-You can't use the same vulnerability to claim more than one box, if it
is a cross-platform issue.
-Thirty minute attack slots given to contestants at each box.
-Attack slots will be scheduled at the contest start by the methods
selected by the judges.
-Attacks are done via crossover cable. (attacker controls default route)
-RF attacks are done offsite by special arrangement...
-No physical access to the machines.
-Major web browsers (IE, Safari, Konqueror, Firefox), widely used and
deployed plugin frameworks (AIR, Silverlight), IM clients (MSN, Adium,
Skype, Pigdin, AOL, Yahoo), Mail readers (Outlook, Mail.app, Thunderbird,
-You can't use the same vulnerability to claim more than one box, if it
is a cross-platform issue.
-Thirty minute attack slots given to contestants at each box.
-Attack slots will be scheduled at the contest start by the methods
selected by the judges.
-Attacks are done via crossover cable. (attacker controls default route)
-RF attacks are done offsite by special arrangement...
-No physical access to the machines.
-Major web browsers (IE, Safari, Konqueror, Firefox), widely used and
deployed plugin frameworks (AIR, Silverlight), IM clients (MSN, Adium,
Skype, Pigdin, AOL, Yahoo), Mail readers (Outlook, Mail.app, Thunderbird,
Contact the vendor.
Credits
-------
defaultroute discovered this vulnerability while performing a
security review of the Proteus IPAM appliance (a discovery
fueled by Red Bull and techno). defaultroute is a member of
Template Security.
Revision History
------------------------------
ATTACKERS COMPUTER
------------------------------
root@traumatic:/files/tools# ./carp-poc.py
WARNING: No route found for IPv6 destination :: (no default route?)
[*] capturing current master's advertisement
[*] forcing failover of master
[*] waiting for new master to be elected
[*] capturing new master's advertisement
[*] replaying both captured packets
Credits
-------
forloop discovered that Adonis XHA was using vulnerable
heartbeat software, and defaultroute read the heartbeat code
to discover the exploit. Both are members of Template
Security.
Revision History
----------------
