Follow us on Twitter!
Few are those who can see with their own eyes and hear with their own hearts. - Albert Einstein
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 20
Guests Online: 20
Members Online: 0

Registered Members: 82876
Newest Member: bhl1986
Latest Articles
View Thread

HellBound Hackers | Challenges | Rooting

Page 2 of 3 < 1 2 3 >
Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 04:11
"I don't think that makes it impossible... it just makes it more difficult to make a comprehensive challenge. There are plenty of resources available in modern-day programming to accurately simulate a semi-realistic environment in which multiple solutions can be applied. It's just a question of effort, as is everything around here. Otherwise, we would have more quality articles."

Asides from actually having a box to put a vulnerable application on, a simulated "realistic" challenge is definitely impossible. You can give the user some simulated tools, like a basic port scanner, and etc, but that's not really realistic and kills the learning experience.

For example, with the port scanning again. Learning the scan types, finding what types of scans are noisy & stealthy, importance of finding the victim's operating system, that scanning most of the time will really take time, flooding logs with a mass of spoofed ip addresses, and etc. are vital to the learning process.

You can't just create a game like hacker evolution where you "scan" the victim's computer and can immediately find the open ports, how long the password is, and etc. You can't just use some tool and expect to bruteforce a protocol and be able to connect with some client that isn't even capable of connecting to the protocol you're trying to get into. This is why i see the rooting challenges as just fun little apps, nothing that could at all lead to learning.


Author

RE: Shall we end this?


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 04:13
Although i have rather enjoyed reading this because its rather ammusing. We may as well stop posting here seeing as what needed to be said has been said i think, its not really going anywhere from here anyways. If he continues to post just allow him to talk to himself. Just a suggestion of course do as you all please.
Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 04:13
@Thor: There are not even 100 active members on HBH
Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 04:15
Skunkfoot wrote:
"Wise men speak because they have something to say, fools speak because they have to say something" Wink

And as far as my rooting abilities, you're partially right: I don't really know anything about rooting a server, but that doesn't mean that I can't code a challenge...

btw, cL- and I are in the middle of a netbios rootin simulation challenge, it should be done and tested by this weekend at the latest.. Smile


I saw this after i posted. A netbios simulation might be somewhat successful. But you might need to provide support for a linux emulation and a windows emulation.

Also, is it going to be something simple like a netbios null session or are you going to get into actual enumeration of information and based on that be able to attempt a valid connection?

Simulated challenges for easy things like netbios null session are possible, but actual non-basic simulation is damned impossible for reasons I've mentioned above.


Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 04:19
*occur, got to it b4 skunk! scoreeeeeeee haha


Are you referring to me being a grammar nazi? xD


Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 04:21
nights_shadow wrote:
Skunkfoot wrote:
"Wise men speak because they have something to say, fools speak because they have to say something" Wink

And as far as my rooting abilities, you're partially right: I don't really know anything about rooting a server, but that doesn't mean that I can't code a challenge...

btw, cL- and I are in the middle of a netbios rootin simulation challenge, it should be done and tested by this weekend at the latest.. Smile


I saw this after i posted. A netbios simulation might be somewhat successful. But you might need to provide support for a linux emulation and a windows emulation.

Also, is it going to be something simple like a netbios null session or are you going to get into actual enumeration of information and based on that be able to attempt a valid connection?

Simulated challenges for easy things like netbios null session are possible, but actual non-basic simulation is damned impossible for reasons I've mentioned above.


Well, it's a simple netbios sim atm, and I only made a windows simulation, but all that can be changed if necessary...although that might take a bit longer Pfft


Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 04:24
nights_shadow wrote:
Asides from actually having a box to put a vulnerable application on, a simulated "realistic" challenge is definitely impossible.
<huge snip>


All of that, of course, is based upon the assumption that a realistic challenge would have to be hard-coded with a single path and a single solution. It would be more effective to code the backbone rather than the method. Wink

<OT> Nope, didn't get the 5 bucks, Thor. FSH got his other two names banned, so I figured it was time to stop changing my sig to match his recent name. Pfft </OT>

Skunkfoot wrote:
I have a spare box that I could set up if that's what you want...


It won't help... this is the ages-old "rooting challenges can't be simulated" argument. Real boxes never get used. The argument dies down until another poor soul complains about the rooting challenges. I feel like I'm stuck watching re-runs.





Edited by on 27-11-07 04:30
Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 04:26
Asides from actually having a box to put a vulnerable application on


I have a spare box that I could set up if that's what you want...


Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 04:31
Zephyr_Pure wrote:

All of that, of course, is based upon the assumption that a realistic challenge would have to be hard-coded with a single path and a single solution. It would be more effective to code the backbone rather than the method. Wink


I don't get what you're trying to say. It's not the exploit that's in question, one or a million different ways to get in doesn't matter.




Having a box with a vulnerable program on it would be awesome. Have some sort of exploitable program with some type of buffer overflow where the shellcode isn't anything that can be damaging to things outside the program. You're obviously going to have the assholes probably shutting down the app, but if people make an attempt to check it out every once and a while to make sure:
1.) the app/box is still up
2.) It hasn't been updated
3.) the port is still open
and...whatever else you might think of.
This way you can learn how to scan the target for open ports, find the operating system (otherwise you're just running wrong shellcode (unless it's universal)), and etc. It might be called skript kiddy by some, but it's a very great way to learn for beginners.




Edited by on 27-11-07 04:37
Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 04:33
In my opinion a real box will be 3x as good as a simulated challenge.

And I'm not sure if skipping over the basics is the best idea. Maybe make two challenges, one harder than the other, but going more in depth?

And maybe write an article with it, not like a 'rooting 4 article' but a 'netbios attacks article' because as already mentioned our community is ignorant in the field of rooting.


Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 04:34
nights_shadow wrote:
I don't get what you're trying to say. It's not the exploit that's in question, one or a million different ways to get in doesn't matter.


Okay, let me rephrase it:

Why hard-code a solution when you can code the framework as it would logically be in real-life? Need to use CLI? Code an interpreter! Sure, it's hard work, and it will never happen on this site; realistically, though, it has to be the best way to simulate rooting. The easy way would be to just set up a box to get rooted, of course.



Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 04:45
I'm gonna try and set up DVL on my spare laptop...anyone who wants to practice on it is allowed to. Also, don't mess anything up on it when I get it set up...I mean, it won't really matter, I can just reinstall DVL if you do, but why ruin the practice for everyone else? that's not cool... Pfft

I'll post updates soon Smile


Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 04:46
Zephyr_Pure wrote:
Okay, let me rephrase it:

Why hard-code a solution when you can code the framework as it would logically be in real-life? Need to use CLI? Code an interpreter! Sure, it's hard work, and it will never happen on this site; realistically, though, it has to be the best way to simulate rooting. The easy way would be to just set up a box to get rooted, of course.


You're essentially making a program that simulates a possibly exploitable environment/simulated OS? The problem is it's still simulated. Many real variables are still killed, like speed and effectiveness of certain things.

You wouldn't have to root the box in order to learn. Exploiting a protocol is a great way to learn.


Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 04:58
so even though certain individual tried to hijack this thread, we still managed to do some progress..

I hope the DVL box will be up soon. all we're missing is some good article covering the basics like port scanning and identifying the OS etc. like nights_shadow mentioned.


Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 05:02
okay, well how about this: I'll set up the box, y'all start writing some articles about rooting...fair enough?


Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 05:10
nights_shadow wrote:
You're essentially making a program that simulates a possibly exploitable environment/simulated OS? The problem is it's still simulated. Many real variables are still killed, like speed and effectiveness of certain things.

You wouldn't have to root the box in order to learn. Exploiting a protocol is a great way to learn.


I agree that it could never be as effective as an actual box to root... however, I think that people tend to exaggerate exactly how "impossible" a simulated challenge can be in meeting the requirements of most people on here. While a simulated challenge would be lacking in the realism and variety of the variables, it would serve its purpose: to instruct those that are learning technique. Anything more should be part of a wargame, not a challenge.

At this point, it looks as if we're just pushing for different levels of "challenge" and, somewhere in the middle, we manage to agree on key points. I would love to see some rooting boxes go up but, at the same time, I would also love to see some effective challenges that can help to increase the prowess of some members on this site.



Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 05:17
I see bad things happening with this DVL install. Just knowing people who would actually get access and try to prove their leetness or people who just plain hate hbh.

But hell, if it actually works for longer than a week, that'd be awesome.


Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 05:20
like I said, if some loser wants to ruin it for everyone else, then whatever, that's their choice and I can't stop them, but it doesn't really matter because I'll just reinstall it and it'll be back up... Smile


Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 09:26
im not great on all this stuff but would it be hard to set it up so the laptops harddrive periodically gets flashed or something??


Author

RE: no BS rooting.


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-11-07 16:01
moshbat wrote:
STOP FLAMING MASTA!
no, I'm not standing up for him. just get back on topic, okay?
I'll help with some research, if it's needed.


everyone had stopped..... why bring it up again :right:


Page 2 of 3 < 1 2 3 >