New server based wargame starting february 26!

Questions? Stuck? post here....
Post Reply
User avatar
Nerdz
The Architect
The Architect
Posts: 1127
Joined: 15 Jun 2005, 16:00
18
Location: #db_error in: select usr.location from sucko_member where usr.id=63;
Contact:
Contact Nerdz

Post by Nerdz »

Thanks bad_brain for all this info and play time:)

What I did:

First, I've scan the ip from a website... which wasn't really revelant. Then, I've scanned it from my home computer. There was a lot of open port...

I started banner grabbin each pottential ports... Using PuTTY in RAW mode to see everything and checking the: Never close. blox.

I've googled all the version of the banner I got... 2.0.54 was "up to date" damn sarge... :wink:

Then I've start searching in the log file... I've saw some login attempt under badbrain that succeed... So I tried it.

I first try some usual password like root, god, etc... and then suck-o... Damn didn't work... I tried sucko and Voilà!

Once I got inside, I compiled some exploit but none of them worked. So I left a folder NerdzWasHere and I cleared the history.

EDITED:
forgot to talk about the web...
I first went to website and tried some directory transversal... ../etc/passwed... etc...

They I tried to access all folder I could see like the log one. And then switch to scan the box with nmap.
Last edited by Nerdz on 14 Mar 2008, 11:18, edited 1 time in total.
Give a man a fish, you feed him for one day.
Learn a man to fish, you feed him for life.
Top
User avatar
CommonStray
Forum Assassin
Forum Assassin
Posts: 1215
Joined: 20 Aug 2005, 16:00
18

Post by CommonStray »

i used a logic bomb
Top
User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
18
Location: Michigan USA
Contact:
Contact DNR

anal leakage

Post by DNR »

I am sorry I didn't make it, I only had two hours every morning before work, and had so many other projects going (still undone too!)
when you have a file available on a server it is a good practice to check what is in that directory BESIDE the file, so when checking http://88.80.197.29/apache2-default/logs/ a full phpinfo(); page was found.
Yea that was me, and I knew I had my answers in that page. Just never researched it.

Thats the key point to finding leakage - When ever a URL takes you to a a file in a directory, try to traverse the directory(ies) back from that file. This can lead to files unintended for you, and even access to other directories.

Glad I could steal something anyways :lol:

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Top
User avatar
Lyecdevf
cyber Idi Amin
cyber Idi Amin
Posts: 1222
Joined: 16 Mar 2006, 17:00
18
Location: In between life and death.
Contact:
Contact Lyecdevf

Post by Lyecdevf »

Well it was good old fun! Thanks for this opportunity!
We will either find a way, or make one.
- Hannibal
Top
User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
19
Location: In your eye floaters.
Contact:
Contact bad_brain

Post by bad_brain »

alrighty, here are the browsable IDS logs:
http://www.suck-o.com/wargame_logs/
if you don't show up there: well done! 8)
Top
G-Brain
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 467
Joined: 08 Nov 2007, 17:00
16
Location: NL

Post by G-Brain »

I didn't have the time. I portscanned and noticed the phpinfo() and the successful badbrain login attempt as well. I didn't bother guessing passwords and had to get back to work before I got around to checking for vulnerable software in the phpinfo().

Maybe next time :)
Top
pseudo_opcode
cyber messiah
cyber messiah
Posts: 1201
Joined: 30 Apr 2006, 16:00
17
Location: 127.0.0.1

Post by pseudo_opcode »

damn, i missed the party :(
Top
Post Reply

Return to “Wargames/Challenges”