CMD+CTRL Cyber Range - Cyber Hackathon
I participated in an evening Cyber Hacking event at the Allstate office in downtown Chicago. We were allowed to bring our own computers and the event ranked all the participants and the prizes were give to the 1st, 2nd, and 3rd places.
After all the instructions were given, we had approximately 2 hours to “Hack” the shopping website that was designed to be attacked by the participants. Unlike some of the events I’ve participated before, the CMD+CTRL Cyber Range, was very well made - most of the vulnerability were at the mid to advanced level making it feel almost like I am performing an actual penetration test on a website.
One of my main object was to get the screenshots for the demo that I am putting together to explain how a website hacking is actually done by a hacker. Without using any hacking tools, I was able to capture the screenshots I needed as I performed resonance, steal test account ID/PW by looking at the comments in the source code, using the account to enter the site, laterally move to steal other user’s information including contact info & partial credit card info. I then moved in to crack the encrypted (weak encryption) gift card redeem code and as I was exiting the site, used SQL injection attack to crash the site.
I really enjoyed the event and the friendly experts who were willing to share their “tricks” after the event. Thank you all!
ps - Oh. My final ranking was 26 out of 67 participants
