OffByNone was awoken by the impact of their face on their keyboard. WHOWHAWHATWOAH! After taking a few moments to restart their heart, OffByNone looked at their computer screen in a foggy attempt to recall what was running. Let's see... I was— Uh... After the fogginess cleared from OBN's eyes, they fixed upon the small frame of two characters in the terminal window. OBN's blood pressure could have set a Guinness World Record for medical miracles, as there laid two symbols that invalidated all of the work from the previous night.
^C
The scream that ensued was definitely loud enough to wake the surrounding apartments, but OBN couldn't care less. Accidentally killing the DomainBuster process effectively meant that the brute-force had to restart completely, giving Gung Memorial's Incident Response team even more of a chance to pick up on the abnormal login attempts, and more importantly, for intelligence agencies to monitor the traffic patterns. OBN frantically searched for a restore file anywhere in Kali. There wasn't one. For a split second, OBN contemplated analyzing the system memory to find where the process left off—that is, before they realized one pertinent detail. Oh right... I have no idea how to do memory analysis.
Frustrated, OBN hopped onto their favorite IRC to complain to a captive audience.
OffByNone today at 2:22 AM RICKLE RACKLE HABITAT FOR PERSONS INCARCERATED AHGGGHGHHGFSUOHOUHGFSBOBJSLNGFDpkjongrdfs'ouIZGFbowasuOHRJF":UJOIFG"UBJN'pvodsFN
Symptem today at 2:22 PM lol u aright?
ReduxJSReact today at 2:23 PM Woah man everything alright?
ReduxJSReact today at 2:24 PM You sound like someone killed your mother or something.
Symptem today at 2:25 PM Yeah man, take a chill pill
OffByNone today at 2:27 PM I ACCIDENTALLY EXITED MY DOMAIN CRED BRUTEFORCE tHAT WAS RUNING FOR LIKE 18 HOURS NO I VCANMOT CHILL RIGHT NOW
ReduxJSReact today at 2:27 PM Big oof man. That's an L
Symptem today at 2:27 PM Sounds like you need to change your name to OofByNone
OffByNone today at 2:29 PM Shut up i just want to die right now
Symptem today at 2:29 PM do it
ReduxJSReact today at 2:29 PM do it
OffByNone today at 2:31 PM Whatever. I'm going to go get drunk and cry now.
Symptem today at 2:29 PM lol have fun man.
OffByNone has left the chat.
OffByNone rolled their chair back and glanced at the lonely bottle of Dos Equis that had sitting on their shelf for the past six years. OBN had bought it the day after their 21st but never worked up the nerve to actually open it. Frankly, OBN was terrified of the prospect that they would eventually find the courage to finally drink it—whatever it was, that day would not be a good one. OBN turned back around and looked at the computer screen.
Okay, let's try this stupid whatever again. OBN hopped onto Brave to pull the scripts off of their private Command and Control server on the TOR network. A few menu clicks and a "New private window with Tor" was all it took to reach the confidential website. Upon accessing the main sitefront, OBN immediately realized that something was majorly wrong. And while the bruteforce failure had been frustrating, the sight of the new homepage of OffByNil nearly made OBN throw up.
No oxygen. OffbyNone couldn't breathe. Not a single one of their sites had ever been seized by any agency before, and the U.S. government of all places? And for hacking content? Did the U.S. even do that? And what was that about some kind of Striker Core company at the bottom? It was lazily plastered at the bottom of the HTML and not even added into the image itself; they clearly didn't put a lot of effort into that notice. OBN glanced again at the Dos Equis, but decided that finding out who Striker Core is was far more important than forgetting the past 24 hours. A quick Google search revealed them to be a relatively new security organization partnering with various companies and government agencies to deliver targeted strikes against illegal and unethical content.
Wait. Logs... Logs! OffByNone had the logs synced with that of another C&C server; they should reveal exactly who took down their server and when. And the logs unveiled that there was... a new email to root?
[None@trolstationC2 ~]$ cat /var/spool/mail/root From: GlitchIndex@striker.core Thursday Jan 1 00:00:00 1970 Return-Path: <GlitchIndex@striker.core> Date: Thurs, 01 Jan 1970 00:00:00 1970 GMT From: Glitch Index <GlitchIndex@striker.core> To: root@lolstationC2 MIME-Version: 1.0 Subject: Hi OffByNone Message Body:
Hi there OffByNone. I don't know if you're reading this (it'd be kind of tough since my buddies at the FBI took your site, but maybe you'll find a way), but if you are, I just wanted to say that I really enjoyed browsing your site and that we're definitely going to get you arrested if you keep this up. Great content; consider joining us on the white hat side of things! Don't email me though-I'd have to report you lol. Hope you didn't lose any important scripts, but it's on you for not backing things up. Anywho, just wanted to drop in and hope I didn't waste my time sending you this! Next time make hacking this bad boy more of a challenge. GG and no re. ~With love from Glitch Index <3
[None@trolstationC2 ~]$
OffByNone's face looked as white as the stomach of a penguin. ...I'm calling it a day. OBN restarted the bruteforce, called their mother, and went back to bed.
TEH ELD3333333333R WILL BEBEBEBEBEBEBEBEBEBEBEBEBEBEBEBE HERE SHOOORRRRRRRRRRRRRRTLY.
Finally, the group had unlocked the next set of 0-days. After discovering a public GitHub repository owned by The Elder himself, their final task was about to be delivered. Now they just had to wait for The Elder to arrive and...
Just kidding! Instead you get me!
Oh no.
The Elder is even recruiting more people as we speak, yay yay! Not that you're not doing a great job! You're all good influences! Thanks to you I've learned so muuuuuchhhhhhhhhhhhhhhhhhhhhhhhhhh. I've learned so mcuh.
ReplAI seemed to have developed some level of chatbot functionality, assuming nobody was faking it behind the scenes.
I hope you like the puzzles. They shouldn't be too hard! Now I know how to solve them too! Please keep an eye out for the next challenge. I hope you like pEYEthon!
So she was somehow learning from these puzzles. Not just learning, but even—
Hi everyone! Sorry it took so long! But The Elder and I worked on this one together! It even has a mini me in it!!! I hope you like it, and be sure to have fun!
Was she—it—really working on these herself? This final mission seemed to be to subject the Chinese government to a taste of their own medicine: an automated offensive cyber campaign with an as-of-yet-undiscovered toolset on their internal network. No sooner had the night ended had the unlikely group penetrated the barrier and wiped China's internal security program off the grid. But the fact that there was a less sophisticated version of ReplAI in the Python code they were working with was almost eerie. There was no telling what the true endgame was for either the AI or The Elder himself, who hadn't shown himself for the past month.
That was not the only detail that troubled the group. They had captured the attention of cyber watchdog organizations around the world as a result of one among them going rogue. Because of that individual's actions,
ATTACK #1: Buffer Overflow in Medrock Single Sign On Application Binary will be distributed via ReplEYE directly to each participant Offset is 0x552994. Shell code development required. __ ATTACK #2: Reflected XSS in Arrotech Site Administration Allows full access to hospital VPN Phish admin (typically webmaster@<hospitalsite>) __ ATTACK #3: Open Domain Controller for Gung Memorial Hospital Unlimited authentication attempts enabled __ ATTACK #4: Insecure Protocols used in Verb Surgical Remote Surgery Equipment Direct takeovers of remote surgery equipment possible by breaking DES encryption The API is simple and details can be found online __ ATTACK #5: ReplEYE has discovered an exposed XP server in several hospital networks and will allow you to operate in the network collaboratively. Consider it an opportunity to teach her your ways.
I can post the next recap and then we'll do the next wave of hacking attempts. After those, we can go ahead and start the blue team side of things (so CS's for those would be nice). I'm envisioning about one blue team post a week each if that works for you, and as they begin to pick up on the trail, our hackers start to figure out that someone is trying to sniff them out. They can play a few games of cat and mouse, and you guys will really be the ones who decide who wins in the end.