Category: Internet Stuff

Hackit Contest

Ryanbuha, contest, grsecurity, hackit, hardening, linux, Server

Ok, the contest is ready. I’ll start off with the information everybody has been waiting for:

IP: 80.190.250.213

There is a webserver running with a brief description of the target and rules of the contest http://80.190.250.213/ The webserver is actually part of the contest since people are supposed to deface this page. To make it a bit more interresting, the ssh sessions are recorded with script and saved here for everyone to see (e.g. “less -r filename”).

Rules and Target of the contest:
As stated above, deface this page. To achieve this goal, everything is allowed. Do what you need/want to achieve the goal.
Unfortunatly we will still need a short list of actions that are not allowed:

  • (D)DoS against this box, or via this box against other hosts are
    of course not allowed
  • Brute Force attacks against accounts are not prohibited … but trust me, you really don’t want to waste your time with that
  • Be nice, don’t try to make the accounts or box unusable for others
  • If you are doing something that isn’t aimed at solving the contest, than it probably isn’t allowed

A few details to the box and the system:

  • It is a vmware box (so I can reset it and/or access the console without any problems)
  • Linux debian testing is installed
  • some basic hardening done with normal linux tools and grsecurity
  • Don’t worry, I left enough room for you all to poke around, I didn’t make it “too secure to have fun”
  • This time no holes were intentionally added to the system. On the other hand there will also be no updates of software packages or changes to the RBAC system, no matter what security flaws arise (or I may have overseen)
  • On a scale of 1 to 10: I’d say the security is around 7

Have fun 😉

btw. I’m also posting this in the buha forums for anyone who prefers a German description.

HackIt server nearly ready

Ryangrsecurity, hackit, linux, Server

I spent the last few days fine tuning the HackIt server I mentioned last week. After lots of thought on how I was going to punch holes into the security, I decided on a different approach. Since in the past contests I always found it fustrating to see people with high skills trying out stuff I would never have dreamed of, and in the end to get beaten by people who by sheer luck tried out the right thing at the right time … I decided to minimize the “luck” factor of the contest by not putting any holes in the server on purpose.

What I am going to do is not update any of the packages any more from now on. I’m doing an update right now as I post this, and from here on no more updates. There will also be no updates or changes to the RBAC system. The only changes I will be making to the box from now on, are if it breaks and needs to be fixed.
-> The box will be shamelessly neglected, waiting to be owned.

If nothing strange pops up tonight, I will be posting information about the contest tomorrow in the buha forum, here and a few other places …

Google Chrome Browser … buggy ;-)

Ryan3 Comments on Google Chrome Browser … buggy ;-)browser, chrome, google, poc

That was fast,
first bugs are being found in the Google Chrome Browser that was released yesterday. This one here crashes the browser if it tries to access a specially crafted url (undefined handler followed by certain character). PoC and details can be found at
http://evilfingers.com/advisory/google_chrome_poc.php

Since it “only” crashes the browser, the only use that comes to mind would be to use it to filter out google browser users from websites by crashing them.

Mythbusters at NVISION 2008

RyanMythbusters

I just saw this funny video. The Mythbusters go and compare how a CPU and how a GPU draw things. Considering it’s the Mythbusters, it’s not really surprising that they use robots and paintball to demonstrate. Here ist the video
httpv://www.youtube.com/watch?v=fKK933KK6Gg

The second part in high resolution:
httpvh://www.youtube.com/watch?v=FllMX9dFmWg

Hartknäckige Scriptkiddies

Ryan1 Comment on Hartknäckige Scriptkiddiesbrute force, Hacking, linux, Script Kiddie, ssh

Seit gestern Abend versucht irgendein Scriptkiddie mein SSH zu Bruteforce’n. Das an sich ist eigentlich nichts erwähnenswertes da es zum täglichen Müll gehört (wie die Spammer die offene Mail Relays suchen) und eigentlich zum allgemein “Rauschen” im Internet gehört. Nach ein paar Fehlversuche landet bei mir die IP automatisch für eine gewisse Zeit auf eine Blackliste und wird per iptables gesperrt.

Was das ganze hier jedoch interssant macht ist die Hartknäckigkeit derjenigen. Die meisten Kiddies merken “ach mist, meine IP wird geblockt” und versuchen es vielleicht noch von eine 2. IP bevor sie aufgeben. Der hier jedoch hat wohl eine ganze menge an Zombie Rechner zur Verfügung weil er seit ein paar Stunden es schafft nach jeden IP Ban von einen neuen Host seinen Brute Force Attacke erneut zu starten. Jepp, ihr habt richtig gelesen, er führt sie nicht weiter, wo er aufgehört hat, sondern fängt jedesmal wieder von vorne an.

Ich gib ihn 8/10 Punkte für Ressourcen, 9/10 für Hartknäckigkeit und 2/10 Punkte für die Durchführung.