GPEN Capture the Flag

quogue66quogue66 Senior MemberMember Posts: 180 ■■■□□□□□□□
I'm having some trouble with the CTF exercise for the SANS SEC560 course and I'm hoping someone that has gone through the course can point me in the right direction. I took the class on-demand last month and passed the GPEN. I just went back over the books and decided to do the CTF. I don't want to post too much information and ruin anything for anyone that hasn't taken the class yet so I'm going to be vague. I obtained the first username which was in a pretty obvious location. I'm now trying to obtain the password for that account so I can move on to the rest of the exercise. I cannot seem to get this password. I have worked on this for hours and have had a password guessing tool attempt well over 60,000 passwords. Can anyone point me in the right direction. Please don't give me the password. I'm only looking for a slight bump in the right direction so I can complete this on my own. I already emailed Ed Skoudis but I'm sure he is a busy guy so I don't know when he'll have a chance to get back to me. I plan on posting this on the GIAC advisory board also.


  • blackedoutblackedout Member Posts: 16 ■□□□□□□□□□
    I took the GPEN and did the CTF within the last couple months and can assist, I will be vague as well but if you want something more specific you can PM me. After obtaining a username think about all possible uses for the name, is there an open FTP client, telnet service or SSH service you could try the name against. There are several tools available that can automate this process on the VM you are provided. Getting initial access with the correct tool will take seconds, not minutes. My guess is you are using the incorrect tool for the job or you are trying to get into a different service which is unrelated to the first username.
  • quogue66quogue66 Senior Member Member Posts: 180 ■■■□□□□□□□
    I don't have my laptop with me at work and I don't want to post anything too specific on the board. Can you shoot me an email at quogue66 at live dot com? I wanted to discuss this further if possible. Thanks.
  • quogue66quogue66 Senior Member Member Posts: 180 ■■■□□□□□□□
    This is no longer needed. I received an email from Ed this morning that pointed me in the right direction.

    Blackedout, I think you need to have made 13 posts before you are able to send/receive PMs.
Sign In or Register to comment.