KringleCon 4: Four Calling Birds WriteUp - WiFi Dongle & Thermostat
Posted: Jan 13, 2022 | ~ 1 min read time#ctf #kringlecon-2021 #wifi #api
Objective: Thaw Frost Tower’s Entrance
Turn up the heat to defrost the entrance to Frost Tower. Click on the Items tab in your badge to find a link to the Wifi Dongle’s CLI interface. Talk to Greasy Gopherguts outside the tower for tips.
By running iwconfig, it showed the current settings for the WiFi dongle (it wasn’t connected to anything) and it had one card: wlan0.
Once the device was in range, though, with the same network as the thermostat, I could see nearby networks available via iwlist.
To connect the dongle to the network, I simply ran iwconfig and specified the dongle’s WiFi card and the target ESSID (Extended Service Set Identification).
Then, once on the network, I used curl to interact with the thermostat’s API. The base page provided documentation on the available endpoints and syntax.
The only endpoint we have access to without credentials is the api/cooler which appears to have a temperature setting we can adjust.
Simply setting the temperature to above freezing (above 0 deg. C) got the door unfrozen!
To see my other writeups for this CTF, check out the tag #kringlecon-2021.