I used to smoke marijuana. But I'll tell you something: I would only smoke it in the late evening. Oh, occasionally the early evening, but usually the late evening - or the mid-evening. Just the early evening, midevening and late evening. Occasionally, early afternoon, early midafternoon, or perhaps the late-midafternoon. Oh, sometimes the early-mid-late-early morning. . . But never at dusk.
-- Steve Martin
JaBbA's Hut

Today's Tao (Chapter 45):

Great perfection seems incomplete,
But does not decay;
Great abundance seems empty,
But does not fail.

Great truth seems contradictory;
Great cleverness seems stupid;
Great eloquence seems awkward.

As spring overcomes the cold,
And autumn overcomes the heat,
So calm and quiet overcome the world.
Friends and Family Login
Username

Password

Remember Me
NEW It Works!!!!

Friend or Family?
To see the stuff
hidden from the wider world,
Click Here

Contact Me

Email Me at http://xri.net/=Justin.B.Alcorn

Subscribe

Subscribe to JaBbA's Hut! Have new entries emailed to you!
Your email address:

Quicksearch

About Me

  • PGP Key Fingerprint A36D D691 C5B0 BE15 5A2A AF49 AA1C 372C. Get my Key for "Justin Bradford Alcorn" from http://pgpkeys.mit.edu .

Calendar

Back May '12
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Archives

May 2012
April 2012
March 2012
Recent...
Older...

Syndicate This Blog

Blog Administration

Open login screen

Categories



All categories

Powered by

Serendipity PHP Weblog

Creative Commons License

Creative Commons License - Some Rights Reserved
Original content in this work is licensed under a Creative Commons License

JaBbA's Hut

White Hat Liberal Geek Dad

Saturday, December 13. 2003

Capture The Flag!

Geek
First of all - The Track 4 SANS Class Rocks! Just had to get that out of the way.

Today we got to put our new knowledge to use. The task was to find 4 flags (text files) on a specific network, then use the information in the flags to discover the 'Phrase that pays'. First 4 people to find the phrase win a little goodie.

The network wasn't connected to the internet, so we could attack to our heart's content - the only rules were 1) no DOS 2) no arp cache poisoning 3) no rootkits - no changing the OS of the servers to keep other people out (This is, after all, supposed to be a learning experience). At 9:30, we had our instructions, and we started.

9:30. Formed team of 4 people. I fired up nessus to scan network. S used null sessions to attack machines that were quickly Id'd by nessus as W2k and started enumerating users. Others started poking at Linux machines.

9:45. Discovered that IIS on machine 9 was vulnerable to directory traversal. Started exploring hard drive. found netcat on drive. Started listener, connected to shell. excellent. flag1 found and recorded.

9:55 S reported that she had broken passwords on W2K domain. She was able to connect to server 15, and discovered user in admin group. got flag2.

10:15 reading over information in flag1 and flag2 I realized where the phrase that pays was hidden, but I needed key. Used domain user information to try accessing Linux boxes. got root on server 55 via bad misconfiguration on box. flag4 on server 55 gave me the key I needed.

11:25 finally was able to compile software I needed to extract phrase that pays. Still don't have flag3, but I don't need it. I win!

I spent the rest of the day cracking root on the other boxes. Server 35, the one with flag3, was a worthy challenge, and getting flag3 required root. I figured out what to do without the info in flag3 by guessing, but I finally got root on the box at 1:30 via a kernel exploit that was NOT provided on our tools CD, I had to go to the internet room and figure out a exploit.

Very cool. I now have a spiffy new SANS hat for my efforts.
Posted by JaBbA in Geek at 23:31 | Comments (0) | Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.
 
Please send a whole bunch of email to johnny@jalcorn.net