The Rekall CTFs are the Project 2 deliverable(s) from the Cybersecurity class taken in 2023. The deliverable for the project was a penetration test report for Rekall’s Web app, linux server, and windows server. Split into 3 days, the CTF on day 1 was a pen test on Rekall’s web app, day 2 was targetting the linux servers, and day 3 targetting Windows. Although this “CTF” was only conducted within Rekall’s domain, it was split into 3 actual separate CTFS for the class, by day. As such, it has been split into 3 here on the site as well.
Day 3 of the CTF consisted of pentesting their Windows server. Although I will not go into extreme detail or a step by step walkthrough of the CTF (as I am sure this is a likely recycled project for other Cybersecurity classes, and would not want to spoil or give all information out on it), I will touch on some of the key elements from Day 3, and the delivered pen test report may be available upon request.
Some of the key vulnerabilities that were discovered:
There were a total of 10 flags for this CTF, of which my group was able to find all 10 of them during the time alloted for Day 3. Compared to day 1 and 2 of the CTF, I felt much more prepared for the types of exploits needed to find most of the flags, although there was a bunch of frustration caused from navigating the windows environment (We were attacking a Windows VM from a Kali Linux VM within a Windows VM.) It was frustrating navigating between all the different VMs, and since the flags were essentially random strings or hashes, they had to manually be typed and entered for for the CTF, as copy/paste did not translate over between VMs. Also, was initially thrown for a loop by lack of knowledge with windows command line commands / interface. Once I got acustomed to the command syntax, it was smooth sailing.
A lot of the flags required running exploits through the Linux tool Metasploit to gain remote access to the Windows system, and others were simple HTTP or FTP requests using the leaked credentials. Due to weak passwords, it was possible to crack passwords on accounts that allowed lateral movement, and eventually movement to the Windows Domain Controller system, which if compromised would essentially grant access to the entire windows network on their domain. My group seemed to all encounter the issues with VM management and Windows command syntax, but were eventually able to locate all the flags.
See CTF 1 or CTF 2