Thanks bad_brain for all this info and play time:)
What I did:
First, I've scan the ip from a website... which wasn't really revelant. Then, I've scanned it from my home computer. There was a lot of open port...
I started banner grabbin each pottential ports... Using PuTTY in RAW mode to see everything and checking the: Never close. blox.
I've googled all the version of the banner I got... 2.0.54 was "up to date" damn sarge...
Then I've start searching in the log file... I've saw some login attempt under badbrain that succeed... So I tried it.
I first try some usual password like root, god, etc... and then suck-o... Damn didn't work... I tried sucko and Voilà!
Once I got inside, I compiled some exploit but none of them worked. So I left a folder NerdzWasHere and I cleared the history.
EDITED:
forgot to talk about the web...
I first went to website and tried some directory transversal... ../etc/passwed... etc...
They I tried to access all folder I could see like the log one. And then switch to scan the box with nmap.
New server based wargame starting february 26!
- Nerdz
- The Architect
- Posts: 1127
- Joined: 15 Jun 2005, 16:00
- 18
- Location: #db_error in: select usr.location from sucko_member where usr.id=63;
- Contact:
Last edited by Nerdz on 14 Mar 2008, 11:18, edited 1 time in total.
Give a man a fish, you feed him for one day.
Learn a man to fish, you feed him for life.
Learn a man to fish, you feed him for life.
anal leakage
I am sorry I didn't make it, I only had two hours every morning before work, and had so many other projects going (still undone too!)
Thats the key point to finding leakage - When ever a URL takes you to a a file in a directory, try to traverse the directory(ies) back from that file. This can lead to files unintended for you, and even access to other directories.
Glad I could steal something anyways
DNR
Yea that was me, and I knew I had my answers in that page. Just never researched it.when you have a file available on a server it is a good practice to check what is in that directory BESIDE the file, so when checking http://88.80.197.29/apache2-default/logs/ a full phpinfo(); page was found.
Thats the key point to finding leakage - When ever a URL takes you to a a file in a directory, try to traverse the directory(ies) back from that file. This can lead to files unintended for you, and even access to other directories.
Glad I could steal something anyways
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
alrighty, here are the browsable IDS logs:
http://www.suck-o.com/wargame_logs/
if you don't show up there: well done!
http://www.suck-o.com/wargame_logs/
if you don't show up there: well done!
-
- cyber messiah
- Posts: 1201
- Joined: 30 Apr 2006, 16:00
- 17
- Location: 127.0.0.1