Slashdot Mirror
Linux Server Break-in Challenge
Sujit writes "Are you an Internet security expert at heart or by profession? Ever thought of trying your skill at a professionally set up server? If you are ready, enter.
The Linux Server Break-in challenge. You will have a server available on the Internet 96 hours without interruption starting from 9 March 2005 2 AM IST. However, the server's life on the Net is in your hands."
Post the IP address here. That'll compromise it.
trustedworlds.net - gaming, security, and the gunk that lives in between
Just put its URL up... we'll slashdot it to death in no time...
Even if it's with the system owner's permission, wouldn't this be considered illegal and prosecutable?
Now I'll just have to find that Sub7-thingie for Linux somewhere on the net...
:%s/Open Source/Free Software/g
YTARY!
is there any reason to do this? you would think that the linux geeks out there wouldn't want it to be compremised. especially since there is no reward or prize of any sort. most people that are capable of doing this wouldn't want to.
That server wont have a firewall or much secuirty... so how about 69.44.61.248 - the linuxense.com webserver :)
It might be this company is selling some sort of very hardened Linux. If they are, this is exactly the right way to go about it. They are publicly inviiting people to attack it, meaning that if there are any holes, someone is likely to find them. And anyone who hacks on the box can do so with impunity. And if they really can build a bulletproof box then they deserve the rewards they can get by selling one which, on an open and public basis, has taken the worst anyone could throw at it and survived.
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
...this seems like it'd be a great way to try to take down your friend's (or enemy's) computer.
"Oh, we're putting up a box for the hacking at such and such time. We swear it's ours. No, really! Trust us. "
Few would be the wiser until it was too late.
That green slime had it coming.
These break-in challenges (for any OS) were interesting the first 50,000 times they were issued, but they're getting old now.
I thought it was a nice touch that they give directions on how to stop network services for someone who gets root. Most people who root linux boxes have trouble with those advanced administrative functions
The root partition could be on a read only media such as a CD-ROM, right? In which case nobody could ever win.
The Internet is full. Go Away!!!
I would like to see a challenge like this with vanilla installs of the top 10 Linux distros.
As Linux gets closer to mainstream more and more people are installing without tweaks or recompiles. How well does Linux stand up without the expertise of a professional?
The server is not being set up as a production system so what is the point to a successful compromise. Furthermore- anyone with any sysadmin experience should be able to set up a server that can not be compromised except by 0-day - and honestly- who would waste 0-day on a lame contest?
-sirket
What time zone is IST?
Break into a Linux server that has no services running presumably with some heretofore-unannounced buffer overflow in Linux's implementation of the ICMP protocol, all the while having every single packet sent to the system sniffed so that the sponsors of the challenge can know exactly how you did it.
Such a feat and sharing of knowledge should be worth about $1,000,000. I'm sure they'll get a lot of contenders with their offer of $0.
I'm a big tall mofo.
If nobody can read your thoughts for 96 hours you win- a free tinfoil hat! Yay!
I wonder if somebody could break into Windows 2003 in the same amount of time?
There are likely hidden exploits in both OSes, but these things take time to find. Stumbling upon something by luck is quite common.
Obviously the best way to crack this server is going to be to socially engineer the linux administrator at this company, and get the real root password.
It's probably something like: thislinuxis2coolforU2crax0r
Hmm, that sounds like something I should use as a root password. Forget I mentioned this.
Saskboy's blog is good. 9 out of 10 dentists agree.
Are honeypots legal? I mean if I put up a honey pot and the root system isn't compromised, do I win?
The views expressed are mine own and do not express the views of my employer.
at least give a t-shirt as a prize.
Altruistic intellectual pursuits are one thing, a penguin t-shirt is completely another.
On the other hand, could this be:-
1. A secret government program to ferret out crackers?
2. Google's latest recruitment drive?
3. Network Associates looking for a new CEO?
Hey our Hacking Contests have been outsourced to India. Seriously though I am kind of wary about this because I don't know what legal implications there may be doing this since I am uneducated in Indian Cyber criminal law? Also the web site looks fairly hinkey (yes its a word and I'll use it!) It would be funny if they posted the IP address at the start of the contest and it turned out to be the IP of some major site or agency....
News Reporters Make Tasty Polar Bear Treats!
So, this is just another hacking challenge. Like the hundreds of others out there (many/most of which are on Linux). What qualifies this to make it to slashdot?
yes, very handy for those real-life applications where the server will be on the internet for more than 96 hours.
"Is this just useless, or is it expensive as well?"
I have no idea myself, but I assume if I had any knowledge about internet security I'd know international time zones better. Now that I've posted this on /. I'm going to also strap a big target mark to my forehead. Doh!
Dear Admin,
I am currently working on a project sponsored by you in which I need to break into your computer. In order to do this, I will need the root password. Also, my SSH signature is attached to this message. Please add me to the list of valid signatures.
Thank you,
Inkieminstrel
Social Engineer
The Fallacy of Cracking Contests (Bruce Schneier)
Contests are a terrible way to demonstrate security. A product/system/protocol/algorithm that has survived a contest unbroken is not obviously more trustworthy than one that has not been the subject of a contest. The best products/systems/protocols/algorithms available today have not been the subjects of any contests, and probably never will be. Contests generally don't produce useful data. There are three basic
reasons why this is so. [see link for explanations]
xkcd.com - a webcomic of mathematics, love, and language.
they seem to be begging for a script kiddie to rm -rf /
* For purposes of this test, "on the net" shall mean locked in faraday cage in a concrete bunker, powered down and with the hard drives removed.
From my experience, hacking attempts often end up with crashed OS. Double power supply and stable Internet won't help. Somebody is going to ping/reboot the system for 48 hours?
Its running Zen and using NSA security modules with USB rootplug.
;P and laugh.
Then they hand out root
*Buys crate of Cheetos*
*Installs soda machine*
*dims lights*
*cracks knuckles*
I'm ready...
You can't talk about Wikipedia's flaws on Wikipedia
First time they did something similar, they appearently got hacked in 45 seconds
But as the old slashdot article also states the 2nd generation was able to stay afloat.
Seems like a great way to learn how to secure a system though - let the best hackers/crackers out there have a go, and learn what went wrong.
...if the admin uses Outlook (on a diff machine):
Subject: "I hax0r3d your box!11"
Dear adm1n, I hjax0red your l1nu> box, look at the attached screensh00t as pr00f!!!
h4x0r3d.vbs.exe.scr.pif.dll.bat
Look at the pic and I will hack^H^H^H^H show you!!
Yours
skr1pt k1|)|)1e
PS: I am tha l33ts7 I even misp4ll l36t words.
#hostfile 0.0.0.0 primidi.com 0.0.0.0 www.primidi.com 0.0.0.0 radio.weblogs.com
Jig would be up the second the would-be hacker notices its a linux box. I know you're trying to be funny, but I really think that, as immature as a linux geek may be, underestimating his(her?) intelligence is never a good idea. Of course you're posting (flamebait?) as AC, so maybe you know this already.
All the posts thus far are technical in nature. The easiest way into that machine is through the front door. Find the server, grab it, and run. If these guys are stupid enough to allow you to break into their property-- take them up on the challenge. AFter all, they did lay down the challenge.....
They know damn well that the expertise they're looking for is very valuable, and yet they're not even offering a token prize. Pathetic.
I hope they don't even get a single packet. "Hey everyone! Try to break into our server! It'll be FUN!!!" "...."
2 a.m. Irish Summer Time
Who would enter a contest like this?
If you're good enough to find and write an 0-day exploit, which is probably what it's going to take to take over this box, why would you want to leave it in the logs of some contest-box just so someone else can make his claim to fame for finding it?
Seems to me that if you're whitehat you'd want to publish the vulnerability yourself, and if you're blackhat you wouldn't waste it on a contest.
So who exactly is this contest intended for?
this is pathetic, they say that they will be running more than the usual number of service ( = more possible holes ) and expect this to last more than a couple hours?? Unless this company has some ungodly hard-linux distro up their sleeves, this will be short and pathetic. If you ever look at some of the so called "war games" online with this sort of thing you know how it goes. Even with 3 or so services running un-patched exploits are all too common to make breaking in hard.
If no one breaks in, I can only think of one good reason why
- This company really does have a very secure distro and the uber-hackers can't be convinced to try it (look at some of the posts above for the reasoning behind that one)
A few years back, the LinuxPPC guys ran a challenge this like. Even though DOS attacks were clearly against the rules as the only thing that counted was getting root, lamers doing them nearly ended the challenge.
I have to wonder if their hosting provider won't wind up throwing them out.
... and then I would hack along into .gov sites from
their site.. try and proof I did it.
If your looking to find a job in the security industry, this a is a nice bullet on the resume.
Employers want to know your skills and how you have such in-depth knowledge of such systems. HOWEVER putting this on your resume is just a red flag for most employers. "If (s)he has the ability to hack into this big-bad server then imagine what (s)he can do to the security-though-obscurity network we've set up". Think about it.
Now you're going to say software companies want secure software and someone to look at it, but at the same time, they don't want backdoors. They want to trust you.
I'd be a bit hesitant before putting it on paper unless it has a big company (IBM Security Challenge or something) beside it.
-M
when you see the word 'Linux', drink!
I was told that it's 127.0.0.1. Took me about five seconds to hack in. Morons didn't even have a firewall...
Social Engineering Expert: Because there is no patch for stupidity.
I've met someone from Linuxense. They use Debian for almost everything he told me that they did. This is worth considering.
This is my sig. There are thousands more, but this one is mine.
Could it be the re-birth of Internet Swatch Time? Or was that Swatch Internet Time?
It's at localhost. I checked.
The problem with the full audit and professional penetration testing is that it won't help marketing sell much. The fact that there is no real prize indicates how little faith they have that this contest will prove anything. I suppose the chance that some pointy-haired boss might come across news of this contest makes it worthwhile hold it. Marketing doesn't work by overestimating the clients intelligence.
It is specifically intended that the contest not attract those who are capable of breaking the server. All they want is some feeble attempts so that they can finish and say that they have the most secure distro out there, because nobody could break in when the posted the distro on a public server and invited attacks.
I have to agree that this is a lame ploy at getting publicity. Hopefully others can see through it too.
The rules say that after successfully hacking the server, you must:
Take the server off the net (to avoid conflict). You can do this by stopping network service.
One would hope that any hacker proficient enough to break into this system would have enough prowess to know how to disable the network, but thanks for the tip.
These guys maintain Sarovar.org, the open source project hosting web site which hosted PlayFair when it was driven out of SourceForge.
Options for extra credit:
1) Erase the kernel and everything else, replace with printf('Do you want to play a game?\n');
2) Break into the sniffer on the bridge, and erase the packet logs. Return a copy later.
3) Install BSD on it.
4) Install and register Win XP on it, which would really confuse the next hacker.
Who winds when all of slashdot DOS the server when it goes online.
-----BEGIN PGP SIGNATURE-----
12345
-----END PGP SIGNATURE-----
Step 1: Determine hosting company
Step 2: Contact Lashkar-e-Toiba
Step 3: pwn3d!
Recreate computer messages from Wargames, and give out pirated Wargame DVDs as prizes. Welcome to India.gov thermonuclear war simulation! Would you like to play a game?
The experts and auditors who actually can evaluate a system for "security" have to come from somewhere. Usually these people start off as tinkers, hobbists, and other amateurs. The big problem is how does an amateur gain experience without breaking the law? When I was in college I had to go to great lengths to get approved access to a SunOS box I could poke at with the owner's permission. I wanted to explore things, but didn't want to break any laws or ethical principles.
I think this is just for fun. Breaking into your own system that you know how you secured is boring. The chance to have a third party set up a system and openly invite you to try and break it is rare, and for some people probably very welcome. This sort of event helps ethical people hone their skills and nutures the next generation of experts and auditors.
And finally, I don't want to disagree with Bruce Schneier (because he could crush me with his mind) but these contests do produce useful data if someone tries something which wasn't previously known. I beleive the context of the quote you provided makes that clear.
Here's a flashback to 1999. (Wooo, all those years ago!)
LinuxPPC: "Crack our box."
We (LinuxPPC Inc.) announced that in response to the LinuxPPC Security Challenge, a competition to break in to a computer running LinuxPPC 1999. The target computer is running the standard installation of LinuxPPC 1999. The target box has the Apache web server and telnet services turned on. Sendmail and FTP are not activated yet.
The contest was announce in response to Microsoft's Window 2000 security challenge, which has a box running a Windows 2000 beta, we were going to put a PowerMac 9500 up running LinuxPPC 1999. While only HTTP is running on the Microsoft box, to make things more interesting, the LinuxPPC box had telnet service active, opening another possible door for endeavoring network security enthusiasts to break in.
To make things interesting, we even gave out the root password.
So what happened? A deserving LinuxPPC hacker, don't recall who, exploted a flaw in the FTP server (ProFTPd?) and got in, modifying the index.html file. He rightfully won the 9500, and Microsoft had a little more egg on its face.
-- haaz.
This is all a trap, I know it. It will probably be some PI with stonewall or something.
"Carpe diem is what happened to me!"
These kinds of things never work. I've seen many of them pop up over the years, from Windows boxes to Macs to Linux, and they all fail. The reasons of course, are:
a.) So many people will be trying, that the bandwidth available to do anything with the machine at all will be practically zero.
b.) Some "hax0r" will decide to just packet the machine to death, thereby making it impossible to even do anything to.
c.) The software will be up to date, limiting any vulnerabilities that can be taken advantage of, compared to your average server out there.
d.) The time limit to do it is never long enough, especially because of the above problems.
I've seen contests where they even turn on a firewall. Obviously whoever was in charge of those had no idea how anything works. Once that firewall goes up, there's not much of anything that can be done to the system solely from a remote position. It was even a default Windows install on the particular one I'm thinking of, and despite the vulnerabilities in a bare Windows XP install, nobody was ever able to do anything to it.
I know the Linux machine in this contest is said to have no firewall, but like I said, the software will be mostly up to date. Most servers that are broken into are done so because they're running older versions of things with known vulnerabilities. Many of these machines are also on the web, running vulnerable versions of PHP and forums and whatnot, which allow one to take advantage of flaws from there, not necessarily via direct TCP connections.
So while it's entirely possible to break into this particular Linux machine, I just don't think many "real hackers" will bother, for the reasons I mentioned above. It's fun to have challenges and all, but they're just not realistically implemented.
OK, no problem.
To: challenge@linuxense.com
From: l33th4x0r@slashdot.org
Subject: I did it!
This message was sent to claim victory in your little hacking challenge. I hacked you so bad that you probably don't even know you were hacked. Thus I have proven my superiority! Hahahaha. I'm so l33t.
Sincerely,
The contest winner
However, the server's life on the Net is in your hands.
Ye-e-esss... just post the news on Slashdot, that ought to take care of the server's life on the net. Good idea!
On the other hand, it could be that the 37 different rootkits are so busy 0wnz0ring each other, that the web service just MIGHT get enough peace to run for the required 96 hours. ;-)
--Bud
Give me the physical address. I'll drive there, or just employ someone, to take a sledge hammer to it. It will then be completely broken.
They probably have SELinux installed on the system. You may be able to exploit one of the services but that won't be enough.
You'd have to find an unpublished local root exploit in the Linux kernel. Good luck with that one.
One thing worth pointing out is that in real-life situations, the box isn't usually set aside as "the box to be hacked" ... its an active machine doing normal things with real people logging into it one way or another regularly.
- Michael T. Babcock (Yes, I blog)
You should see what this id10t's running.
Totally pwned!
You should really turn off that webcam at 11 at night when the wife's asleep. ;)
1. White hats. Why would they do it? If they're any good, it'll just be a waste of time, and you can always set up your own server to practice with. There's not even any prize!
2. Black hats (I mean real ones, not script kiddies). They wouldn't bother either. Why expose the contents of your secret toolbox for no good reason? Any hack attempts (and successes) will be fully logged, revealing your secret exploits. That's no good, is it?
3. Script kiddies. Maybe they'll try, but they won't get in, unless the server is embarrassingly badly configured. If they do manage to crack it, what does that prove? That it's possible to set up a Linux box with terrible security if you happen to be incompetent?
I'm having a hard time figuring out exactly WHAT this contest is for. The only thing I can imagine (which a few other people have mentioned in this discussion) is that it's meant to enhance the image of Linux as a secure platform. So what -- so you've shown that if you do a good job configuring your box, you can keep out script kiddies. To put it bluntly, no shit.
...then we can go after Microsoft. Anyone remember when they had Windows Server 2003 beta running on an online server for a hacking contest? As I recall, in response, someone else then promptly stuck up a Linux server and challenged it to be hacked as well.
Does anyone remember what happened to either of these contests?
Your quote, while partially right, is out of context. Schneier is talking about cryptographic cracking contests, especially of the form "here's a ciphertext file, tell me the plaintext." In this case, the attackers have much more access to the machine. Furthermore, there are more skilled hackers with free time than skilled cryptographers with free time.
However, a much bigger problem is that they only give 96 hours. The Hardened Gentoo server is much more rigorous, as it has no prize associated but has been available to log into for a long time.
I hereby place the above post in the public domain.
207.46.156.156....honeypot by bill G.'s croonies and perhaps testing his new windows for supercomputer wares ? :-P
Whoa, every time I try to get there, I get connection refused.
I have even done a *LOUD* NMap scan. I only get port: 22 (filtered)
And that is it. Hmmm.
Boy they MUST have a really well setup system. Either that or you are an Idiot.
greg, REMEMBER ED CURRY!!!
But what if there is Adobe software on the server? That is reason enough to send the stormtroopers after those pesky hackers.
The last time I entered one of these challenges, the group did bring the server down.
But we brought it down using a technique they didn't authorize, so they attempted to prosecute. Of course, being anonymous, I never heard anything. Just what they posted on their website.
So we ended up owning the server, and they claimed that the server wasn't hacked* because we didn't hack them using the methods allowed in the ToS.
Not sure I care to waste my time on this type of contest.
This is plain stupid. When one wants to break something, he/she installs the software in his/her basement. Just another PR BS slashdot should not advertize.
chroot
I'd love to get the resources to do this with some old software. Particularly, I'd like to set up a system with software all about 3 months behind on patches, SSP protected, PaX protected, PIE binaries, with the only up-to-date component being the kernel.
I'd also need to allow for user simulation by giving a Web interface to control a Web browser; and by setting x-chat and gaim connected to everything.
Basic outline:
That would be my setup. And yes I'd use 2.6.11 GrSecurity with the fixed PaX.
Man, now I want to find people to sponser me some lines to run 3 or 4 honeypots. . . .
Support my political activism on Patreon.
You might have to do port knocking to get in ..
*knock
*knock
I'm still trying to figure out what people mean by 'social skills' here.
By the way, xs4all.nl offers its subscribers ssh access to a FreeBSD system, so you can try from the inside. Xs4all originated from a hacker/cracker club called Hacktic and this deal apparently helped the company to secure their systems extremely tightly.
Avantslash: low-bandwidth mobile slashdot.
i'm going to waste a tcp/ip stack remote. and install a SOTA rootkit. ha. at least iDefense offers cash for zero day.
Dont forget my double barraled shotgun when you visit them.
I'm not sure what the point of this type of contest is. The real test of a machine, is put to it up and use it permanently. If it doesn't get hacked, you're probably doing things right. [Or you're tremendously lucky :) ]
I've had various public-facing servers up for years. The only one that's gotten hacked [I'm embarrassed,but I admit it happened] is my home firewall/router which was running a poorly set-up, poorly configured, slightly old version of Squid. It was frankly my fault that I got hacked. But I learned what went wrong, and I'm now more diligent. None of the ftp/web/mail servers I've put up have been hacked [yet, I acknowledge that it may happen eventually]. Even the ones I've had up in high-profile hosting facilities are still doing fine, in spite of being scanned and attacked regularly.
Anyway, that's the real test. Put it up, use it, and keep current with security updates. There's really not a whole lot more to it.
ender-
Nothing to see here
Lameness filter encountered. Post aborted! Reason: Please use fewer 'junk' characters. Lameness filter encountered. Post aborted! Reason: Please use fewer 'junk' characters. Lameness filter encountered. Post aborted! Reason: Please use fewer 'junk' characters.
Let's take a different approach on this one. It's a meaningless contest, after all. How about everybody just leave it the hell alone. Don't even ping the box.
Perhaps someone could root their ISP instead, and redirect all the traffic intended for their contest box. They'd have 96 hours of empty packet logs for their efforts. Now that would be funny.
WTF?
Titanic Ta Mere !
So, did you know that one ?
If we're really lucky, somebody will flat out trash the box and put an end to this silly "Linux is god" mentality. Then the server world can become split between Windows and BSD, as it should be.
Maybe, but cracking contests *can* demonstrate that something is insecure. IOW what might come out of this is that a professionally setup linux is just as insecure as an unprofessionally setup linux. If it doesn't get broken into, we don't know anything. If it does, we know something about the professionals who set it up.
... or am I completely wrong?
If this is not true, then what is the value of publically demonstrating a weakness? Publically demonstrating a weakness tells us about the weakness. Not being able to publically demonstrate a weakness does not mean the product is strong.
In other words you can prove, through contests that something is insecure. But you can't prove that it's secure.
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
One of the problems you encounter with these sorts of security contests is that the system you're attempting to crack is atypical. Meaning the people running the contest have already closed off most network services, removed suid binaries, use read-only filesystems, place you in a chroot'ed jail, etc. You're rarely given the typical misconfigured system with all the default services enabled, out-of-date user applications with known exploits, permission problems, etc.
One was done by Apple Europe, others were private. This was back in the original Mac OS days, where the OS was much more uncrackable because there was no command line layer to speak with, and the OS had its own command structure that was not like anything else.
Combined with a robust web server software like WebSTAR was at the time, there were many prize purses that were never distributed.
While OS X today uses Apache and have many common ports closed by default in the client, it's more of a target, though I haven't heard of any cracking contests for it. To date, there haven't been any successful cracks not due to bad administration, though I'd like to hear about one if there is.
Vos teneo officium eram periculosus ut vos recipero is.
You need to leave your mark at ``/''.
I read that as "You need to leave your mark at slashdot."
I tried my trusty list "zxcvb", "GOD", "SEX", "god", "krmit" and found that the stupid sysadmin had chosen GOD as his password, because they think they are gods!!!!
This is a really great idea, to see how secure Linux is.
Some people have suggested that we test vanilla Linux distributions out of the box. I think this is a dumb idea, and I'll explain why: in any OS, there has to be a balance between security and convenience. Many features that a Linux desktop requires, for example (such as low-level hardware access) would be a security risk if exploited or messed with remotely. In a desktop Linux OS, the balance will be set to a convenient desktop that requires authentication for more important system stuff, while a server OS would have a stricter balance, requiring su or sudo for almost anything. Desktops are also less exposed to the world than servers, and don't run mission-critical services.
This will be fun to see. I'm guessing the server will succumb to some exploit discovered while it is running, that could be patched. What would be interesting is to calculate the percentage of time that exploits (root or otherwise, depending on what you're concerned about) are known against an OS before a patch is available. This is where M$'s patch-once-a-month policy would hurt them a lot.
Tired of free iPod sigs? Subscribe to my blacklist
i'd RM the log servers, NIDS, everything. then make an offer to sell them their own logs for $10,000.
Just make sure you are trying to access a system which is really owned by the linuxense company. Otherwise, it may end really bad for you. Instead of applause, a bunch of FBI agents will knock at your door.
Achille Talon
Hop!
...now I can see
You're right we didn't see it before you opened our eyes, thx...
This seems to be about marketing.
" Our server can survive a 96 hour attack without a firewall, can yours ? "
It's not for people who care, it's for the people who reads glossy covered magazines about business gear and PHB gadgets.
Interesting ports on 202.88.234.250: (The 1647 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 7/tcp open echo 9/tcp open discard 13/tcp open daytime 19/tcp open chargen 22/tcp open ssh 25/tcp open smtp 37/tcp open time 80/tcp open http 111/tcp open rpcbind 135/tcp filtered msrpc 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 5432/tcp open postgres Nmap run completed -- 1 IP address (1 host up) scanned in 24.782 seconds
For a server machine "outside the wall" it's important to keep your private life private, i understand.
My mother once asked me the same time for an expert to load and configure a system. The heart is the meat derived from the heart. I have absolutely no idea what you're typing, i would arrive at a professionally set up server?
I told microsoft that their computers were totally unprotected from physical theft by armed gangs of paramilitants and received no response. I am now sharing this with the confiduential information you had access to all data and the internet.
My riches consist not in the unix wars, unlike most of the ugliest fat bitches on the net is in his life?
They are running apache 1.3.31 (latest is 1.3.33) Exim 4.34 (latest is 3.50)
> The root partition could be on a read only media such as a CD-ROM, right? In which case nobody could ever win.
/any/dir /any/dir/my_email@my_domain /any/dir /
/any/dir. Of course, you'll have to mount /dev and to restart some services (eg: kill -1 1 to restart TTYs), but you get the idea.
Easy:
# mount -t ramfs none
# touch
# pivot_root
and your new root will be the dir which was previously under
Willy
Just incase anyone is interested, here's a portscan and service version info:
c gi :6 86- redhat-linux-gnu%r(SMBPr4 SFATAL\0C0A000\0Munsupport ed\x20frontend\x20protocx 20server\x20supports\x201\ .0\x20to\x203\.0\0Fpostmo cessStartupPacket\0\0");
Interesting ports on 202.88.234.250:
(The 1646 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
7/tcp open echo
9/tcp open discard?
13/tcp open daytime
19/tcp open chargen
22/tcp open ssh OpenSSH 3.8.1p1 Debian 1:3.8.1p1-4.1 (protocol 2.0)
37/tcp open time
80/tcp open http Apache httpd 1.3.31 ((Debian GNU/Linux))
111/tcp open rpcbind 2 (rpc #100000)
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
1080/tcp filtered socks
1214/tcp filtered fasttrack
3128/tcp filtered squid-http
4480/tcp filtered proxy-plus
5432/tcp open postgres?
6588/tcp filtered analogx
1 service unrecognized despite returning data. If you know the service/version,please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.
SF-Port5432-TCP:V=3.81%D=3/8%Time=422E35AC%P=i
SF:ogNeg,85,"E\0\0\0\x8
SF:ol\x2065363\.19778:\
SF:aster\.c\0L1293\0RPr
Response Headers - http://www.linuxense.com/challenge/
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Date: Wed, 09 Mar 2005 01:34:34 GMT
Server: Apache/1.3.33 (Debian GNU/Linux) PHP/4.3.10-8
Last-Modified: Tue, 08 Mar 2005 20:30:03 GMT
Etag: "2381b5-d38-422e0b4b"
Accept-Ranges: bytes
Content-Length: 3384
Content-Type: text/html
There are no rules prohibiting phyisical access to the machine... so if anyones got the address....
127.0.0.1 is nothing.
Even more powerful 0wnable boxes available at warez.phantom.com, 0x7F425292, http://0177.0xa/, and http://0x7f.33.017/.
Interesting to see this type of thing on slashdot. I have recently done some work for the guys running this. They have a bunch of different systems that are donated by the public. Alot of the owners have either placed software that they suspected exploits to exist for or set up vulnerable servers with all sorts of strange problems. I have written a few of these intentionally vulnerable servers for different people. Some of the guys playing are actually quite impressive and I have watched exploits on more than one piece of up to date software.
Another example of fairly realistic wargame is here. Hackerslab is a single box set up with 17 levels of intentional vulnerabilities. The first few are realitively dumb but even you security types will learn things on the higher levels. If you have ever wondered how exactly a buffer overflow, format string, or integer underflow exploit works I encourage you to check it out. Currently some of my code is running on the FreeBSD box. Its been up for close to a week and noone has found the vuln yet. Maybe the slashdotters can do it.
Crawl This - http://darkry.net/test/test.php
Thats what I got with nmap :))
nmap -P0 202.88.234.250
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-03-09 09:47 CET
Interesting ports on 202.88.234.250:
(The 1637 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
7/tcp open echo
9/tcp open discard
13/tcp open daytime
19/tcp open chargen
22/tcp open ssh
25/tcp open smtp
37/tcp open time
80/tcp open http
111/tcp open rpcbind
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
148/tcp filtered cronus
155/tcp filtered netsc-dev
445/tcp filtered microsoft-ds
580/tcp filtered sntp-heartbeat
1018/tcp filtered unknown
1080/tcp filtered socks
1214/tcp filtered fasttrack
3128/tcp filtered squid-http
4480/tcp filtered proxy-plus
5432/tcp open postgres
6146/tcp filtered lonewolf-lm
6588/tcp filtered analogx
22321/tcp filtered wnn6_Tw
Nmap run completed -- 1 IP address (1 host up) scanned in 2712.447 seconds
Saxa
Saxa
There are a number of ways to test software, and you should use as many of them as possible. I have found quite a few bugs over the years by building generators that applied random inputs (with or without constraints) to a given piece of software. The whole idea is to test things you haven't thought of, test out of sequence, etc.
The test here is the security world's version of my random test generator.