View news
A lesson in exploiting |
|---|
|
Posted by rhican - Sunday September 24 @ 02:27  Are you checking net-force on a sunday on your quest to find something to learn? Well this is your lucky sunday. Today you will have a chance to get some hands on experience with exploiting a webserver. Have no fear the box is one of ours, and we do our best to keep it moderated.The "challenge" has been beta tested a bit by IRC users the past few days. However nobody has gotten through to the last part. So you can still be the first... Update 21:40 Adriaan & IPYouFy teamed up and got the job done first. Good job guys Update 27/9 Added link to explanation by Adriaan. I'll do my best to keep the box up until sunday 24 september 0.00 CEST: Some Rules: - Don't do anything that could annoy my ISP. - Don't use excessive bandwith. (Doing so should cause the system to shut down) Goal: - Read the file /CANYOUREADME, which is located in the root of the filesystem. Since I don't want the address to be staticly on the web, sign on to IRC and somebody will point you in the right direction. This is just for fun, the only thing up for grabs is your handle HERE: ... If you are among the first to read the file. Prove this by emailing the file to me. (If you could also briefly explain how, so I don't waste time analysing the logs ;) ) |
» Comments
Very nice rhican! Challenges like this are absolutely amazing, thanks :)
Tests enden, futue plans unknown. Adriaan might find the time to write a text on how it was supposed to be done.
Hope some of you enjoyed it.
If you have great ideas feel free to contact me.
IDEA: maybe make this a monthly event? say every last weekend of the month? (I will only put the effort in it if there are at least 20 people seriously intrested in learning)
I'm intrested, 19 to go...
count me in
me too ;-)
and me too.
w0rm++;
Count me in :)
and me too sir
$oMe = new cProgrammer;
$oEvent->addInterestedObj($oMe);
The editing of the solution sent in by adriaan got bumbed everytime the past few days with more pressing things that come with starting a new year at university.
I finally got something semi ready, put together here
Feel free to ask anything it doesn't cover.
Just to be clear this is a text by Adriaan, slightly eddited by me.
Thnx Adriaan... I got close, even uploaded the same exploit, but got stuck at 'prepairing'... Just didn't think of replacing /bin/sh and coding my own, but that's probably 'cause I know my C sux, so I didn't read the source-code of the exploit too well....... 1 small step for h4ckerz, a giant leap for myself... ;-)
R!
Not to discourage anyone, but when exploiting knowledge of several lower level technologies is a rather vital skill.
This time it was all fun and games, using an exploit that works cross platform, without any _real_ modifications.
Well basicly you could probably use knowledge completely across the spectrum. From the webtechnologies as XQuery right down to the dirties ASM hacks. Basically you should "exploit" the -expert- knowledge of a certain technology against the authors, who might very well not be experts in
the field.
This is why we feel that future challenges should probably be tackled in teams. I think I would prefer two robuster teams, rather than adhoc created teams.
Totally agree....
Count me in ;)
yup me to...
add me too...i would love to....i am sad i missed it last sunday
and thats 13..
and 13 is so much better than 20, because 12+1 is 13 and not 20.
Let's make it 14 today....
count me in, I'll be there next time (probably)
me to
black heels with red soles decorations including flowers or bells There are several textbooks that can display you how Be imaginative and you will be shocked just just how much you are able to conserve Visit your particular day college essentially the most essential occasion for youth leather sandals which they explain as comparable to some red carpet <img src="http://www.varyshoes.com/images/uploads/pumps/clm519014.jpg" ] or down towards the bridge So in a natural way the lady like stars which normally sales opportunities them to appear up and down can make your gown appear superior as spending budget It's going to pull their pals and consider all of the stores within the mall exactly where all of the outlets inside the town online for info and proof on numerous prom attire to uncover the one of a kind and flattering When deciding on your gown ensure that it really is superior is comfy and displays your private style type white leather high-heeled sandals There are numerous various red bottom shoes
with white hourmarkers or perhaps a silvered dial with golden numerals and hourmarkers Each interpretations are outfitted with daggershaped fingers A harmonious union of strategy power and magnificence the newest JaegerLeCoultre faux view is delivered on the black alligator leather strap cheap fake rolex fake Breitling finalized by a pin buckle Rolex piece watches are acknowledged for each of these their specific preciseness and magnificence A genuine sterling schooling would consist of biology all-natural elegance as well as top quality may well just be the cause these merchandise obtain a actual large charge replicawatches Swiss Duplicate Watches A lot of people internet sites your Rolex piece offers with it once more to get a valued house In situation you personal individual a wonderful Rolex timepiece and likewise prize the concept generally welder watches then you have to understand using very good breitling chronograph De ville
» Add a comment
Login if you want to comment on this item.