Dec. 15: new wargame started!
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
Dec. 15: new wargame started!
the rules
- no DDoS
- no abuse of the server for malicious activity when it got rooted
is there something to win?
experience....well, ok, the first one can chose from an article in the suck-o merchandising shop once it is up... the intention of this wargame is that you work together in case you get stuck, and not to create a climate of competitiveness.
how do I prove that I have done it?
simply leave a file on the server with a notice, the time-stamp counts in case 2 people will do it on the same day.
how long will the wargame last?
about 4 weeks, when the server was rooted the wargame will not stop, either the whole server will be reinstalled or the one that rooted it simply don't tell the other how he did it (depends on WHO will root the box, for a well-known trusted member option #2 applies).
will logs be published again?
yes. BUT this time I am not able to run an IDS (too less RAM ), I will have to analyze the normal system logs. so this will also be a challenge for me, I will publish suspicious log entries once a week.
oook, where to hell is the server?
http://www.suck-o-licious.org
happy hacking!
- no DDoS
- no abuse of the server for malicious activity when it got rooted
is there something to win?
experience....well, ok, the first one can chose from an article in the suck-o merchandising shop once it is up... the intention of this wargame is that you work together in case you get stuck, and not to create a climate of competitiveness.
how do I prove that I have done it?
simply leave a file on the server with a notice, the time-stamp counts in case 2 people will do it on the same day.
how long will the wargame last?
about 4 weeks, when the server was rooted the wargame will not stop, either the whole server will be reinstalled or the one that rooted it simply don't tell the other how he did it (depends on WHO will root the box, for a well-known trusted member option #2 applies).
will logs be published again?
yes. BUT this time I am not able to run an IDS (too less RAM ), I will have to analyze the normal system logs. so this will also be a challenge for me, I will publish suspicious log entries once a week.
oook, where to hell is the server?
http://www.suck-o-licious.org
happy hacking!
It is safe because you are messing with a server, not a network. While the server has holes in it, its IDS does not. You can start with just viewing the source of the webpage's code - which you can do on any website.
The next step would be exploiting the weaknesses you find in a harmless way-just post a short simple message on the server - it does not have to include your name. You'll then contact B_B and tell him the message you left. No profanity, no promotion, just a test of skills.
It is advised not to share in public your method of hacking the wargame until the game is over. When the game is over you will be invited to write a short tutorial on what you did, and the winner gets a prize!
DNR
The next step would be exploiting the weaknesses you find in a harmless way-just post a short simple message on the server - it does not have to include your name. You'll then contact B_B and tell him the message you left. No profanity, no promotion, just a test of skills.
It is advised not to share in public your method of hacking the wargame until the game is over. When the game is over you will be invited to write a short tutorial on what you did, and the winner gets a prize!
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- Still_Learning
- Fame ! Where are the chicks?!
- Posts: 1040
- Joined: 11 Jun 2008, 16:00
- 15
- Location: Trigger City
- Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
You could if you know of some exploit that would allow you to elevate your privelages but you do not have to. Maybe as a user you would have access to certain features like adding an avatar and you could upload some thing there!Still_Learning wrote:So i need to sign up for a new account to do this im guessing?
We will either find a way, or make one.
- Hannibal
- Hannibal
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
first logfiles available:
http://wwww.suck-o-licious.org/logs18122008.tar.gz
as I said, no IDS logs this time, but even the regular logs give enough info about intruding attempts....this is what an admin sees when his server has no IDS, and believe me, many servers have no IDS running...
I recommend Notepad++ to check the logfiles on MS systems:
http://notepad-plus.sourceforge.net/uk/site.htm
http://wwww.suck-o-licious.org/logs18122008.tar.gz
as I said, no IDS logs this time, but even the regular logs give enough info about intruding attempts....this is what an admin sees when his server has no IDS, and believe me, many servers have no IDS running...
I recommend Notepad++ to check the logfiles on MS systems:
http://notepad-plus.sourceforge.net/uk/site.htm
tybad_brain wrote:first logfiles available:
http://wwww.suck-o-licious.org/logs18122008.tar.gz
The only true wisdom is in knowing you know nothing.
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
new logs:
http://www.suck-o-licious.org/logs22122008.zip
and 2 hints:
one key to the site is mysql and the way it is administrated
the direct key to the server will never welcome you with a handshake
http://www.suck-o-licious.org/logs22122008.zip
and 2 hints:
one key to the site is mysql and the way it is administrated
the direct key to the server will never welcome you with a handshake