Linux Server Break-In Challenge
Results 1 to 10 of 10

Thread: Linux Server Break-In Challenge

  1. #1

    Linux Server Break-In Challenge

    Saw this one on Slashdot and thought some on here might be interested. Linux Break-In Challenge

    Am I the only one that is too paranoid (or ethical) to do any of these? I'm always afraid that if I'm successful men in sunglasses and black suits will show up at my house...
    \"I would like to electrocute everyone who uses the word \"fair\" in connection with income tax policies.\"
    - William F. Buckley Jr.

  2. #2
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    There's nothing unethical about it, as far as I can see. But IMHO what self respecting hacker is going to give away his best kept secrets to root a box that has nothing on it, and then gets to recieve nothing for his troubles. I mean really, why would I go to the trouble of breaking in to a house that was built expressly for that purpose to get a handshake when I can break in to the house next door that a big plasma TV still inside the box?

    Duh, george. Some people.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  3. #3
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Because a TV is to hard to move out of the house without getting caught.

    Any good thief knows that when you get in you go right for the silver, the jewelry, any computers, paintings, and if it's me, the medicine drawer.

    And if you're a real dick like my friend, you steal the batteries out of the remote controls of everything int he house so they all have to get up to change the channel. You'd be shocked how long people go without batteries because they are to lazy to go to the store.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Hrmm.. this was brought up in my CISSP class by one of the students so while they were doing their quiz I decided to do some poking. Visit here for the details. These are my results so far:

    Linuxense.com whois
    Registrant:
    Linuxense Information Systems (Pvt) Ltd (SIFADMOEFD)
    TC 16/1623, Lalitha Mandir
    Thycaud P.O.
    Trivandrum, Kerala 695014
    IN

    Domain Name: LINUXENSE.COM

    Administrative Contact:
    Linuxense Information Systems (Pvt) Ltd (QYUWMZODBO) akz@linuxense.com
    TC 16/1623, Lalitha Mandir
    Thycaud P.O.
    Trivandrum, Kerala 695014
    IN
    +91 471 23 24341

    Technical Contact:
    Network Solutions, LLC. (HOST-ORG) customerservice@networksolutions.com
    13200 Woodland Park Drive
    Herndon, VA 20171-3025
    US
    1-888-642-9675 fax: 571-434-4620

    Record expires on 19-Feb-2006.
    Record created on 19-Feb-2002.
    Bulk whois optout: Y
    Database last updated on 8-Mar-2005 18:28:24 EST.

    Domain servers in listed order:

    NS03.LINUXENSE.COM 69.44.61.248
    NS02.LINUXENSE.COM 69.44.156.16
    Off of their website the IP is listed as http://202.88.234.250/ . The WHOIS below shows the server as being in India. The Placeholder page suggests they are using a default install of Debian with Apache 1.3.31 (404 error page shows this up). Navigate into the Icons directory (http://202.88.234.250/icons) shows the various icons but navigating beyond the root of the web server isn't possible at this point. Telnet to 25, 23, 21 proved useless but 22 brought up some details: SSH-2.0-OpenSSH_3.8.1p1 Debian 1:3.8.1p1-4.1

    inetnum: 202.88.224.0 - 202.88.239.255
    netname: ASIANET
    descr: Asianet is a ISP providing access through Cable.
    country: IN
    admin-c: PS104-AP
    tech-c: PS104-AP
    mnt-by: APNIC-HM
    mnt-lower: MAINT-IN-ASIANET
    changed: hm-changed@apnic.net 20020710
    status: ALLOCATED PORTABLE
    source: APNIC

    person: Praveen Shrikhande
    address: Karimpanal Arcade, 3rd Floor
    address: East Fort
    address: Thiruvananthapuram - 695023
    address: Kerala, India
    country: IN
    phone: +91-471-575353
    fax-no: +91-471-575454
    e-mail: praveen@asianetindia.com
    nic-hdl: PS104-AP
    mnt-by: MAINT-NEW
    changed: sysadmin@asianetindia.com 20020704
    source: APNIC
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Senior Member
    Join Date
    Mar 2005
    Posts
    400
    I think KorpDeath said it all.
    ZT3000
    Beta tester of "0"s and "1"s"

  6. #6
    Junior Member
    Join Date
    Mar 2005
    Posts
    5

    scan results

    I ran nmap just for the hell of it. One surprising thing is the sheer amount of ports apparently open. My first instinct was that these aren't even real services running but some kind of decoy. Thoughts?

    Also, the webpage says there is no firewall in front of the box, but something appears to catching the scan (due to all the timing corrections done by nmap.) ...or am I way off about that?

    ----

    Host 202.88.234.250 appears to be up ... good.
    Interesting ports on 202.88.234.250:
    (The 1559 ports scanned but not shown below are in state: closed)
    PORT STATE SERVICE VERSION
    7/tcp open echo?
    9/tcp open discard?
    13/tcp open daytime
    18/tcp filtered msp
    19/tcp filtered chargen
    22/tcp open ssh?
    25/tcp open smtp?
    27/tcp filtered nsw-fe
    33/tcp filtered dsp
    37/tcp open time
    80/tcp open http?
    111/tcp open rpcbind?
    135/tcp filtered msrpc
    137/tcp filtered netbios-ns
    138/tcp filtered netbios-dgm
    139/tcp filtered netbios-ssn
    162/tcp filtered snmptrap
    175/tcp filtered vmnet
    176/tcp filtered genrad-mux
    184/tcp filtered ocserver
    197/tcp filtered dls
    198/tcp filtered dls-mon
    206/tcp filtered at-zis
    227/tcp filtered unknown
    246/tcp filtered dsp3270
    262/tcp filtered arcisdms
    265/tcp filtered maybeFW1
    305/tcp filtered unknown
    314/tcp filtered opalis-robot
    359/tcp filtered tenebris_nts
    380/tcp filtered is99s
    385/tcp filtered ibm-app
    392/tcp filtered synotics-broker
    396/tcp filtered netware-ip
    437/tcp filtered comscm
    445/tcp filtered microsoft-ds
    477/tcp filtered ss7ns
    488/tcp filtered gss-http
    494/tcp filtered pov-ray
    504/tcp filtered citadel
    511/tcp filtered passgo
    520/tcp filtered efs
    553/tcp filtered pirp
    566/tcp filtered streettalk
    581/tcp filtered bdp
    609/tcp filtered npmp-trap
    626/tcp filtered unknown
    653/tcp filtered unknown
    654/tcp filtered unknown
    660/tcp filtered mac-srvr-admin
    697/tcp filtered unknown
    704/tcp filtered elcsd
    731/tcp filtered netviewdm3
    735/tcp filtered unknown
    740/tcp filtered netcp
    743/tcp filtered unknown
    756/tcp filtered unknown
    789/tcp filtered unknown
    806/tcp filtered unknown
    822/tcp filtered unknown
    847/tcp filtered unknown
    856/tcp filtered unknown
    879/tcp filtered unknown
    905/tcp filtered unknown
    935/tcp filtered unknown
    941/tcp filtered unknown
    976/tcp filtered unknown
    977/tcp filtered unknown
    990/tcp filtered ftps
    1003/tcp filtered unknown
    1027/tcp filtered IIS
    1040/tcp filtered netsaint
    1080/tcp filtered socks
    1214/tcp filtered fasttrack
    1351/tcp filtered equationbuilder
    1363/tcp filtered ndm-requester
    1371/tcp filtered fc-cli
    1405/tcp filtered ibm-res
    1422/tcp filtered autodesk-lm
    1430/tcp filtered tpdu
    1435/tcp filtered ibm-cics
    1457/tcp filtered valisys-lm
    1464/tcp filtered msl_lmd
    1496/tcp filtered liberty-lm
    1542/tcp filtered gridgen-elmd
    1544/tcp filtered aspeclmd
    1651/tcp filtered shiva_confsrvr
    1720/tcp filtered H.323/Q.931
    2011/tcp filtered raid-cc
    2105/tcp filtered eklogin
    3128/tcp filtered squid-http
    3264/tcp filtered ccmail
    4480/tcp filtered proxy-plus
    5301/tcp filtered hacl-gs
    5432/tcp open postgres?
    5801/tcp filtered vnc-http-1
    6007/tcp filtered X11:7
    6588/tcp filtered analogx
    8081/tcp filtered blackice-icecap
    13706/tcp filtered VeritasNetbackup
    32770/tcp filtered sometimes-rpc3
    1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
    SF-Port5432-TCP:V=3.70%D=3/8%Time=422E6E97%P=powerpc-apple-darwin7.5.0%r(S
    SF:MBProgNeg,85,"E\0\0\0\x84SFATAL\0C0A000\0Munsupported\x20frontend\x20pr
    SFtocol\x2065363\.19778:\x20server\x20supports\x201\.0\x20to\x203\.0\0Fp
    SFstmaster\.c\0L1293\0RProcessStartupPacket\0\0");
    No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
    TCP/IP fingerprint:
    SInfo(V=3.70%P=powerpc-apple-darwin7.5.0%D=3/8%Time=422E6F3D%O=7%C=1)
    T1(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
    T2(Resp=N)
    T3(Resp=Y%DF=Y%W=0%ACK=O%Flags=AR%Ops=)
    T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
    T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
    T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)
    T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
    PU(Resp=Y%DF=N%TOS=0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)



    Nmap run completed -- 1 IP address (1 host up) scanned in 3961.847 seconds

  7. #7
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    I wonder if your nmap scan is reporting stuff from their network equipment in front of the box...that would explain all those 'ports' or 'services', depending on the scan flags used, etc.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  8. #8
    Junior Member
    Join Date
    Mar 2005
    Posts
    5
    I believe all I did was, nmap -sS -v -O -sV. TCP SYN, TCP/ICMP pings, with version and OS detection...

  9. #9
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I wonder if your nmap scan is reporting stuff from their network equipment in front of the box...that would explain all those 'ports' or 'services', depending on the scan flags used, etc.
    One way to find out is to telnet to each of those services. I know I can connected and get a response from all the open ports above except 25. That one closes connections (probably to avoid SMTP Open Relay issues but may mean Sendmail is still running).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  10. #10
    Senior Member PacketThirst's Avatar
    Join Date
    Aug 2004
    Posts
    258
    Well ! ... I've got a password prompt when i tried an rlogin to the address. We too share the same ISP, asianet !. Maybe give them a call and try out some social engineering.





    Cheers

    PaCketThirst

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides