Wargame (started Dec 15th)

Questions? Stuck? post here....
Post Reply
User avatar
Still_Learning
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 1040
Joined: 11 Jun 2008, 16:00
15
Location: Trigger City

Wargame (started Dec 15th)

Post by Still_Learning »

anyone want to trade info , or help each other root this thing real quick?


just shoot me a PM or we can post general clues and help in this thread
Gone

User avatar
Gogeta70
^_^
^_^
Posts: 3275
Joined: 25 Jun 2005, 16:00
18

Post by Gogeta70 »

I'm not sure, but i believe this is more of an individual activity. However, ask bad_brain before going through with this.
¯\_(ツ)_/¯ It works on my machine...

User avatar
Still_Learning
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 1040
Joined: 11 Jun 2008, 16:00
15
Location: Trigger City

Post by Still_Learning »

ahh ok I see..

what happened to suck-o family? thought we were suppose to work as a team :lol: its all good man, i will try to do it myself without collaberating with others if that is what the man wants


what exactly are the rules again? I know no DDoS attacks, but how about brute forceing? i dunno ive been working on it for like the past hour or 2 need a break

btw; got my nmap working! hooray! i see 3 possible entrys, but think it could be something along the line of a vuln in phpnuke
Gone

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
18
Location: Michigan USA
Contact:

Post by DNR »

listen, all you have to do is get priviledges to the server to post a message. Its in the code or it can be in the cookie..

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

User avatar
Still_Learning
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 1040
Joined: 11 Jun 2008, 16:00
15
Location: Trigger City

Post by Still_Learning »

ok, so all i have to do is post a msg? I thought it was more like a root the box type thing

like getting admin access, maybe i am over thinking it? i guess there are several ways to accomplish it, but if i just need to post a msg then that will make it alot easier (i think), thanks
Gone

User avatar
Big-E
Administrator
Administrator
Posts: 1332
Joined: 16 May 2007, 16:00
16
Location: IN UR ____ , ____ING UR _____ .
Contact:

Post by Big-E »

DNR wrote:listen, all you have to do is get priviledges to the server to post a message. Its in the code or it can be in the cookie..

DNR
I believe we're suppose to attain the root user account on the system, hence forth "root the box" competition - it says nothing about gaining privilidges to post a message within the suck-o forum (if that is what you mean). I think he wants you to create a file with the root account, perhaps? BB mentioned that he will use the file time stamp to check who gains entry first.

At least, that is what I derive - as far as collaboration, I don't see anything wrong with it based on the rules mentioned by bb, collaboration is indeed a tactic when hacking a system, two minds are better than one, three better than two, so as long as they are utilized correctly! On the contrary, you can disregard what i just said, if I am incorrect, bb can clarify, I am sure.

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
18
Location: In your eye floaters.
Contact:

Post by bad_brain »

well, the biggest hack would of course be root access, but also other ways of compromising are possible.

and it's ok to ask others for help or post what you have found out so far, the main intention is to learn and to work together if needed... :wink:

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
18
Location: Michigan USA
Contact:

Post by DNR »

@big-e when you change the index page of the wargame server - that is admin priv buddy. :wink:

You do what you got to do, I'll do it my way
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

User avatar
Still_Learning
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 1040
Joined: 11 Jun 2008, 16:00
15
Location: Trigger City

Post by Still_Learning »

question.. do you have to have root access to get the database file? or what are some methods to download the DB without knowing the admin pw?
Gone

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
18
Location: In your eye floaters.
Contact:

Post by bad_brain »

depends. when you have root access on the server and want to dump the databases so you can download them in a file you will most likely need the mysql password too.
if it's just one database you don't necessarily need root access or the mysql password....here's a little hint: think about how databases are often managed by end-users.

getting access to the site or database doesn't mean rooting the box, but it could be a first step....which doesn't mean that there are maybe also other ways.

User avatar
Producted
On the way to fame!
On the way to fame!
Posts: 26
Joined: 13 Oct 2008, 16:00
15
Contact:

Post by Producted »

Any idea why the actual URL gives a 404? (The URL of the wargame)

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
18
Location: In your eye floaters.
Contact:

Post by bad_brain »

the wargame has ended, MariaLara rooted the box and the server is not ours anymore because it was only rented for 1 month....so DON'T attack in anymore!
there will be a new root-the-box wargame soon, of course it will be announced on the boards and on the startpage...you can also check the wargame indicator box on the startpage to easily see if a wargame is active at the moment... :wink:

Post Reply