Click here to register and play
HELP! Someone is Hacking ALL our Plants!
Our cake batter plant, Moar Bytes, Inc, just experienced a random shutdown and we are unable to restart anything! We believe it was a result of a competitor or a cake hater hacking into our plant from some remote location (they seem to be attacking everything we own). Luckily for us we recently installed some new network monitoring hardware that allowed us to capture all of the network traffic of the incident. Are you willing to help us get our plant back online?
We also need help with three other environments we are supporting. Attackers (probably those dang ol' cake haters) have recently compromised a building management solution we deployed, a chemical plant we support, and an electrical distribution environment we deployed for a utility. Our teams have addressed the incidents and we are bringing the processes back online. However, we have been directed to validate that we have secured the environment. Honestly, we doubt you'll find anything. But, we've been instructed to get experts to check our work. If we give you access to these networks, will you take a look?
ICS Village CTF Objectives
We've set up a series of challenges for you to accomplish.
- ICS Trivia: A series of mulitple choice questions about Industrial Control Systems and concepts. Just a few things that are interesting and important to understand about industrial control environments and security. You'll need to get through all of these questions before you are given access to Moar Bytes and the CTF Skids.
- Moar Bytes: Analysis of a packet capture containing communications between devices within an industrial control network. Understanding how to perform packet analysis is extremely valuable to hacking and securing industrial control devices and their management infrastructure.
CISA Skid Challenges
The CISA team is providing ICS Village CTF contestants with direct access to three modular process skids representing common processes. "A modular process skid is a process system contained within a frame that allows the process system to be easily transported. Individual skids can contain complete process systems and multiple process skids can be combined to create larger process systems or entire portable plants. They are sometimes called 'a system in a box.'"
Building Management Skid: more detail on the skid
Chemical Skid: more detail on the skid
Utility Skid: more detail on the skid
Each CISA Skid contains 5 challenges. The challenges within each skid tell a linear story and the contestant must solve the challenges (within each skid) to unlock the next challenge in the skid's story. At the start of the CTF, the first challenge of each skid should be made available.
Included in each challenge directory is any required file/artifact needed for the contestant to solve the challenge as well as a Markdown formatted README file that contains all the relevant information about the challenge (name, category, prompt, flag, requirements). We have not included the values for each challenge as we do not know the scoring system used by the ICS Village CTF, so we will leave this to your discretion.
ICS Village Sponsors
ICS Village would like to thank our sponsors who make our conference visits, ICS displays, and these challenges possible.
The ICS Village equips industry and policymakers to better defend industrial equipment through experiential awareness, education, and training.
High profile Industrial Controls systems Security issues have grabbed headlines and sparked changes throughout the global supply chain. The ICS Village allows defenders of any experience level to understand unique failure modes of these systems and how to better prepare and respond to the changing threat landscape. Interactive simulated ICS environments, such as Hack the Plan(e)t and Howdy Neighbor, provide safe yet realistic environment to preserve safe, secure, and reliable operations. The ICS Village brings a compelling experience for all experience levels and types, with IT and industrial equipment.
Our interactive learning approach invites you to get hands on with the equipment to build your skills. We bring you real components such as Programmable Logic Controllers (PLC), Human Machine Interfaces (HMI), Remote Telemetry Units (RTU), actuators, to simulate a realistic environment by using commonly used components throughout different industrial sectors. You will be able to connect your machine towards the different industrial components and networks and try to assess these ICS devices with common security scanners, network sniffers to sniff the industrial traffic, and more!
Welcome to Howdy Neighbor!
What is Howdy Neighbor?
An Interactive Internet-of-Things (IoT) showcase in the form of a Capture-The-Flag (CTF) event! This was a multi-year effort to build out and demonstrate the weaknesses behind IoT devices and embedded systems and summarize the work in the form of a modeled dollhouse. Our showcase includes devices from security cameras, light switches, ovens, to even a tweeting toaster!
- Install ZeroTier from zerotier.com
- Connect to Howdy Neighbor Network.
Network ID: 1d719394049a5489
- Enter the contestant information in this form: https://forms.gle/gw4c2vTatBuYRACNA this will add you to the queue. Once you reach the front of the queue a staff member will authorize you to the ZeroTier Network.
- When VPN access is granted, your ZeroTier client will connect to the network. This will mark the beginning of your 2 hour window, once the 2 hour window has expired feel free to join the queue again. A GRIMM Staff member will contact you via Discord once your session is active.
- Hack away! See networks at 192.168.2.0/24 and 192.168.5.0/24 and the network scan
- Monitor the livestream! https://www.twitch.tv/howdyneighborlive
What am I Looking for?
Our CTF event has challenges that all have a flag to find and submit. Every CTF event has a different flag format and some are easier than others, but for our event, these are the formats:
- GRIMM-HOWDY-YOU-PWNED-IT Now, if you do find a flag, be sure to keep it hidden from your peers as you may accidentally help your competition!
Need a Head Start on the CTF?
The number of challenges we have in our event may be overwhelming to tackle, and we have written up some walkthroughs to get started.
Challenge #1: Bar Cam
For the first part of this IoT challenge, you must log into the camera from its web interface: http://192.168.5.139. The Bar Cam was plugged in without configuration by the homeowner, so you can probably login with some common default credentials, check out this page:https://ipvm.com/reports/ip-cameras-default-passwords-directory. If you give up, ask a GRIMM team member for the admin’s default password. After logging in, click on “View Howdy Neighbor Bar Cam!” This view will take you to a page that is displaying live-ish pictures of the bar. From this page, you can cycle through each screen by refreshing your browser. Does anything look out of place? You may want to look closer at that image. Also, try checking out the page source around the site, does anyone smell potato salad on the console?!
Challenge #2: Smart TV
The Howdy Neighbor Smart TV is running Kodi’s popular TV interface! Unfortunately, the owners of the Raspberry Pi running the TV have not updated it for a while. To access the TV go to http://192.168.5.36; once there, find the remote control to begin browsing the physical TV within the house. Find the GRIMM Picture with the Flag on it! After finding the picture, exit the TV to revert back to the previous state so that no one else can see and steal the flag! The next part of this challenge uses the Kodi exploit on https://www.exploit-db.com/exploits/38833/ to read the flag at /home/pi/.ssh/flag.txt.
Challenge #3: HVAC
In the midst of a brisk temperate home sits an atrocious system that growls and hisses warm air and cool breezes. This system, common amongst many places, is known as a Heating, Ventilation, and Air Conditioning (HVAC) unit. Fortunately for you, this beast is contained within the house, but has many challenges for you to solve! A panel interface is provided at http://192.168.5.30 and allows temperature and fan control for the HVAC system. Amongst the many controls on the panel, the fan operation manipulates the external unit, and slowly cools the house. One day, your grandmother said the house was too cold and wished the HVAC unit to be set to 81 degrees, but alas, the panel could not go higher than 80 degrees. Concerned for your grandmother, figure out how to instruct the HVAC system to operate at 81 degrees. There could be a hidden feature somewhere on the panel, find the source of the monster (HVAC), post your discovery, and begin your quest!
Challenge #4: Smart Sprinkler
Our amazing Smart Sprinklers keeps our lawn looking green and our neighbors jealous! Fortunately for us, the Smart Sprinkler has a web interface http://192.168.5.250:5000. You have been contracted by our jealous neighbor Carl to gain access to the sprinkler control panel, because our sprinklers keep spraying his cat and making his lawn look bad! As partial payment for gaining control of our sprinklers, Carl has given you a chocolate chip cookie for motivation.
Challenge #5: Walkway Lights
The latest innovation from HakrLite© Industries® Labs™ is the new and amazing Manually-Automatic Walkway Lighting System. Tired of having to walk 12 feet, or even more, to hit a light switch? Now you no longer have to! Accessing our new interface at http://192.168.5.226:3124 will allow you to login and activate/deactivate your lighting system with ease! Be careful using special characters in your account, however, as that violates our Terms of Service! There is sensitive data stored in memory, and we wouldn’t want you to see that accidentally! Challenge #6: Internet Connected Safe We just installed this super cool IoT safe! The kids were getting mad when I would go on business trips and I wasn't home to unlock the safe (that's where I keep all of the candy). This new safe is great because it allows me to unlock it from anywhere through the web interface! It even has this super cool feature that shows me how many characters were correct when I incorrectly type the password! Check out its sweet user interface: http://192.168.5.15:8080