router, which gave them control again. However, a Red Team member realized what happened and decided to find another way into the device. It took a few minutes, but they quickly learned that the router had SNMP enabled and allowed read/write access for public and private. The result was that the attacker used 'private' community access to add a new account to router. Once again, this activity was detected by the students, at which point they attempted to completely secure their router. Unfortunately for them, they messed up this process and inadvertently took themselves out of the game. Since the router is the doorway to their servers, the scoring bot had no way to tell if their servers were running. The point to this is, killing your device might keep an attacker out, but it also keeps valid communications from occurring.