LinuxPPC Challenge: Crack the Box and Keep it!

Jeff Carr from LinuxPPC was so amused by yesterday's MS W2k crack challange that he figured he'd play too: By setting up a LinuxPPC box challanging the adept out there to get in... but if you can get in, you get to keep the box! Its a stock LinuxPPC install, and he even left telnet on. The url is crack.linuxppc.org. You must be able to reproduce your entry to win. Have fun.

Re:uh.... real nice

[ricdef]

I think it should be clarified what the "crack guestbook" really is!

I mean it does not seem as if it is impossible to crack if the "crack guestbook" shows several people actually cracking the system.

Even the computer cracked itself! (127.0.0.1)

Seriously, tongue in check and all, I believe the list should be removed to avoid any excess traffic on other sites (I would not believe /.ers would /. the guestbook list, would they?)

Where do you want to go today? http://www.windows2000test.com seems off bound to me ;^P

Re:hahaha

[quadong]

I do believe that whoever moderated you down thought that you meant the "HAHAHAHAHA" in a nasty, flame provoking way. Also, moderators go kinda trigger happy on first posts, whether or not they are "first posts."

nmap scan :-)

[gsaraber]

Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
Host (169.207.154.108) appears to be up ... good.
Initiating SYN half-open stealth scan against (169.207.154.108)
Adding TCP port 23 (state Open).
Adding TCP port 111 (state Open).
Adding TCP port 80 (state Open).
The SYN scan took 108 seconds to scan 1483 ports.
For OSScan assuming that port 23 is open and port 30569 is closed and neither are firewalled
Interesting ports on (169.207.154.108):
Port State Protocol Service
7 filtered tcp echo
19 filtered tcp chargen
23 open tcp telnet
80 open tcp http
111 open tcp sunrpc

TCP Sequence Prediction: Class=random positive increments
Difficulty=3004658 (Good luck!)

Sequence numbers: 56980630 56E19E58 5757E55E 56A2583F 5758D1B1
Remote operating system guess: Linux 2.1.122 - 2.1.132; 2.2.0-pre1 - 2.2.2

Nmap run completed -- 1 IP address (1 host up) scanned in 121 seconds

================================
check out that sunrpc port .. that looks promesing

enjoy :-)

Re:nmap scan :-)

Try again. Some goofball killed the telnet!

Phil

Re:nmap scan :-)

[jnazario]

so i did the rpcinfo scan for you folks:

$ /usr/sbin/rpcinfo -p crack.linuxppc.org
program vers proto port
100000 2 tcp 111 rpcbind
100000 2 udp 111 rpcbind

not much there other than bind... but that can be useful. i leave it as an exercise on what to do with that info. :)

Re:nmap scan :-)

[pirodude]

would have helped to know that this company is based out of wisconsin and they are on my isp =)

Re:nmap scan :-)

[pirodude]

why you would be happening to try to hack a user from my isp (execpc)..just wondering =)

Re:It's slow... as was /.

[just+someone]

But /. is dogging it too.
No response,
slow response.

prove don't run important w/o

[just+someone]

a good filter and firewall

Re:MS site is down

[Wojtek]

This is real. In the seattle/victoria area we're having fanfuckingtastic lighting storms right now. I just got back from watching them god it's nice. Isn't to kind on competers though with lightning coming down evert 3-5 seconds.

May we keep Microsoft too ?

And you may keep the PPC??????

If we enter Microsoft, may we keep Microsoft too ? :)))

Re:Mistake! Mistake!

[AArthur]

Yes, it would appear that way, since RedHat Linux 6.0 by default disables all inetd services, as do most populuar things based on RedHat 6.0, such as LinuxPPC R5.

Turning on Telnet on a server that you are trying to get secure seems a bit exterme... why have telnet enabled when you can have something like ssh enabled just when you need it. Of course if you are going to leave telnet enabled, you can at least use /etc/hosts.deny and /etc/hosts.allow to control what machine have access to that box.

(Not to say that populuar sites around the web do have telnet enabled for everybody on any machine as long as you know the login/pass, for example www.macnn.com).

This should be interesting to see what flaws (since we know they are not perfect) we learn about in RedHat Linux 6.0 and spefically LinuxPPC R5.

Re:Odd cgi-bin behaviour

[AArthur]

No, it obviously not a default install, since more services are enabled by this install (like telnet), then how it typically ships, with all inetd services disabled.

So they changed some things that would be typically changed on the server to make it 1) easier to use 2) more services 3) added services locked down better.

Re:Security of default install

[AArthur]

RedHat 6.0 has no internet services turned on by default, you must manually enable FTP, telnet, etc.

Obviously, LinuxPPC has made a few changes to the server, for example they disabled some scripts and enabled telnet (by far a fair compremise).

Trust me, enought people have asked why telnet and FTP are disabled with the default install, if you don't believe me, see:

http://www.linuxppc.com/updates/telnet-ftp-not-w orking.shtml

That's also true with RedHat 6.0.

Win this NT 4.0 box with SP1

[fr0g]

(microsofts next lame contest to prove their servers are tight)


Microsoft will make you CEO if you can crack this out of the box config NT 4.0 computer.

Win this NT 4.0 box with SP1

[fr0g]

(microsofts next lame contest to prove their servers are tight)


Microsoft will make you CEO if you can crack this out of the box config NT 4.0 computer. this box is stand alone and our engineers have assured us we cannot loose.

Re:Mac or CHrP/PReP?

[AArthur]

bah... It's probaly just the old LinuxPPC, Inc. web/mailing list/ftp server, that they finally retired last month.

That machine was a great, state of the art, 90mhz 601 machine, I think a PowerMac 7200.

In the past, that machine seemed to lag quite often with all of the stress it had on it, and was partcally due to all of the load.

NT is the most secure OS

[RelliK]

I can only imagine Microsoft's marketing geniuses saying:

"Windows NT is the most secure operating system. It has a feature called IntelliCrash, which causes the operating system to crash when it detects high network traffic. Such traffic is always caused by hacker's activities, but, since the system is down, any attempts to break in will be unsuccessful. This innovation puts us years ahead of the competition."

Re:NT is the most secure OS

[Modrick]

I kid you not, I read on a MS page that NT
5.0 (aka Win2000) would reduce the need for
"administrative reboots". Now that is a great
term if I ever head one.

Mo

Re:NT is the most secure OS

[moeller]

Except they wouldn't use the term "crash." Rather, "Temporary Security Enhancement Through Service Restriction" or similar.
Hard to beat the name "IntelliCrash," though ;-)

Re:NT is the most secure OS

[bigiain]

>Except they wouldn't use the term "crash." Rather, "Temporary Security Enhancement Through Service Restriction"
>or similar.
>Hard to beat the name "IntelliCrash," though ;-)

ummm, how about "Temporarily Restrict Availabilty to Server Hardware"???

That'd make Microsoft IntelliTrash(tm) :-)

heh heh

big

Re:NT is the most secure OS

[jafac]

ActiveCrash

"The number of suckers born each minute doubles every 18 months."
-jafac's law

Re:buffer overflows and script kiddies

[FigWig]

I was under the impression that most buffer overruns were caused by overwriting the return address on the stack. So a function in a program run as root returns to exec /bin/sh. Different architectures might grow the stack in different directions, causing the buffer overflows to fail.

I know that there are also buffer overflows on the heap, but I don't know how that works.

Re:Maybe this server will actually be up...

[Patton]

A team of us got together yesterday and we went bashing on it for a while. Judging from its reaction while we were after it I think we probably did bluescreen it or otherwise 'freaked it out' (to be technical). It came back up not too long after that though so nothing permanent. Probably just a reboot but no way for us to prove it was definitely our doing or someone else getting the KO punch in.

I think someone REALLY got a suckerpunch in on them judging by its current reaction (or lack there of apparently). Probably is bandwidth flooding though.

(The no-DOS attack method their rules were saying not do was for just swamping by the power of bandwidth. We just aimed at making it run out of ram and/or blue screening with as few packets as we could from multiple sites.)

Re:At least it's there...

[ajakk]

I get to see the box, but only because IE5 has cached it. Go to the site and then hit the refresh button. 5 to 1 that it can't find the server.

Re:This could turn into King

[gocubs]

Well... this is almost like the Happy Hacker wargames, except that it's worthwhile (prizes amounting to more than recognition). That, and it isn't intrisically flawed because it isn't run by Carolyn Meinel....

Re:This could turn into "King of the Hill"

[bmetzler]

I love the idea, but I think you'd have a hard time finding anybody to host such a beast. Besides supporting what would probably be a huge amount of traffic - and some pretty funky looking packets, you've also got to consider what kind of collateral damage it could cause. Somebody mentioned that the MS test box has had it's DNS servers taken down already...

Nope, you're wrong. Someone has already hosted many servers just for the intent to be hacked. Check out http://www.happyhacker.org/hwargame.html . Yep, a real life hack that box challenge that never goes away.

-Brent

Re:hahaha

[DanJose52]

oh, well...okay, but I still don't get it...I mean, it was very funny of them to do that...the first thing I thought when I saw the page was "it's sparse..." then I read that and started laughing...well, moderators, have fun with it..

Mistake! Mistake!

[qnonsense]

This challenge to break into a LinuxPPC stock install (with nothing running) is NOT anallagous to Microsoft's challenge.

There is no way in hell that the W2K server MS is putting up for this challenge is stock installed. It's probably been tweaked by MS engineers over the past two weeks to lock out any possible attack.

When this server is cracked and theirs isn't, they will point to this as an example of W2k being more secure than Linux (which I doubt very much). This can't be allowed. Someone (maybe from Red Hat or from Debian or from *BSD) should take a week and secure one of thier servers and then let anyone go at it. Then we'll see whose server lasts longer.

Re:Mistake! Mistake!

[Hollis]

The difficulty is that LinuxPPC R5 comes with all inetd services disbled (for security). So it's not *really* a stock install - Jeff had to make it less secure. I believe the intent is to keep turning on services (like telnetd, which was already enabled) if no one breaks it quick enough.

Besides, if this server is cracked, then we will have found another hole to patch, which is the point of cracking, right?

You talk about taking a week to secure a server, but it could be done in a few minutes by turning everything off except Apache (and disable CGI). "Secure" is kind of a tradeoff in that case.

Interesting responses so far.

[Eric+Lai]

I find it interesting to see how few people are flaming the LinuxPPC guys. When Microsoft started up their contest, people were extremely quick to crusade their views, many of them with four-letter words and simple sentences with little content.

Of course, the Linux guys didn't make their web page incompatible with Netscape (or include unnecessary Javascript anyhow)...

However, look at the situation from another angle--look at how shoddy the crack.linuxppc.org webpage is. Imagine if the Windows site had looked remotely like the LinuxPPC site does. Microsoft would have had a hard time finding enough extinguishers for THAT one.

Imagine if the Windows guys had posted IP addresses on the main page.

Do Linux users expect less of themselves? Do they not mind sloppy work? Does this make them feel more comfortable? The LinuxPPC site is definitely not designed to appeal to anyone in a "commercial" sense--is this why it's acceptible?

In any case, it's good advertising for LinuxPPC I suppose...

Oh well. I just think it's interesting how much our biases get in the way of logical thought.

Re:Interesting responses so far.

[haaz]

We're not a non-profit entity. :) We do make enough to pay ourselves, pay our bills, and then have enough left over to buy new G3s for developers.

We _do_ want to take over the world, but we're going to share the spoils with our friends. ;-)

Re:Interesting responses so far.

[Breace]

look at how shoddy the crack.linuxppc.org webpage is

Look at how much time it took for LinuxPPC site to appear. How much time and people do you think it took to put M$'s site up?

Breace.

Re:Interesting responses so far.

[Eric+Lai]

True, but then that's part of my point. There's the issue again of the fact that Microsoft has to have a nice page up.

I ask again--what kind of flame would they have drawn if they had set up a "quick and dirty" page?

Re:Interesting responses so far.

[_Sprocket_]

OK. Let's take a look at reasons the flames aren't fortcoming (beside your insinuation of MS bias)...

Of course, the Linux guys didn't make their web page incompatible with Netscape (or include unnecessary Javascript anyhow)...

This may seem like a minor point, but it actually points to a chief complaint towards MS; "Our way or no way". The promise of Java is cross-platform compatability; MS' implementation breaks this. A good web site can be handles by a multitude of browsers and platforms - even MS' own corporate site runs fine with Netscape. Yet, here it breaks. Did MS do this on purpose? Their past history certainly implies this is possible.

...look at how shoddy the crack.linuxppc.org webpage is.

Do Linux users expect less of themselves? Do they not mind sloppy work? Does this make them feel more comfortable? The LinuxPPC site is definitely not designed to appeal to anyone in a "commercial" sense--is this why it's acceptible?

Oh well. I just think it's interesting how much our biases get in the way of logical thought.

Actually, I would point out that the web page makes perfect sense. The idea of this "counter-challenge" is NOT glitzy publicity. The machine is there to be attacked - not to hand out online brochures. The marginal page is functional... even humorous ("If you get in, please submit a better webpage than this :)"). I hardly see how additional flash would make a TECHNICAL challege more legitimate.

Imagine if the Windows guys had posted IP addresses on the main page.

Now, here you've made a good point. And apparently, others have made it too since the page has removed the "log". I agree. Posting these IPs is trouble and MS would definately get flamed hard for it.

In the final analysis, you have to ask yourself what are the motivations here? The belief is that MS is pulling a shallow publicity stunt (and none too origional at that). No matter what the outcome, MS will turn it into brochure fodder for PHB's. In the meantime, issues such as MS' responce times to discovered security holes are not dealt with.

The LinuxPPC guys are responding to MS' publicity stunt with a copycat stunt. They've done it in good humor. And they've done this in a way that appeals to other tech-minded people. If anything, its less dubious bait-and-switch and more lampooning. Will they get glitzy brochure fodder out of it? I don't know. Ask their marketing department.

Re:Interesting responses so far.

Please, don't try and appeal to the open minds in here, as there are clearly none that are prepared to listen. Still, there are some who are of the right mind, but they are often more quiet.

Yesterday, after seeing the posts on the Microsoft site, my personal views of the Linux community dropped -yet again-. What's it going to take to make people grow up? You will never create an ultimate operating system unless you quit being so tunnel-visioned.

By the way, Microsoft have been doing this sort of test ever since NT 3.5, but then I guess when you live with your head in your butt you don't know these things, do you?

Learn the lesson of clear thought, and you will surpass all others.

Re:Interesting responses so far.

[Eric+Lai]

The outcry about Netscape not working with the page was understandable. I don't believe in proprietary standards either, which is why I mentioned it. Microsoft's general website however, follows a certain plan--they have pages which are formatted and displayed to IE users, and then they have pages which are for non-IE users. If you view www.microsoft.com from non-IE4/5 browsers, you're going to see an entirely different site.

One way to sort of "excuse" the www.windows2000test.com guys is that they probably were trying to remain within the Microsoft web site design specifications. Perhaps they didn't feel like making the non-IE4/5 version of the page or ran out of time? When viewed from the perspective of it being part of a larger site with a required "look and feel", rather than an independant page, it's somewhat easy to justify their mistake.

The belief is that MS is pulling a shallow publicity stunt (and none too origional at that).

That's definitely something I would agree with. I'm under the belief that it was a bad move on their part--if anything it just made them look really bad.

The LinuxPPC guys are responding to MS' publicity stunt with a copycat stunt. They've done it in good humor. And they've done this in a way that appeals to other tech-minded people.

True, but it still seems to me that LinuxPPC is a company that is not adverse to publicity (it'd be hard to survive without it). To say that they made the site in the manner that they did just because it appeals to other like-minded individuals seems to go against the fact that in the grand scheme of things, they are trying to make money...aren't they? I profess to not knowing much about LinuxPPC, so correct me if I'm wrong and that they are a purely non-profit-oriented Linux distributor.

So, in that sense, I still wonder if professionalism is a negligible requirement of Linux users in the companies that they allow to represent themselves. Any thoughts on that, anyone? Or is this reply too deep for most people to notice? :)

Re:Interesting responses so far.

>Yesterday, after seeing the posts on the Microsoft site, my personal >views of the Linux community dropped -yet again-.

When will people like yourself realize that *NO ONE CARES ABOUT YOUR VIEWS* of the Linux community? We're doing just fine *WITHOUT* your so-called "Support".

Re:Interesting responses so far.

Logical thought?!?!

The LinuxPPC guys are GIVING AWAY A COMPUTER for whoever meets their challenge.

Microsoft is giving away... nada.

And you wonder why people prefer the LinuxPPC guys?!

You think it's "not logical" to prefer the LinuxPPC guys?!

Can I have your computer?

(Seriously though, next time you post something this dumb, try to sound less snooty)

Re:Interesting responses so far.

[Eric+Lai]

Unfortunately, the louder voice does tends to be the more ignorant one, doesn't it? I'd hate to believe that all of those Linux users who were titillated by the "[BEEP]" filter in the guest book were truly representative of Linux academia.

Re:Interesting responses so far.

I'm a bit surprised that the moderators found this obvious troll "interesting", but since lots of people are going to read it, I would like to make a comment.

People on slashdot have an opinion about Microsoft. Call it a bias if you will. But I think there are better reasons why Microsoft got more flames and the LinuxPPC people got more praise. Notice that the LinuxPPC people included a good joke on their webpage, and are actually giving a prize away to the winner. The MS people, on the other hand, made their page incompatible with broswers other than their own. The difference is that one group is being fun and pleasent, the other is being pushy and unclear about their motives. There's no bias needed to judge between them. One group is just cooler than the other :)

Re:Interesting responses so far.

[j+c+s]

What the hell are you talking about? This contest isn't about who can design the best web page.

I don't understand why you are even bringing up this point about the LinuxPPC site for the contest being "sloppy" and not "designed to appeal to anyone in a "commercial" sense". Do you really think anyone trying to crack this machine gives a care what the web page looks like?

The contest here isn't about how good the web page looks, it's about the security of the machine serving the web page.

I find it ironic that you complain about Linux users and "sloppy" work, yet if you look at the two web pages, the Linux one is obviously functioning and is providing content beneficial to the contest, yet the Micros~1 page is a half-assed piece of shit with broken Javascript. Who's being sloppy here?

Obtain Clue Before Proceeding

You have no idea what you are talking about. Look up the code for, say, L0pht's AntiSniff or any number of Windows sniffer programs.

Admittedly, Microsoft uses a different set of nonstandard interfaces to access raw network data than *BSD or Linux does, but since there's no actual standard for this, what's the problem?

I find it hard to avoid getting the impresion that the vast number of people posting on this site who profess to know so much about programming, and are such rabid Linux advocates, program very little. My suspicion is that their experience of Linux is mainly confined to twiddling the icons in the execrable Enlightenment. And why they feel able to comment on Win32 programming, about which they evidently know little indeed, is quite beyond me.

As for the Windows tools vs Unix tools argument, well, Unix users are arrogant, and have little reason to be. I -- and many others -- prefer to be using a Unix system from day to day -- until I have to use Adobe Photoshop -- but this doesn't mean that Windows users deserve ridicule for it.

Re:PR

[rnt]

a couple of the postings have pointed out that this could turn out to be a kind of an
almost-competition between linuxppc and the W2K bug-- if one gets hacked and the
other doesn't, that means that that OS is more secure.


I don't quite agree... in the August 4th part 3 log entry on crack.linuxppc.org it is mentioned that portmap, sendmail, and ftp will be turned on eventually.

So now we have a win2k machine that is supposed to be secured to the max on one side of the arena and a linuxppc machine which will be gradually opened up on the other side.

Clever move of linuxppc because first of all turning on more services keeps people interested. Let people have their fun! Having fun and learning a thing or two on the way. What more do we want?

Another benefit could be that the two machines cannot be compared that way:
The linuxppc machine is willingly set up in a way that increases the risks of anyone getting in.

So if the linuxppc machine gets compromised it is not a big deal, it is more or less intended.
That makes it kind of hard to brag that the win2k box remained intact (in some sense anyway) while the linuxppc has been hacked.

Besides that: there is much more to learn from a box that does get broken into. Something to do with "learning from mistakes" I believe... and I quite like the idea of other services getting a nice pounding too.

hahaha

[DanJose52]

"If you get in, please submit a better web page than this" HAHAHAHA

hahaha..
ha

Re:hahaha

You right, HAHAHAHAHA, is a damn too provocative, he should have been more humble and say something like "ha-ha" or even politer "khe-khe"

Re:hahaha

[DanJose52]

that was a troll? saying that I thought something funny was a *troll*? what in the hell...? what if I said "dave barry makes me laugh..ha ha ha ha!" is that a troll? please explain, this isnt meant as an insult...

Re:MS site is down

This is bullshit. I have never seen a router go down this often. There are only two explanations. Either the machine kept going down and they're blaming it on the router, or they run Windows on whatever "router" they are using.

Hmm...

[mdemeny]

This looks more tempting than the cheesy MS "offer".

Note, their server is down. I wonder if it's a DoS attack. Against the rules, but funny though.

MS's server, that is....

[mdemeny]

I meant Microsoft's is down.

Re:This could turn into "King of the Hill"

[Pike]

Doesn't work that way, at least not in this instance. The game ends with the first person to break into the box, so there's no opportunity for one-upmanship. The first person breaking in will probably put up a big ol' page with gaudy graphics splashed on it saying "I DID IT HOO HA HA" and it will be all over.

If it ever happens, that is.

Somehow...

I got the feeling he'll lose that box.

Re:Somehow...

[B1FF]

1 KN0W!!!!!!!!!!!111

1'M JU5T G0NN4 K33P TRY1N6 2 6U355 R00T PA55W0RD.
S0 FAR, 1 KN0W IT'5 N0T BLANK, "ROOT" OR "SECRET" BUT 1'LL K33P TRY1NG! 1 W1LL 3V3NTUALLY GU3SS IT!!!!!!111111 1 W1LL TH3N HAV3 A PPC B0X ALL T0 MYS3LF!!!!1
:WQ
:wq
------ ------ ------
ALL HA1L B1FF, TH3 M05T 31337 D00D!!!!!1
------ ------ ------
ALL HA1L B1FF, TH3 M05T 31337 D00D!!!!!1

Re:Somehow...

unlikely. no sendmail, some telnet, some web services...nothing to hack into..

Re:Somehow...

Well, he sounds like he is going to add services until someone get in.

uh.... real nice

[Malacai[GDI]]

Great. Hack into their site. They display your IP address for everyone else in the world to hack into.

No thanks. I already got stung by the last wuftpd exploit.

Re:uh.... real nice

[SirSlud]

I'm pretty much in agreement here. I'm surprised they're displaying the IP#s ..... kinda kills my desire to take a crack at it.

SirSlud

Re:uh.... real nice

[aqua]

Pray don't confuse firewalls with security. Machines behind a firewall are only as secure (from the big bad net, assuming they're connected to it, as most firewalls are) as the TCP/IP stacks and services that answer on ports accessible through the firewall and/or its sockets. Most firewalls that I've had experience with have closed off all ports except the ones that people needed to use from the outside -- and half the time that included stuff like pop[23], imap, smtp, etc., and on which the servers answering those ports tended to be way behind on their updates because people had this sense of security lent by the firewall.

Also, firewalls don't work from people who can emit packets from inside your firewall -- and that's surprisingly easy to do, either through coercion of the firewall box's network stack, compromise of a machine behind the firewall through some open port, or simply being behind the firewall in the first place (as in many corporate environments). If a firewall is configured to permit connections to ports 22 (ssh) and 443 (SSL http), there's no particular reason why an attacker can't arrange for a root shell to answer on one of those ports, and with most network installations no one would be the wiser.

Re:uh.... real nice

[Lord+Kano]

As the net admin, I have a VERY good idea about what goes on on MY side of the firewall.

Even though I'm not eternally vigilant, I've taken necessary steps to prevent all except a DoS attack, in that case I just get a new IP on the firewall, 45 seconds tops.

LK

Re:uh.... real nice

[Lord+Kano]

I'm behind a firewall. Woohoo! 4 ME

LK

UH, it won't get NEAR the hits as the MS one.

Who cares about some PPC linux box that no one will touch anyways. The MS box will get as many hack attempts in one minute as that PPC box will in a day.

Re:"Tiger Team Australia"

[QuantumG]

Thanks for your concern.

Where do you want to go tomorrow?

"Where do you want to go tomorrow?"

The day after Micro$oft makes its announcement, this. Perhaps this is the wrong interpretation of this classic Linux slogan.

-17x2

Re:Where do you want to go tomorrow?

[fatboy]

This was posted on winsucks yesterday.

Re:MS site is down

[belial]

yeah. that's why I use a UPS.
my site didn't go down.

You break it, you keep it.

[SirSlud]

Sounds suspiciously like a contest I run everyday when I bike to work. It's called "break the bike lock and keep the bike!".

SirSlud

Re:You break it, you keep it.

[raistlinne]

Whiel you're correct, how many stolen bikes do you think are actually recovered every year? If someone actually managed to steal the guy's bike, what are the chances that he'd ever see it again or that the theif would ever be procecuted for it?

Re:You break it, you keep it.

[myconid]

If you had a sign on your bike: "Remove the lock and the bike is yours", then you could compare the two. This is an offer that allows you legally to crack, hack, scriptkiddie your way into the box, and if you do, its yours, legally. A huge difference.
Stan "Myconid" Brinkerhoff

Re:You break it, you keep it.

[SirSlud]

I know, I know, I was just kidding around. =)

Re:You break it, you keep it.

[Pascal+Q.+Porcupine]

A few months ago, when I was still in college (about a month from graduating), someone decided they needed my bike more than I did, and so they stole it. I was somewhat pissed (since I, of course, ended up having to walk home as a result), and so I emailed the campus police, only as a formality. I figured I'd just walk for the rest of the month, as it wouldn't have been cost-effective to buy a new bike so close to graduation. Ennyhoo, next day, I got an email back from the campus police stating that they'd already found my bike. Apparently it wasn't good enough for the thief, and so they left it on the lawn in front of the English building. The English building of all the places! I was incredibly insulted. But I got my bike back, and so all was well.

I think I had a point to all that, but it must have broken off somewhere...

---
"'Is not a quine' is not a quine" is a quine.

Re:How to telnet?

I am unable to telnet to it too.... Not working on port 23 as far as I can see, maybe I am wrong.

Maybe this server will actually be up...

[The+Silicon+Sorceror]

How are you supposed to crack a server that's only running on port 80? And how are you supposed to crack it if it's going on and off like a lightbulb? Somebody swamped microsoft2000test yesterday, then it crashed and they brought up a duplicate, then somebody took out both of the nameservers, then they went back up, but both servers were down...
Now they've switched nameservers totally, but the site's still out for the count. I think this is a pretty shoddy deal if you ask me.

--- pinging www.windows2000test.com, please wait...
--- sending to www.windows2000test.com [207.46.171.196],

error, ping 1 timed out...
error, ping 2 timed out...
error, ping 3 timed out...
error, ping 4 timed out...
error, ping 5 timed out...

--- ping statistics for www.windows2000test.com
5 packets transmitted, 0 received

Grr, Im disapointed

*sigh* Linux seems to be kicking my Windows 2000 ass. Hmm, perhaps i should give it a try. Kudos to the linux community, your OS seems to suck less then NT, after you've managed to beat Linux into my head for the past year or so ;).

At least it's there...

[Jafa]

Compared to microsoft's test site, at least this one is reachable so far. After two days, I have been able to load microsoft's page only once.

Re:At least it's there...

[Kintanon]

Well, with IE 5 at work I've been able to hit the microsoft site pretty much all day today and most of the day yesterday. That's the Win2000 one as well as the regular one. So it doesn't seem to have gone down too hard if at all.... Then again, if they just did something screwy with the page so that only IE5 would show it as existing....
Wouldn't that be interesting? I away to entirely shut out half of the community from your website.

Kintanon

Re:At least it's there...

[just+someone]

You can hit the MS box?
I have not been able to since this morning (PDT)

Re:MS site is down

[Tim+C]

One of the machines we host websites on at work had a problem with SQLServer 6.5 filling up the application log - it was reporting that a connection could not be made (because the maximum number of simultaneous connections had been reached) 6 times a second.

Not very many services didn't crash, including IIS and SMTP (not good on a webserver!)

Only way to fix it was change the log settings and reboot....


Tim

No scriptss like MS

At least MS has an ASP based Guestbook that you can try and hack.

They're just being cocky...

[Eric+Lai]

I think they're assuming that their system is more secure straight out of the box than anything Microsoft could put up. I guess only time will tell, eh?

In any case they win. If their system dies, they can still say, "but ours was a stock install," and they'll avoid most of the flack. The free toaster offer is good PR as well.

If their system survives, they get to shout out, "our stock installation was more secure than the Redmond boys' machine." Of course, that probably won't happen.

It doesn't look like they've got much to lose. Plus they're catering to the Linux crowd, not the Microsoft crowd, so they don't have to try all THAT hard to impress, I don't think.

Re:buffer overflows and script kiddies

[TreesCanHurt]

There is some discussion on this issue from linux-kernel here.

The short version: It's possible to execute arbitrary code even if the stack is marked non-executable. Oh, and Alan Cox says Intel machines can't mark the stack non-exec anyway.

So your point may be true, but it's of limited value.

Re:MS site is down

[Z0z]

? - It damn well better. Some people actually need to keep complete logs. NT can be set to wrap around logging or halt when the log is full. Any installation with any security sense has NT to halt when logs fill, of course, they generally never let it get full either.

Re:uh.... real nice ...not anymore

[digitaldaniel]

Looks like someone was reading ./ they have removed the IP list from the site (3:50 mdt) and made a few new comments about its configuration and stats, still telnet does not seem to be working.

Dan-

Linux PPC Cracking

The CPU is a first generation PPC 9500/132, the second speed processor in the 604 line, next to the 120. Just a note, on average a top of the line Blue and White G3 box has over 10 times the computing power with equal ram. I would like to say the same for M$, they probably have a Quad 500 Xeon or some beast running their server, with half a gig of ram. The 9500 has 128 was it? Pathetic really.. cheers LinuxPPC team.

It's mine!

When I crack that machine and it becomes mine, I'm gonna erase Linux and install MacOs 8.5 on it. Yeah!

Re:buffer overflows and script kiddies

[Jonathan+White]

Yes some operating systems do have non-executable stacks, I am unsure if Digital UNIX is one of them but it wouldn't surprise me. I do know Solaris has this feature (though there are/were some flaws, search bugtraq archives for more info). Linux does as well through Solar Designer's secure-linux patches (http://www.false.com/security/linux/ index.html ). This may only work with Intel Linux, I haven't used it elsewhere. Gory details of how it works are include with the patches. Beware however that these are not perfect and can be defeated. Also note that there are good uses for executable stacks, search on "gcc trampolining" for some examples and discussion.

In redmond...

[jmpvm]

"ps - the machine still has 29meg of ram FREE - not buffered or shared - free as in totally unused with 128 connections. (160 meg of ram total.) Love to see the windows2000test.com box do that. "

LOL! This is great. Actually, I'd love to see the W2Ktest machine do ANYTHING right now. It's been down most of the day.

Looks like they finally got the router loops fixed though, but the machine is still not up. I wonder who's head is gonna roll in Redmond for this one? I'm sure the marketing genius who came up with this one didn't clear it with ole Billy-Boy...

Re:In redmond...

[Jeff+Monks]

I'm sure the marketing genius who came up with this one didn't clear it with ole Billy-Boy...

Somehow, I suspect a lot happens in Redmond that doesn't get cleared with "ole Billy-Boy". I highly doubt he's in every marketing meeting for every little stunt they come up with. Gates is probably involved in much higher-level stuff than this (although I personally have the feeling he's more of a company mascot than fearless leader at this point - think Ronald McDonald). Microsoft is way too big for one person to keep track of everything that's going on...

Re:In redmond...

Free memory is wasted memory :-)

How to telnet?

Forgive my ignorance, but how do I telnet into the thing? Like what's the URL and port #?

Re:How to telnet?

[poink]

Someone that does not know how to use telnet should not be trying to break into another machine. You have to walk before you can run.

Not knowing about telnet implies a general vacuum in the unix/ip-clue area.

Re:How to telnet?

Telnet wasn't up when I tried earlier. I thought it might be running on a non-default port. Of course, your reply was completely unhelpful.

Re:How to telnet?

Duh... the URL is TELNET://crack.linuxppc.org
and the port would be the TELNET port. (look it up in /etc/services if you want to know the number.)

It sounds like a better way to phrase your question would have been "how do I telnet?"

Re:How to telnet?

Duh... the URL is TELNET://crack.linuxppc.org
and the port would be the TELNET port. (look it up in /etc/services if you want to know the number.)

Another cheerful and helpful responce from the user friendly Linux community.

Re:How to telnet?

The "regular" telnet port is port 23. If you just type
telnet crack.linuxppc.org
then it will go to port 23. But you can telnet to any port you want, for example,
telnet crack.linuxppc.org 80
will go to port 80 (the www server). I havn't tried cracking the system myself since I have better things to do, but good luck to you.

Re:uh.... real nice ...not anymore

[digitaldaniel]

Nevermind, its still there its just been moved off to another page

Dan-

What is the box?

Has anyone seen any mention anywhere of what hardware this is?

I guess some might enjoy the effort for its own sake, but I'd hate to see others expending some herculean energy to win an old 6100/60 . . .

Re:What is the box?

Well LinuxPPC only runs on PCI-based PowerMacs not Nubus-based ones. So that rules out that the machine is a 6100/60. It could be a 7200/75 or some such outdated box.

Re:buffer overflows and script kiddies

[Jonathan+White]

Yes, the return address is modified to return to your evil code which you inserted in the buffer you overflowed. That code generally does something useful like give you a shell. See Smashing The Stack For Fun And Profit for a much better explanation. Different architectures do grow the stack in different directions but that doesn't prevent the exploitation of overflows.

Heap based overflows are very similar but they occur in the data (bss) segment of a program. w00w00 on Heap Overflows has a pretty good explanation.

Is the guestbook a hole?

[Nathaniel]

The guestbook is including hostnames, and it's an shtml page.

I'm not set up to change my hostname, but perhaps someone else would like to try changing their hostname to include a serverside include.

for instance.

Re:Is the guestbook a hole?

[PhiRatE]

I don't believe this is an option, since the SSI appears (as far as I can tell) to be simply including a text file generated by some other script.

Good Cause...

Since this is for a good cause, should we use the term 'hacking'?

Re:uh.... real nice ...not anymore

[znu]

It's totally gone now. They removed in the last 10 minutes actually. I was just about to check how many people where on the list when it happened too. Damn.

Hey, LinuxPPC guys, how about doing an "attempted cracks" counter?

Re:uh.... real nice ...not anymore

06-095.021.popsite.net
0wned.org
12.1.145.19
12.1.182.66
12.13.101.2
12.13.101.5
12.13.226.21
12.15.222.5
12.17.133.102
12.19.7.129
12.20.48.100
12.20.66.36
12.23.153.224
12.4.125.144
12.66.3.222
12.76.123.49
12.78.105.190
12.79.180.100
12.79.24.215
12.8.190.10
12.9.139.104
127.0.0.1
128.103.107.130
128.114.10.13
128.114.130.1
128.114.130.224
128.114.22.163
128.115.134.64
128.118.206.34
128.119.198.30
128.135.47.228
128.138.129.12
128.143.2.47
128.146.156.242
128.146.190.30
128.163.161.148
128.165.209.115
128.165.88.132
128.173.12.137
128.173.17.87
128.174.154.139
128.174.5.39
128.174.5.62
128.183.105.37
128.187.21.178
128.197.73.220
128.2.121.189
128.2.15.12
128.2.15.9
129.133.28.203
129.142.196.41
129.176.201.45
129.186.46.116
129.187.26.51
129.21.142.164
129.22.240.140
129.237.125.61
129.237.97.63
129.57.8.76
129.57.9.170
129.57.9.179
129.6.61.57
129.6.61.64
129.6.61.65
129.64.8.30
129.65.242.5
129.69.166.243
129.69.192.144
129.93.33.1
130.115.255.113
130.127.112.40
130.149.82.47
130.160.4.114
130.160.7.39
130.216.93.17
130.231.6.20
130.244.106.141
130.244.175.90
130.244.58.19
130.64.1.30
130.67.198.209
130.67.50.88
130.67.96.162
130.68.1.26
131.104.238.101
131.128.23.171
131.130.104.58
131.151.6.34
131.155.20.128
131.155.209.82
131.174.116.100
131.174.97.67
131.179.192.137
131.215.86.119
131.216.128.150
131.216.136.173
131.238.221.93
131.238.3.50
141.201.222.106
141.201.53.23
141.211.63.82
141.213.8.81
141.215.10.193
141.31.147.253
141.44.136.32
141.69.150.240
141.82.18.72
142.104.124.69
143.166.173.56
143.195.1.4
144.15.26.94
144.32.178.46
144.41.19.78
144.74.19.216
144.74.69.107
144.74.69.67
144.92.108.95
144.92.112.142
145.228.129.71
145.253.2.35
145.253.2.36
145.253.71.163
145.253.72.145
145.253.74.131
145.253.76.21
145.253.94.137
146.145.249.135
146.186.226.167
147.11.41.19
147.253.80.10
147.26.62.159
147.86.141.72
148.100.215.108
149.136.185.159
149.138.16.3
149.225.11.73
149.44.3.33
150.135.83.151
150.216.63.62
151.140.22.53
151.198.200.161
151.199.124.10
151.23.0.215
152.1.9.115
152.174.207.47
152.19.5.73
152.2.205.95
166.72.196.67
166.84.144.9
168.122.16.231
168.159.218.165
168.175.254.62
168.191.209.196
168.191.82.165
168.191.91.103
168.58.110.4
169.197.54.146
169.207.131.61
169.207.134.6
169.207.154.107
169.207.62.79
169.207.85.200
169.229.92.67
169.237.129.161
169.237.7.61
169.244.19.131
170.142.111.15
170.65.40.28
170.94.194.189
18.215.0.52
190.newark-23-24rs.nj.dial-access.att.net
192.100.81.126
192.101.159.1
192.124.43.73
192.127.94.7
192.131.1.4
192.135.215.35
192.138.149.4
192.148.249.74
192.150.11.14
192.160.145.62
192.17.17.130
192.195.249.21
192.195.85.210
192.197.71.189
192.219.29.174
192.233.136.11
192.245.102.11
192.246.229.214
192.25.214.6
192.28.2.11
192.31.106.1
192.33.12.69
192.68.228.2
192.76.134.33
192.9.51.3
194.152.172.114
194.162.145.35
194.17.41.1
194.18.101.34
194.197.215.2
194.198.101.1
194.208.80.90
194.208.92.67
194.221.140.149
194.222.63.202
194.222.8.242
194.231.246.180
194.231.50.144
194.236.213.123
194.236.215.94
194.242.196.203
194.252.1.200
194.51.167.7
194.64.39.28
194.65.230.81
194.65.231.252
194.7.44.225
194.7.44.226
194.72.42.56
194.94.24.15
194.94.27.35
194.94.72.124
194.94.72.126
194.94.79.146
194.95.210.55
194.97.8.164
195.114.68.138
195.14.233.244
195.143.133.82
195.143.28.45
195.144.66.11
195.162.211.19
195.162.214.217
195.166.139.131
195.166.17.18
195.17.73.6
195.179.182.249
195.179.84.182
195.186.49.140
195.188.192.3
195.190.20.5
195.190.20.8
195.193.71.12
195.2.169.34
199.179.168.21
199.217.179.162
199.222.102.24
199.232.225.18
199.232.56.155
199.240.131.6
199.34.138.5
199.44.121.100
199.45.180.168
199.72.63.2
199.77.241.57
199.80.64.7
1Cust246.tnt9.mobile.al.da.uu.net
1Cust254.tnt2.new-port-richey.fl.da.uu.net
200.246.133.232
200.30.36.4
202.175.36.13
202.239.129.98
203.101.8.186
203.141.89.167
204.101.128.170
204.116.105.201
204.116.105.203
204.120.86.79
204.123.9.76
204.133.76.235
204.143.88.170
204.146.167.237
204.157.28.119
204.171.56.12
204.186.132.220
204.200.26.249
204.201.36.60
204.209.13.16
204.209.13.50
204.233.149.15
204.233.33.63
204.244.79.129
204.247.248.254
204.254.20.134
204.254.26.24
204.26.82.5
204.50.58.21
204.50.73.2
204.57.230.98
204.71.94.223
204.73.77.78
204.92.192.254
204.92.92.4
206.235.208.2
206.239.230.70
206.243.225.122
206.246.132.18
206.249.10.9
206.25.87.88
206.250.128.222
206.251.162.36
206.251.228.219
206.29.141.237
206.32.221.66
206.40.108.228
206.48.122.153
206.58.2.63
206.58.25.245
206.6.238.10
206.66.13.105
206.66.99.144
206.68.204.37
206.86.154.23
206.97.151.44
206.97.175.184
206.97.65.17
206.97.88.159
207.108.173.122
207.110.37.52
207.111.212.178
207.126.105.147
207.127.69.20
207.134.168.101
207.135.116.245
207.135.131.153
207.136.14.73
207.138.231.95
207.138.232.149
207.139.178.34
207.140.74.130
207.15.170.31
207.153.9.81
207.155.143.117
207.155.96.37
207.159.105.131
207.159.93.20
207.16.153.157
207.16.5.140
207.161.224.43
207.161.225.114
207.168.73.180
207.171.209.66
208.15.173.3
208.150.70.131
208.151.7.175
208.152.101.253
208.152.187.140
208.152.187.163
208.152.24.17
208.157.22.219
208.16.29.139
208.16.9.92
208.161.201.178
208.165.34.242
208.166.162.61
208.17.58.196
208.19.193.169
208.201.134.2
208.204.227.13
208.205.182.1
208.206.247.152
208.207.65.236
208.207.65.6
208.207.65.7
208.21.27.6
208.210.111.70
208.210.85.198
208.219.4.235
208.219.70.3
208.220.46.111
208.221.102.251
208.228.132.188
208.229.121.42
208.229.229.167
208.241.97.130
208.242.126.233
208.242.162.61
208.243.144.10
208.244.148.253
208.246.233.5
208.249.36.2
208.251.243.254
208.253.11.185
208.254.169.221
208.26.231.61
208.3.135.29
208.32.204.3
208.32.204.5
208.44.102.21
208.8.63.7
209-122-217-50.s50.tnt1.atn.pa.dialup.rcn.com
209.182.66.6
209.185.85.59
209.186.43.132
209.192.217.21
209.195.11.176
209.197.144.15
209.197.144.33
209.198.142.194
209.213.94.232
209.214.88.43
209.214.98.118
209.215.153.34
209.218.241.162
209.218.67.132
209.218.86.11
209.219.204.2
209.220.27.250
209.224.199.240
209.226.46.92
209.226.82.199
209.232.222.1
209.239.142.234
209.241.234.5
209.242.84.12
209.242.9.3
209.245.5.148
209.250.40.237
209.250.78.231
209.251.79.107
209.30.101.230
209.31.36.209
209.36.104.6
209.36.105.132
209.45.132.3
209.49.1.57
209.49.185.208
209.5.245.146
209.5.75.40
209.50.4.73
209.54.54.166
209.57.142.27
209.57.145.206
209.57.224.15
209.57.91.134
209.58.32.49
209.58.5.165
209.58.5.166
209.6.0.151
209.63.10.104
212.32.172.115
212.43.207.16
212.49.139.18
212.53.197.174
212.63.145.237
212.7.167.253
212.7.167.6
212.72.80.74
212.72.85.148
212.76.145.211
212.81.150.228
212.81.159.190
212.81.171.145
212.81.172.169
212.83.79.166
212.94.193.116
212.97.194.55
215.morristown-06-07rs.nj.dial-access.att.net
216-32-34-252.irv0.flashcom.net
216-53-137ppp144.mpinet.net
216.1.114.68
216.101.194.195
216.103.105.213
216.118.25.150
216.13.50.10
216.132.201.1
216.132.81.82
216.14.11.106
216.155.28.194
216.168.238.199
216.180.14.7
216.180.30.62
216.192.59.132
216.206.203.245
216.207.212.160
216.208.135.237
216.211.97.40
216.221.32.68
216.26.5.45
216.27.11.84
216.3.68.2
216.32.34.252
216.34.100.231
216.41.30.77
216.53.137.144
216.61.88.225
216.70.158.187
216.78.144.14
216.78.184.96
24.64.185.179.on.wave.home.com
24.64.28.172
24.66.41.94
24.66.41.94.mb.wave.home.com
24.66.45.250
24.7.131.186
24.8.188.136
24.92.239.104
24.93.12.164
24.93.22.133
24.93.242.192
24.95.24.108
32.100.141.128
33-29.H.dial.o-tel-o.net
35.8.4.89
36.51.0.54
38.151.156.129
38.182.104.66
38.183.48.74
38.202.145.254
38.222.98.240
38.246.96.2
38.28.97.248
39-116.egginc.com
4.17.192.55
4048b06.specent.com
45.frankfurt.dialup.cybernet-ag.de
48-216.B.dial.o-tel-o.net
49.columbus-05-10rs.oh.dial-access.att.net
53.122.2.31
62.0.150.20
62.104.64.66
62.108.24.27
62.136.28.22
62.144.250.67
62.156.16.68
62.157.19.250
62.157.202.242
62.157.21.6
62.157.68.21
62.158.120.205
62.158.126.94
62.158.18.117
62.158.20.99
62.158.85.222
62.172.107.140
62.52.129.145
62.52.130.143
62.52.138.48
atmax-4-9.enter.net
av209x177x21x43.aero-vision.com
avalon.dpc.com
b61580.STUDENT.CWRU.Edu
baycity-0164.wcnet.net
bc77-253.jacksonville.net
beavis.eng.techline.com
begate.boeing.com
bftir.lanl.gov
blacker-119.caltech.edu
blah
blndi4-145-253-076-021.arcor-ip.net
bo.oca.udayton.edu
boeing.infocom.com
br-d-215.agrinet.ch
brain-dead.pa.uky.edu
brenne.swm.uni-mannheim.de
burns.cmf.nrl.navy.mil
bw6.bivwood.com
c221812-a.olmpi1.wa.home.com
c71114-a.potlnd1.or.home.com
caard1-p29.telepac.pt
cable-195-162-214-217.customer.chello.be
cacta95.phil.unc.edu
catv6100.extern.kun.nl
cc493382-b.whmh1.md.home.com
chef.ecs.soton.ac.uk
chevrons.demon.co.uk
ci594222-a.ruthfd1.tn.home.com
client-151-199-124-10.bellatlantic.net
cm116-2.evhr.net
cobol.mtsu.edu
coke.imsa.edu
coredump.novagate.com
corp.stamps.com
cow.imv.de
cr342197-a.hnsn1.on.wave.home.com
creature.Crew-KG.NET
crescent.bitwrench.com
cronus.oanet.com
cx275569-a.msnv1.occa.home.com
cx337747-b.wwck1.ri.home.com
cx38442-a.santab1.ca.home.com
cx87325-a.nwptn1.va.home.com
d142-h036.rh.rit.edu
d185d0ca4.rochester.rr.com
d185d1685.rochester.rr.com
d8-31.dyn.telerama.com
dante.gsfc.nasa.gov
firewall.weltman.com
foxboro-bh.foxboro.com
fw-02.microage.com
fw240.smed.net
g76.jlab.org
gate.mcc.net
gatekeeper.tripos.com
gatekeeper.westar.com
gateway.dievision.de
geekport.be.com
geminga.Berkeley.EDU
gemini.clide.howard.edu
get
gleung.llnl.gov
global.mactemps.com
global.sl.se
glympton.airtime.co.uk
gow068.graddosten.ac.se
gps-fddi.leeds.ac.uk
greenbay.shoreland.com
gtng-m130-143.pool.mediaways.net
gw-31.wh.uni-stuttgart.de
gw.varesearch.com
h135-3-84-10.outland.lucent.com
ha1.ntr.net
hadrian.guardian.co.uk
handi4-145-253-094-137.arcor-ip.net
harold.sierraweb.com
hawk-a-047.resnet.purdue.edu
hdcnet.com
helium.dcs.kcl.ac.uk
hephaestos.cs.ucdavis.edu
hercules.regi.ubc.ca
heretic.Sunquest.COM
hitchhiker.ltnb.lu
hlt8-m156-51.pool.cww.de
hmbdi3-145-253-071-163.arcor-ip.net
host-15.edinc.org
host-209-214-88-43.atl.bellsouth.net
host-209-214-98-118.sav.bellsouth.net
host-212.121.137.56.de.colt.net
host-212.121.137.60.de.colt.net
host-62.96.13.148.inetservice.de
host.159-142-112-5.gsa.gov
host113-sub66.symantec.com
host178.wbg.logicon.com
i48-13-45.pdx.du.teleport.com
indigo3.igpm.RWTH-Aachen.DE
ip23.boanxr11.ras.tele.dk
modemcable011.85-200-24.mtl.mc.videotron.net
modemcable148.13-200-24.que.mc.videotron.net
moe.apci.com
monsoon.ssec.wisc.edu
ms02-377.tor.istar.ca
mueata-e1-wan029.citykom.de
n016.nijmegen.telekabel.euronet.nl
n1-h254.isgtec.com
n20057.telekabel.chello.nl
n23-c209-c149-c50.bs.xlate.ufl.edu
nas1-03.dialup.neca.com
nat3.densonreed.com
nd026094.global.medtronic.COM
netblk-10-152.netapp.com
netcom14.netcom.com
newport32.aiconnect.com
node181b.a2000.nl
obsession.logics.de
onh1-168.twcny.rr.com
orion.linuxbox.com
oub.daytontbrown.com
outbound.seic.com
p249.n03.fra.access.is-europe.net
p3E9C1044.dip.t-dialin.net
p3E9D13FA.dip0.t-ipconnect.de
p3E9D1506.dip.t-dialin.net
p3E9E1275.dip.t-dialin.net
p3E9E1463.dip.t-dialin.net
p3E9E78CD.dip0.t-ipconnect.de
p3E9E7E5E.dip.t-dialin.net
p798.as1.adl.dublin.tinet.ie
pC19F3868.dip.t-dialin.net
pC19F7E1C.dip.t-dialin.net
pC19F7FAD.dip.t-dialin.net
pa1.cantor.com
packetway.MPI-SoftTech.Com
pages.sssnet.com
paix-alg-gw9-51.ncal.verio.com
panache.ernie.org
panther.uwo.ca
paris.ncsl.nist.gov
pc15.cybersurf.net
pc33.cybersurf.net
pc70.escient.com
pc83010.stofanet.dk
pcBaby.ACNS.Carleton.edu
pcbellet.imag.fr
pdx-0104.dip.internetcds.com
pec-11-73.tnt1.hh2.uunet.de
rocco.ngdc.noaa.gov
rodan.apollotrust.com
router.ddd.de
rtowster.state.lib.la.us
rz111.rz.hs-bremen.de
rzpc23.uni-trier.de
s152.paris-90.cybercable.fr
s4m097.dialup.RWTH-Aachen.DE
s5n81.hfx.andara.com
sass.thecomplex.com
saturn.bt.com
scuttlebutt.linuxcrypt.com
sdn-ar-002florlaP077.dialsprint.net
sdn-ar-002florlaP325.dialsprint.net
server.penfieldsmith.com
servo.msln.net
seven.cvconline.com
sg20.york.ac.uk
shell-sprint.global2000.net
shell.one.net
shell1.ncal.verio.com
shl-host1.shl.ca
siebert.kawo2.RWTH-Aachen.DE
skovarik.engl.iastate.edu
slip166-72-196-67.fl.us.ibm.net
socks1.clearlake.ibm.com
spjork.handeye.com
spmhc.org
staff.feldberg.brandeis.edu
station-132.vm.com
staudir7.cc.univie.ac.at
stgdi3-145-253-074-131.arcor-ip.net
surf0004.sybase.com
surf15-158.hhe.adelphia.net
swift.ukc.ac.uk
swizzle.imergy.com
swtc19.cc.swt.edu
system3.chordant.com
t3o35p3.telia.com
tarsis.ncsa.uiuc.edu
tcp-relay-4.adobe.com
therest.wholefoods.com
thunderclap.g-web.net
ti12a61-0066.dialup.online.no
tigger.splwg.com
times.cmgi.com
tlo40f9.swm.uni-mannheim.de
tnt1-182.toolcity.net
tnt2-28-119.iserv.net
tob0364e.is.rpslmc.edu
tpk-ppp-b63-KMC.networksplus.net
triton.uqtr.uquebec.ca
trustnoone.erols.com
ts03-116.dublin.indigo.ie
twoface.sep.com
tycho.osc.edu
u105-132.rose.net
ultra13.cs.umr.edu
unique.outlook.net
unknown
unknown-225-148.connectix.com
unknown-41-19.wrs.com
unknown.nbrhood.udayton.edu
unspacy.demon.co.uk
user.neteng.com
user2.infinet.com
users.newsregister.com
usi-phl-2.usinteractive.com
usr410-edi.cableinet.co.uk
vernetzt.at
walapai.telematik.informatik.uni-karlsruhe.de
wc153.ccsn.nevada.edu
we-24-130-86-171.we.mediaone.net
website.naples-online.com
wiley240h066.roadrunner.nf.net
wndnsvr02-26.mnsi.net
wnpgas10-p73.mts.net
wo-d-152.agrinet.ch
wo-d-171.agrinet.ch
wo-d-209.agrinet.ch
world-f.std.com
wrench.toolcity.net
www.linux.de
x149.mcis.de
xania.demon.co.uk
xlsa.kwantlen.bc.ca
xmission.xmission.com
zappa.neis.net
zelgadis.mich.com
zen.webmedia.co.nz
ziggy.bitstream.net
zoom11-106.telepath.com

Moderated Down?

[ElJefe]

Why is this moderated down? This person has several valid points. If you're a moderator, please to to bring it back to at least 1...

-ElJefe

what kind of mac is it?

[Numeric]

Is it a nice G3? Or a crappy 603/200mhz like my machine! Egads!

Open the sendmail PORT!!!

PR

[mcc]

a couple of the postings have pointed out that this could turn out to be a kind of an almost-competition between linuxppc and the W2K bug-- if one gets hacked and the other doesn't, that means that that OS is more secure.

Well, if we're going to play it like that, i think linuxppc has already won-- after all, this long after the w2k challenge was posted on /., the slashdot effect had already practically taken the windows2000test box out.

So this would seem to imply that LinuxPPC is, if not more security-friendly than w2k, at least a _lot_ more reliable. Which if you ask me is more important than "security", since total security will never really happen.

Now if only it supported HFS+.. but i guess that really isn't a huge problem if you look at it in perspective. -_-

-mcc-baka
INTELLECTUAL PROPERTY IS THEFT

portscan of crack.linuxppc.org

[Nathaniel]

$ portscan crack.linuxppc.org
Scanning host 169.207.154.108 - TCP ports 1 through 1024
23 (telnet) is running.
80 (www) is running.
111 (sunrpc) is running.

Re:This could turn into "King of the Hill"

[schematic]

I held root on 3 of the games in the happyhacker wargames. I'd really suggest not getting involved though, because it's just a big thing to get people's info to add to the "Hacker information Database" on antionline.com. Yup, that's right, a big list of people involved with hacking that JP shares with the feds.

Anyhoo, tg0d (www.tg0d.org) is going to be hosting something like this of it's own. We aren't gonna keep a log of people's IP's or anything like that. And if you root a box, it's your as long as you can defend it for. Our games aren't up yet, but we have 5 boxes that are schulded to go up soon. So bookmark www.tg0d.org and come back later for more info.

P.S. Yeah, our page sucks.. it's not complete yet, we've been busy.

schematic

The more you learn, the more you realize how little you know.

Someone posted an nmap scan

Someone has posted an nmap scan of it. Go look.

kspett
remove numbers to email.

Knowledge of the penetration

[QuantumG]

We do this stuff every day at Tiger Team Australia and if there is one thing we have learnt is that a target cannot ever be declared secure because tommorrow there will always be another sploit. The best you can hope for is a box that is not easy to crack into. This means keeping up to date with your security. Nothing more.. To fix a machine's security you have to test it. It makes no good to turn all your services off and then say "go on.. hack me", only to turn em all back on the next day. When we are hired to do a penetration test we tell the client not to inform their staff of the attack for precisely these reasons. As for crack.linuxppc.org.. you might as well remove tcp from the kernel (although I do like the chances of burning apache.. but you need a little more information on the web content.. my guess would be that this is a stock standard install which is pretty pointless cause real clients put real web pages on their machines and, more to the point, it's the braindead web designers and graphic artists who put the data on there, screwing up perms and so forth). The environment that you find the machine in is more important than the machine itself. To the leet crackers out there, (none of my crew included.. get back to work) I suggest that you do a location hack (geographic hack, neighbourhood hack.. etc).. traceroute the box, hack the isp, or any other client of that isp, go back up the chain and violate trust.

I know I'd use...

[znu]

An iMac. MS is probably running their test server of some big Xeon iron. I just think it would be funny to show that Apple's little jelly bean computer running Linux makes a better server than a $7000 Xeon box running W2K ;-)

An iBook would be even better, but I don't think anyone outside of Apple has one yet.

You realize...

[J.+FoxGlov]

...that the box you'll be getting will more than likely be a ...

...Macintosh.

J.

Mac or CHrP/PReP?

But what if it's a CHrP/PReP box (highly unlikely though)? ;-)

AFAIK, MacOS 7.x/8.x won't run on standards-based hardware.

Re:Interesting responses so far (NOT!)

I do not think a flashy web page is a sign of professionalism (unless you are a casino, or in the advertising business). So in response to your question, no, professionalism is not negligible. After all, Linux is a product of software professionals, not advertising professionals. Now, if Microsoft intends for their page to be an advertisement for windows 2000, then maybe it is necessary for it to be appealing. However, their invitation seemed to be open to crackers. I seriously doubt a true cracker would be drawn in by a "professional" web page created with MSjavascript. Therefore, the whole thing can be written off as an interactive Microsoft ad. The only problem is that it seems not to have made it into today's issue of the internet...

Re:uh.... real nice ...not anymore

[cookd]

That was actually kindof a worthwhile read. Not in the sense of trying to track down names, but it was nice to see a few of my favorite IP addresses on the list.

SlashdoDoS

[mistabobdobalina]

slashdos effect...i like it.

Odd cgi-bin behaviour

[PhiRatE]

Trying 169.207.154.108...
Connected to crack.linuxppc.org.
Escape character is '^]'.
GET /cgi-bin/cachemgr.cgi?wtf=9 HTTP/1.1
Host: crack.linuxppc.org

Connection closed by foreign host.

Whats the deal there? no perm-denied..no no-such-page. Is this definitely a stock install?

Why the Apple logo?

Rob, you ought to make a generic PowerPC logo!

After all, not every LinuxPPC developer/user owns Apple hardware - a considerable number use BeBoxes, PowerStacks, LongTrail OEM hardware, Amiga, CHRP, PREP, etc.

Certainly associating the entire LinuxPPC community with Apple is hardly fair, if not somewhat embarassing ;-)

Re:someone,

How on Earth could this comment be Funny? It's more like Insightful.

Re:This could turn into "King of the Hill"

[griffjon]

The game, almost exactly as you stated it, takes place at DEFcon--it's called Capture the Flag--to win, you have to root, and to keep, more systems than the other folks.

Re:someone,

[DaKrushr]

It's "funny" because Challenge *IS* spelled correctly in the title!

Reading Music

[eo]

I'm listening to KMFDM while reading these comments about cracking Microshaft vs LinuxPPC. It "owns" you. The best music by which to read comments. :-)

Lets ping this thing to its knees!!

[Entropy_ah]

Ok, everyone run "ping -t crack.linuxppc.org"
and just leave it going.

Re:Lets ping this thing to its knees!!

[dangermouse]

Which would prove what?

Security of default install

[Dan+Kegel]

I think what MS and LinuxPPC are doing is great. For a long time now, the default install of many operating systems- Red Hat 6.0 included - has been very insecure. For instance, I believe you might be able to remotely attach to a default installation's X server and watch users enter passwords!

I'd like Red Hat to try to make their next release be secure by default - no Internet services turned on - and still have X working properly (maybe using Unix domain sockets?).

windows2000test dead again....

[Axe]

It looks like a fiasco... Why in the world
they went for this. With IPv4 nothing is stable, if you fuck with it long and hard enough...

They actually..

[Axe]

..run it on P-II 350 with 128Mb. Or that what
they claimed when the site was up.

But I think it is a T3e running -g version of NT
in emulation mode...

Or, well, I do not think.. Nevermind :)

someone,

please fix the spelling of "challange" in the title...

A very good idea to route back the efforts, indeed

[arieh]

Kudos to the PPC guys.

No better way to detract from the interest that
Microsoft may have generated than to divert back the efforts of the linux community to a more
worthy cause - improving the security of our own systems.

Let's eat our own (dog)food.

Arieh

This could turn into "King of the Hill"

[slothbait]

The comment:

If you get in, please submit a better webpage than this :)

...made me think. Whoever can make it into this box gets to replace the web page with whatever they want...they become owners and get to be "King of the Hill". Plus, if they acquire root access, then they presumably have the power to patch whatever hole they crawled through, making the box that much more secure.

But what could really prove interesting is if someone tried to break in and steal from the stealer...knocking off the old King and resulting in a King of the Hill, and so on...

All the while, people would be stress-testing the system. And people will have an ego-incentive to discover security holes because, if they find a way in, they get to be "King of the Mountain" until someone else finds a new way to crack the box.

Oh what a game this could become!!!
--Lenny

Re:This could turn into "King of the Hill"

[Signal+11]

I'm already working on this with a few of my friends. We will post something if/when we can find a ISP with the guts to try it.

--

Re:This could turn into "King of the Hill"

[dangermouse]

Bah. As soon as he patches it that incentive is gone.

Re:This could turn into "King of the Hill"

[myconid]

This is what many people do when they crack boxes... Fix the holes they came in through.. Although many do malicious things... many fix them :-)
Stan "Myconid" Brinkerhoff

Re:This could turn into "King of the Hill"

[The+Silicon+Sorceror]

Then each king starts leaving backdoors everywhere...

It could be more hide-and-seek than "King of the Hill".

Re:This could turn into "King of the Hill"

[TaoJones]

I love the idea, but I think you'd have a hard time finding anybody to host such a beast. Besides supporting what would probably be a huge amount of traffic - and some pretty funky looking packets, you've also got to consider what kind of collateral damage it could cause. Somebody mentioned that the MS test box has had it's DNS servers taken down already...

Anything remotely "near" the beast would probably take quite a beating too.

Re:This could turn into "King of the Hill"

[malaba]

I like the idea
but the "cracker" will be tempted to
keep his secret about how he did it
at least until he patch it,
to stay king of the hill.

so, no share of information
equal no "upgrade" of security
for opensource community

fun anyways

Re:This could turn into "King of the Hill"

[Lord+Kano]

This is just like the "happy hacker" project. The idea is good, but it's nothing new.

LK

Slashdot == DoS

Could being slashdotted be considered a DoS attack??? :) Poor Microsoft...

Quit moderating things down!

WTF? What is wrong with the post? It does have some valid points.

Re:This could turn into King

[Phil-14]

Well... this is almost like the Happy Hacker wargames, except that it's worthwhile (prizes amounting to more than recognition). That, and it isn't intrisically (sic) flawed because it isn't run by Carolyn Meinel...

What happened? Did she turn you down on a date or something?

Phil Fraering "Humans. Go Fig." - Rita

"Tiger Team Australia"

[Rob+from+RPI]

Pfft. What a bunch of wankers. If you're going to use 's, at least learn how to use them.
I'm actually mildly concerned that people may even contemplate for more than a nanosecond giving you money.
Your web page doesn't even say who you -are-.. That's enough to turn anyone with a clue off.
Comics:
Sluggy.com - It rocks my nads.

Totally Off Topic

Ok, I must warn you that the following is a Totally Off Topic(tm) comment, and that by reading it you subject yourself to 20 lashes with a /. noodle. Here goes:

Nmap appears to be an interesting tool to use. This is good. I flipped over to the URL given in the pasted text, only to find a statement like this: "Windows was intentionally excluded from the table because I don't currently have any intention of porting to NT/95. I suggest an upgrade to one of the many supported operating systems or don't use nmap. Note that Linux, FreeBSD, OpenBSD, and NetBSD are all free for download and run on pretty much any PC (as well as other platforms) so there are few good reasons not to just install one (or all) of them."

My question is this: Will all *nix users PLEASE GET OFF THEIR HIGH HORSE?! Yes, damn it, there are a few technically literate people who use Windows for whatever reason. Mine happens to be the fact that I am a technical support person for my company (we are all of 8 people, serving 350 clients) and my home machine must run Windows so that I can _do_my_job_. It doesn't bother me that people don't write useful tools for Windows anymore. If I want one, I'll crank up MSVC++ and write it myself, but it really chaps my ass to see the utter arrogance that passes off for normal in the *nix community. Yes, I like Linux just as much as many of you do. I have an account on a Linux box so that I can play with this all-mighty OS. And, the day I can actually scrape together enough money to put up a box that will actually DO something (X on a 486 is mind-bendingly slow), I will.

Please, for goodness' sake, lay off the holier-than-thou attitude. This should be in the Advocacy-HOWTO somewhere. It only makes the rest of the world believe you are half-crazed zealots who care nothing about the 85% of us who use a certain OS made by a certain company out of Washington state (US for the international folks), either by choice or by force.

There. That's my rant. Please moderate this down to -1 so that no one has to see my pitiful opinion.

Oh, and by the way, good luck to those attempting to crack this box. I'm still plugging away at it myself, but with such a crippled OS at my disposal, I doubt I'll make it.

Anonymous by Choice, not by Volume.

Re:Totally Off Topic

[zyklone]

NMAP relies very much on beeing able to generate packets with different flags set.
Microsoft decided that it would be much easier to implement a tcp stack without support for many of those annoying flags, and i'm not sure if it is even possible to generate raw packets from NT, it isnt in 95-98 atleast.
And it's generally not fun to port stuff to windows, im sure Fyodor would accept patches to allow a clean compile on NT (good luck).

Perhaps it is the Windows* users who should get of their high horses and start porting things to their OS of choice.

www.windows2000test.com is beat.

[CrAlt]

Someone has crashed it 3 times in a row...now the box is back up but MS turned off port 80(the webserver. So the box has NO open ports now. Real fair.

No Mistake!

[NaCh0]

The linux box is up, the Microsoft one is down.

'nuff said

Its up again (they never learn) and these jerks...

[Axe]

...took out the status page - with the record of all their crashing.. Let's tell this story to everybody.

LinuxPPC kicked win2k's ass

[CrAlt]

www.windows2000test.com has crashed more then 8-10 times today. They turned off port 80. Took down the status page...and guess what...looks like they have a firewall(their webpage states that there is no firewall, guess they lied) too! 207.46.175.250. And it dosnt even run MS software. Guess MS dosnt even trust their own software. But, It seems that there are other boxes on that same subnet. Some with open FTP,SMTP,IMAP,pop3 and HTTP. They also could be behind the firewall though.

Newbie Question (slightly offtopic)

What is buffered or shared memory?

buffer overflows and script kiddies

[nickm]

Unfortunately, the box is partly relying on the fact that all the script kiddies have buffer overflows that were written for Intel Linux. This is one of the arguments I've always had for staying away from a Unix variant that only runs on one platform--homogeneity in systems hardware and software was what made the Internet worm possible.

When I set up my first Alpha box, I knew nothing about security, but the script kiddies kept failing on account of their buffer overflows just crashing and core-dumping. It bought me some time to get a clue, at least.
--
I noticed

Re:buffer overflows and script kiddies

I have a vague remembrance from someone that Alphas running Digital Unix were more or less impervious to most types of buffer overruns as a source of root exploits; the data pages (where a buffer overrun would occur) are marked as nonexecutable, so that if an overrun occurs, the program (and hopefully not the system, unless the overrun is in the kernel) crashes, but can't be made to run arbritary code. Anyone know if there's any truth to this, and if LinuxPPC has the same feature?

slashdot DoS

[fdicostanzo]

isn't just posting this stuff on slashdot a DoS attack? :)

MS site is down

[RelliK]

Has anyone been able to connect to the MS's test site??? I have yet to see it work. Yesterday it was first timing out, then stopped resolving at all. Today it resolves again, but still times out. (I was merely trying to view the web page in Netscape).
Is it dead? Has it been alive at all?

Re:MS site is down

[pmmay]

They have a status page up. This is only from yesterday's activities:

8/3/99 Events
3:22pm - Network connections down due to router failure, possibly related to thunderstorms and power failures in the area

2:59pm - Network connections intermittently up

12:40pm - Network connections down due to router failure

11:02am - Services restarted

10:47am - Some services failed after reboot

10:45am - Reboot because the System log was full

10:30am - Network connections down due to router failure

Re:MS site is down

[Mad+Browser]

Win2k requires a reboot when the System Log fills up?? That's fucking ridiculous.

port 80 fun...

[Mister+G]

I was fiddling around with my telnet client and my reely cool hax0r skillz... big_prompt_of_fun>telnet crack.linuxppc.org 80 Trying 169.207.154.108... Connected to crack.linuxppc.org. Escape character is '^]'. HEAD / XML/1.0 HTTP/1.1 200 OK Date: Thu, 05 Aug 1999 03:50:55 GMT Server: Apache/1.3.6 (Unix) (Red Hat/Linux) Connection: close Content-Type: text/html Using the good 'ol GET method, I got the html for the index page... same seal works if I ask for HEAD / SGML/1.0 prolly doesn't do anything... am I still 3l337 enough? :) -Mister G

rpcbind? what rpcbind?

telnet crack.linuxppc.org 111

Sit on the 'a' key for total of several thousand 'a's

The connection then died and now telneting to port 111 doesn't respond. Yea!

I claim the death of rpcbind around 12:30 EDT Aug 5

Re:Its up again (they never learn) and these jerks

[znu]

The status page and the server are back up now. Here's the rundown for today:
---
Status

Current Status: UP

8/4/99 Events

6:58pm - IIS stopped sending pages. Restarted service.

6:00pm - Morning crash dump due to known bug

4:40pm - Machine back up, network down due to recabling

9:42am - Crash dump - still investigating causes
---

Seig Heil!

KMFDM are nazis. Thought I'd save you by letting you know.

It's down...

[BedPanDan]

The LinuxPPC server is down, just thought I'd let you all know that. Also, the windows NT 5 (2000) site is back up, so apparently the contest is not over. Just thought I'd let you all know...

What's next?

[BuBu_]

Whats going to come up next? SGI will probably start to say "Come! Hack this Cray T3E 1200 and win it". Are we going to start seeing more kids running around with cray's next? =)

Hey, No Fair!

[Kerg]

This guy is stealing all of Microsoft's thunder (pun intended). And giving out prizes too.

That is so unethical! :)