44Con HackerOne CTF write up

Greg
11 min readSep 16, 2019

This year’s 44Con was based on a Blade Runner theme and was built by Cody from HackerOne education. He did a great job building it and was certainly one of the highlights of the conference for me.

44Con CTF

It all starts with the registration portal on IP 34.89.17.97. The first step is to enumerate the service so that you can register and access the challenges.

A quick nmap first off brought up an error as ping responses were disabled so a quick scan reveals the open services:

nmap -sT -Pn 34.89.17.97

Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-12 12:54 BST
Nmap scan report for 97.17.89.34.bc.googleusercontent.com (34.89.17.97)
Host is up (0.011s latency).
Not shown: 995 filtered ports
PORT STATE SERVICE
22/tcp open ssh
23/tcp open telnet
53/tcp open domain
2222/tcp open EtherNetIP-1
3389/tcp closed ms-wbt-server
Nmap done: 1 IP address (1 host up) scanned in 6.19 seconds

From here you can access the registration portal over telnet to register for the CTF.

Next up is to access the SSH service, I spent a while trying to access with the registration details I had used on the telnet service. But eventually realised this was the wrong path! The help page on the registration portal mentions the tyrell corporation CEO which after a bit of research is eldon tyrell

How To Play
The rules are simple: hack your way through the Tyrell Corporation and find the secrets.
Register your squad and get started!
You can access different systems via the System Access function, and if you run into a problem with a system and want to restart it, the System Termination menu will help you with that.
Found a secret? Enter it with the Data Entry function.
Good luck and remember: nothing lasts forever.
SSH to 34.89.17.97 for access
The game is only playable via SSH, only registration is available over telnet
Hint: The Tyrell CEO is rather fond of a game...

Being based on the Blade Runner theme, its very much a retro approach with all challenges being terminal based, even down to the web challenges.

So after working out the username is eldon

--

--

Greg

Security addict, 17+ years in industry making systems more secure and finding those that aren’t