Follow us on Twitter!
Become the change you seek in the world. - Gandhi
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 30
Guests Online: 30
Members Online: 0

Registered Members: 82841
Newest Member: and3rv1sh
Latest Articles
View Thread

HellBound Hackers | Events | Root This Box

Page 2 of 2 < 1 2
Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-07-10 22:42
looking epic mate. Just got in will get started asap


Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-08-10 14:07
I don't think it took more time but it was definately the funnest.
Thanks again and ...
www.threadbombing.com/data/media/52/Kyle_Moar.jpg
Grin




Edited by on 01-08-10 14:46
Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-08-10 15:28
Yeah I saw how you got a shell onto apache (Not needed at all btw). And thought about blocking that part by just removing said code. It forces you to use an alternate method. Granted the rooting it self isnt that hard.


Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-08-10 21:04
yeah I did see another method, but it seemed silly not to make life easy on myself. if we're speaking about the same thing.

on the whole I enjoyed it much more because it seemed cleaner as in I had simple goals at each point also the way I did it was convulted which made me feel cool Grin

Haven't enjoyed a challenge as much as I'm enjoying these in too long to remember. Keep it up!


Author

RE: Rooting Challenge

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 01-08-10 22:53
Hacked parts of this one and discussed the whole thing with wolfman. The quality of the challenges are improving, nice!



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Rooting Challenge

KvK
Member



Posts: 94
Location: EIP‭‮
Joined: 17.01.09
Rank:
Apprentice
Posted on 02-08-10 01:09
I'm utterly lost. Must be lack of experience, but failure sucks either way. I learn so much in my failed attempts, yet not enough to succeed. Also would anyone mind pm'ing me an explanation of the solutions to the previous 2 challenges?

P.S. Although I have not yet been successful, I am truly greatful that you put forth the effort in making these challenges. Thank You stdio. :happy:


Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 02-08-10 03:00
KvK wrote:
I'm utterly lost. Must be lack of experience, but failure sucks either way. I learn so much in my failed attempts, yet not enough to succeed. Also would anyone mind pm'ing me an explanation of the solutions to the previous 2 challenges?

P.S. Although I have not yet been successful, I am truly greatful that you put forth the effort in making these challenges. Thank You stdio. :happy:


First one:

Flaw in webmin, which runs at root.
Include /etc/shadow
crack n00b password
ssh into n00n
write a cgi script that can overwrite sudoers (one way)
include cgi script with webmin
sudo su to root

Second one:

Command execution on corehttp server
get shell
find a setuid vulnerable program
exploit it (It uses a system() call) by modifying the path and writing a new program in that path that calls /bin/sh

Edit: Also I will be making more of them but if anyone else wants to take a stab at creating a challenge (on my server) PM me and I can work out the details with you (Mostly just because it would be cool to have a challenge myself)




Edited by on 02-08-10 03:04
Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-08-10 03:05
Alright been awhile as Ive been busy but I set up another one.

With this one there is not scoreboard or anything, just self satisfaction I guess.

There is a crontab set to restart something every 2 min, (You will understand why as you go) so if you cant get it working you might try again in a minute... or two. Dont mess with it please.

Again all my same rules apply, no DDOS, rm -rf /, etc.

Not too difficult of a challenge. But will require a bit of reverse engineering, fuzzing, and exploit development.

hackm3.net ... go!


Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-08-10 04:06
MoshBat wrote:
So we have to modify a script that gets restarted every two minutes? That's what I thought we had to do briefly last time.


No no, something may get 'broken' during your exploit process. My script restarts it every two minutes. Please dont modify that script if/when you get in.


Author

RE: Rooting Challenge

KvK
Member



Posts: 94
Location: EIP‭‮
Joined: 17.01.09
Rank:
Apprentice
Posted on 28-08-10 15:42
I need help fuzzing and reversing. Anyone know of any GOOD gdb tutorial that I will be able to read in under two hours? I've already tried man gdb, found gdb manuals, and gdb cheatsheets, but I'm looking for a decent sized tutorial that leaves me with enough information to be able to effectively reverse engineer an application.

P.S. I own a physical copy of "Reversing: Secrets of Reverse Engineering", but from what I've read so far it focuses on reversing Windows applications.


Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-08-10 23:04
KvK wrote:
I need help fuzzing and reversing. Anyone know of any GOOD gdb tutorial that I will be able to read in under two hours? I've already tried man gdb, found gdb manuals, and gdb cheatsheets, but I'm looking for a decent sized tutorial that leaves me with enough information to be able to effectively reverse engineer an application.

P.S. I own a physical copy of "Reversing: Secrets of Reverse Engineering", but from what I've read so far it focuses on reversing Windows applications.


This isnt a tutorial ... but it might help you in a short amount of time.
http://www.deadc0de.info/2009/08/14/level-3-of-smashthestack-io/
Its a solution to smashthestack's level 3 challenge and shows usage of basic gdb commands such as

i r - info registers
break *0xdeadbeef - break point settings
run - run & restart
disass <function> - pretty obvious (objdump -d may help)
x/100x $esp - inspects 400bytes of esp
step - step till ret from function
si - step a single instruction

Those are basically the only things your really need to do this.


Author

RE: Rooting Challenge

KvK
Member



Posts: 94
Location: EIP‭‮
Joined: 17.01.09
Rank:
Apprentice
Posted on 28-08-10 23:55
stdio wrote:
KvK wrote:
I need help fuzzing and reversing. Anyone know of any GOOD gdb tutorial that I will be able to read in under two hours? I've already tried man gdb, found gdb manuals, and gdb cheatsheets, but I'm looking for a decent sized tutorial that leaves me with enough information to be able to effectively reverse engineer an application.

P.S. I own a physical copy of "Reversing: Secrets of Reverse Engineering", but from what I've read so far it focuses on reversing Windows applications.


This isnt a tutorial ... but it might help you in a short amount of time.
http://www.deadc0de.info/2009/08/14/level-3-of-smashthestack-io/
Its a solution to smashthestack's level 3 challenge and shows usage of basic gdb commands such as

i r - info registers
break *0xdeadbeef - break point settings
run - run & restart
disass <function> - pretty obvious (objdump -d may help)
x/100x $esp - inspects 400bytes of esp
step - step till ret from function
si - step a single instruction

Those are basically the only things your really need to do this.


Thanks man. An actual example of gdb in usage is a great place for me to start. I guess when it comes to intricate tools such as gdb, you gain experience as you use it. After I take a crack at your challenge, I suppose I'll give SmashTheStack another try, as the last time I took a serious stab at SmashTheStack or OverTheWire was quite some time ago.


Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 01-09-10 16:48
Wondering how anyone is faring at this challenge.

and also Ive decided to give the source along with the binary file. It can be found in the same place. Keep in mind though you will still need to use use binary to obtain the exact addresses needed.


Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-09-10 05:21
hmmm, i would liked to have tried this when it first started (when it was easier) Pfft i think it's got a bit too advanced for me now..


Page 2 of 2 < 1 2