Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Security practice (contest)

  • 18-06-2008 4:36am
    #1
    Closed Accounts Posts: 891 ✭✭✭


    Operating system : Windows 2000 no service pack.
    Connection : 7.6Mb/672k
    Goal : Name on webserver.
    Difficulty: Easy


    Every second week I will change the goal and or difficulty.
    If there's enough interest the start date will be 2 weeks from today.

    I tried this about 10 or 11 years ago on a well known security site and it was great fun.

    Thoughts, suggestions etc...


«1345

Comments

  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    this sounds good conceited..i wouldn't be able to take part in it though.

    that looks too easy for some.. unless you plan on hardening the system?

    i can see loads of people just using Metasploit which is basically point/click action.
    in fact, they could probably just use a browser depending on the web server.

    but its still great idea.
    is it a server or professional edition?


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    there is some live cd's that do a similar concept like DE-ICE

    Could be fun.

    Win 2k without any SP's might be too easy is right.


  • Closed Accounts Posts: 891 ✭✭✭conceited


    Some good suggestions lads especially the DE-ICE distro's there amazing .
    The first box is pro edition and it won't have any hardening done to it whatsoever just a default install with the webserver.

    I understand what you saying about the ease at which people will be able to it and thats grand as I plan on increasing the difficulty for the next one I put up eventually using custom programs and scenarios to figure out etc.

    Operating systems that will be used ,
    AmigaOS, Windows, Bsd's, Minix, Linux distros, and some hobby Operating systems.


  • Registered Users, Registered Users 2 Posts: 1,726 ✭✭✭gerryk


    cool... sounds like fun


  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    what hobby os?


  • Advertisement
  • Closed Accounts Posts: 891 ✭✭✭conceited


    Edited as the other operating systems where not ready for this plus there programmed in 100% assembly language.These 2 look very promising.
    • MenuetOS (extremely compact OS with GUI, written entirely in FASM assembly language)
    • Syllable (a modern, independently originated OS; see AtheOS)


  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    ok, sorry for all the questions, conceited.
    but in regards to the hobby O/S - will these be running in a virtual environment like QEMU?

    will they be 32 or 64 bit versions? and will they be latest releases?
    what utilities and/or services will be running? and would you be allowing anonymous access to some of the services?

    i'm sure you'll have all the details on the date, but since seeing what hobby o/s you'll be running, i'm interested in seeing what could be done there with regards to writing exploits.


  • Registered Users, Registered Users 2 Posts: 16,930 ✭✭✭✭challengemaster


    this sounds good conceited..i wouldn't be able to take part in it though.

    that looks too easy for some.. unless you plan on hardening the system?

    i can see loads of people just using Metasploit which is basically point/click action.
    in fact, they could probably just use a browser depending on the web server.

    but its still great idea.
    is it a server or professional edition?

    backtrack3.. need i say more?


  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    backtrack3.. need i say more?

    no :) but i'm not sure if this would work against the Hobby O/S's which makes it more interesting.


  • Registered Users, Registered Users 2 Posts: 1,726 ✭✭✭gerryk


    no :) but i'm not sure if this would work against the Hobby O/S's which makes it more interesting.

    But since the hobby OS will be on the internet, one has to assume it has some sort of TCP/IP stack. No doubt susceptible to the usual buffer overrun type exploits.

    But yeah, metasploit isn't going to help much here.


  • Advertisement
  • Closed Accounts Posts: 891 ✭✭✭conceited


    will these be running in a virtual environment like QEMU?
    No
    will they be 32 or 64 bit versions? and will they be latest releases?
    32 most likely and not latest but stable.
    what utilities and/or services will be running?
    Whatever i find programing errors in.
    would you be allowing anonymous access to some of the services?
    More than likely.

    Well the beauty of it is the operating systems will all have source code available for the most part.I won't be hosting any hobby operating systems for a while.
    No doubt susceptible to the usual buffer overrun type exploits.
    These guys that program said operating systems don't make a habit of making mistakes.They're meticulous programmers.But I hope to find 1 or 2 :) please god.

    Feel free to use your favourite tools scripts operating systems backtrack metasploit nmap ethereal ....I'm sure it's going to be fun.


  • Closed Accounts Posts: 4 DexIsI


    Hi all,
    Nice compo idea, I was looking forward to having a go at this, but you remove the one i would of gone for, from the list of hobby OS.
    But my name is already on the server, as i coded it :D (along with a team).
    Good luck.
    DexIsI.


  • Closed Accounts Posts: 891 ✭✭✭conceited


    Thanks glad you like it.
    What forum are you from megatokyo osdev?
    I had to take it out as it was a waste of time trying to find exploits in fasm code.


  • Closed Accounts Posts: 4 DexIsI


    Thats OK and yes i am a member of the OSDev forum, user name Dex.
    And if the Fasm forum can be hacked (as it just has), is anything safe ?.
    I would try buffer overflow on these OS.


  • Closed Accounts Posts: 891 ✭✭✭conceited


    That software fasm are using to host the forum is well known for being dodgy.
    Well I was looking into drivers for my network card and about your tcp/ip stack and it seemd like alot of hassle so i said i'd move onto a more mature operating system.
    I'm a member of that forum aswell lovely site.
    About bufferoverflows have you any dodgy c functions?


  • Closed Accounts Posts: 4 DexIsI


    Basically you need a RTL8139 ethernet card to use DexOS server (note: it users the same basic tcp/ip stack, as menuetos) .

    Now theres no C code in DexOS, just like theres no C code in MenuetOS.
    If you want, i may host a DexOS Server for the compo and see if anyone can change the index.htm.


  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    will MenuetOS be in this compo? its written using FASM last time i checked.
    not tryin to be awkward.but its not really clear to me - sorry.


  • Closed Accounts Posts: 891 ✭✭✭conceited


    Thats an excellent idea if you host it i would love to give it ago aswell :)
    Hasn't menuetos got it's own libc? I was using Syllable server yesterday after work so i'll stick with this for awhile as it seems to work smoothly with my hardware.

    Yes MenuetOS will be used as far as i know since they have c apps ported to it right?

    And I will try get a hold of an RTL8139 chipset card .


  • Closed Accounts Posts: 4 DexIsI


    OK, once you have done some tries on your hobby OS in your list, i will host my OS for a test, as it will be a test for any vulnerabilities in my OS.

    As for MenuetOS there was a C libs, but the 32bit ver (theres a closed source 64bit ver) is not real kept up dated any more, your best go for KolibriOS which is a fork of menuet and is well up to date with C libs etc.

    Give me about a weeks notest, when you want the DexOS server up, to test.


  • Closed Accounts Posts: 891 ✭✭✭conceited


    Just an update i will have the operating system up tomorrow night at 10pm.

    Thanks Dex I'll let you know.


  • Advertisement
  • Closed Accounts Posts: 891 ✭✭✭conceited


    any interest in tonight ? :eek:if not i won't bother.


  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    put the system up and see what happens :) i'm sure it will get hits.


  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    its a no go then? oh well..
    there was a 2600 meeting today in belfast + dublin, i guess they all went to the pub and got hammered.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    any update on this ?


  • Closed Accounts Posts: 1,567 ✭✭✭Martyr


    there was definitely interest in it, not just from myself or Damo2k, but some wouldn't want to say so, conceited.
    had the server gone up, it would have got plenty of people trying to break in.


  • Registered Users, Registered Users 2 Posts: 1,726 ✭✭✭gerryk


    So is this _not_ happening now?


  • Closed Accounts Posts: 891 ✭✭✭conceited


    9_pm_tonight();
    You will have to figure everything out yourself I'm not telling yee anything lads.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    i might be on the lock at that time :-)


  • Closed Accounts Posts: 891 ✭✭✭conceited


    typical irish.:rolleyes:


  • Advertisement
  • Closed Accounts Posts: 891 ✭✭✭conceited


    DSC00952.jpg
    fire away girls

    Only rules are put your name on the webserver provided.
    Please don't mess the operating system.(except root it)
    I don't want it rebooting etc....., because you don't know what your doing.
    Goodluck.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    found some things, but server is down now?


  • Closed Accounts Posts: 891 ✭✭✭conceited


    Ok it's been up a few hours now and nobody was able to do anything.
    There was plenty of port scanning and such but nothing came of it.
    I'll make it easier if you want? But to be honest, this was fairly easy.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    im able to execute commands on the server, i know of the weakness in the system


    Directory of c:\

    07/05/2008 08:35p <DIR> Inetpub
    07/05/2008 11:11p <DIR> WINNT
    07/05/2008 08:22p <DIR> Program Files
    07/05/2008 08:47p <DIR> WEB_ROOT
    07/05/2008 08:27p <DIR> Documents and Settings
    07/05/2008 09:39p 5,255,168 lol.txt
    1 File(s) 5,255,168 bytes
    5 Dir(s) 1,315,172,352 bytes free


  • Closed Accounts Posts: 891 ✭✭✭conceited


    I got a few dr watsons alright was looking through the logs :pac: haha
    Ah i see you must be using the ././././.././././././././.
    ?
    Any idea of os etc and network?


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    i didnt use that, i did a quick sniff with nessus.


  • Advertisement
  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    i was hoping to compile src and get a reverse shell as 8080 seems to be the only port going through your router, opening a local port seemed pointless.


  • Closed Accounts Posts: 891 ✭✭✭conceited


    Ya i seen a few attemps with that.
    I have other machines on the network so i didn't wanted to bridge it ,but your scans are allowed through.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    welll os is win2k


  • Closed Accounts Posts: 891 ✭✭✭conceited


    Thats right.
    Any idea of sp ?


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    I dont recall seeing any SP but i should have checked the splash of cmd.exe


  • Advertisement
  • Closed Accounts Posts: 891 ✭✭✭conceited


    Well if you like i can put her back up?


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    is there many people at it?


  • Closed Accounts Posts: 891 ✭✭✭conceited


    I'd say you changed ip 2 times and i seen 2 others thats about it so 3 or 4.
    You gathered the most info without a doubt.


  • Registered Users, Registered Users 2 Posts: 469 ✭✭knuth


    Down :|


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    my ip shouldnt have changed so i guess there is more at it


  • Registered Users, Registered Users 2 Posts: 469 ✭✭knuth


    8080 is closed, vnc is open. Desktop / http.


  • Closed Accounts Posts: 891 ✭✭✭conceited


    The scans looked similar ,guess you were using the same tools.


  • Closed Accounts Posts: 891 ✭✭✭conceited


    lordlame are yo drunk sir? :D


  • Registered Users, Registered Users 2 Posts: 469 ✭✭knuth


    yup :)


  • Registered Users, Registered Users 2 Posts: 469 ✭✭knuth


    HAH, scanned 84 instead of 86. Damnit!


  • Advertisement
Advertisement