Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Wednesday, April 16, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 22
Guests Online: 17
Members Online: 5

Registered Members: 82810
Newest Member: TheDuke777
Latest Articles
View Thread

HellBound Hackers | Events | Root This Box

Page 1 of 2 1 2 >
Author

Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-07-10 09:17
Well its been awhile since I've posted -- but have a rooting challenge for you guys. Its at hackm3.net.

Its intentionally set up to be vulnerable, so it is possible, but it wont be easy.

Please dont disrupt services/change passwords etc. Just add your name to the index.html on the front page.

Bruteforcing/web/vulnerability scanners may/will be of little use... and might ban you for a short period of time! =P

NOTE: If you get really stuck, and are willing to admit defeat (which means you fail)...here is part 1:
Code
http://hackm3.net/b34035bb0fb585a8481104a790c03ee3/index.html





Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-07-10 21:19
Eh not that hard. I'm waiting on JTR to crack the root pass (which is gonna take a while on my shitty laptop...is it in a wordlist?).

Pretty cool to see a challenge that is actually realistic here though, and I definitely give you props for putting up your server for us Wink

Will you be adding more challenges in the future?
Author

RE: Rooting Challenge

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 27-07-10 21:30
Yeah, I'm at the same spot as you Xof.
I got the non-root pass pretty quick with john, so I'm kinda figuring that you have to do a local exploit from the non-root user's ssh account, maybe?
Unfortunately, I havn't found anything that way yet.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: Rooting Challenge

KvK
Member



Posts: 94
Location: EIP‭‮
Joined: 17.01.09
Rank:
Apprentice
Posted on 27-07-10 21:34
Ninja ninja1337 # john --users=root passwd

Good Luck, however I believe there is a more civilized solution to this one.

#[n00b@hackm3 html]$ history

=p


Author

RE: Rooting Challenge

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 27-07-10 21:42
MoshBat wrote:
KvK wrote:
Ninja ninja1337 # john --users=root passwd

Good Luck, however I believe there is a more civilized solution to this one.

#[n00b@hackm3 html]$ history

=p

I tried some of the same things... And that c/s is pretty low...


Think that's low? I get ~2000 :angry:


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-07-10 22:03
Its a really long root password and not meant to be cracked in the time frame I leave this challenge online.


Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-07-10 22:12
Good I'll stop cracking then


Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-07-10 00:42
sorry I broke it am trying to fix!

fixed




Edited by on 28-07-10 00:50
Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-07-10 01:17
w00t nice job.


Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-07-10 01:31
Hmm, what method did you use to get it? (PM Please). I liked not having a standard exploit that would have worked in 2min.

Edit: The reason I ask, is I know the first person to get it, got in on an oversight where I left the root password in the .bash_history after using su

Edit: Anyways here was one possible solution. The more indended solution. But since theres always more than one way, root is root.

http://hackm3.net. . .index.html




Edited by on 28-07-10 01:54
Author

RE: Rooting Challenge

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 28-07-10 02:25
Had my fun.

Sorry for spamming /etc/passwd and shadow.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-07-10 02:44
Its all good, but yeah. v2 coming soon..... Videos re-uploaded just incase someone else wants to see. http://hackm3.net


Author

RE: Rooting Challenge

KvK
Member



Posts: 94
Location: EIP‭‮
Joined: 17.01.09
Rank:
Apprentice
Posted on 28-07-10 06:05
Thanks for the fun. I learned a few things.


Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-07-10 17:51
whens the new one coming? Grin


Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-07-10 01:32
wolfmankurd wrote:
whens the new one coming? Grin


Right now -- enjoy. (Password cracking on this one isnt needed at all)

Again please dont stop services, dos, etc.

Editing to say I will probably be rebooting soon as to clean a few things up. (And will keep rebooting every hour or two)

Edit2: Its all automated now to reboot at 5 after the hour. Takes about 1 min and it will be back up.




Edited by on 29-07-10 08:55
Author

RE: Rooting Challenge

Tucak
Member

Your avatar

Posts: 19
Location:
Joined: 04.06.08
Rank:
Newbie
Posted on 29-07-10 13:23
Man, that was fun. Please make more! : )
Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-07-10 13:27
Tucak wrote:
Man, that was fun. Please make more! : )


Glad you liked it, and nice job.


Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-07-10 00:58
Thanks it was fun, but I think the last exploit was dissapointing. keep them comming please!




Edited by on 30-07-10 01:04
Author

RE: Rooting Challenge

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 30-07-10 01:01
We could've been exploiting sudo, dpkg, lppasswd, gzip and more... Ah well. The rooting aspect was a bit too straightforward (ie. easy).

Thanks again though, a third challenge will be appreciated.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: Rooting Challenge


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-07-10 15:03
wolfmankurd wrote:
Thanks it was fun, but I think the last exploit was dissapointing. keep them comming please!


spyware wrote:
We could've been exploiting sudo, dpkg, lppasswd, gzip and more... Ah well. The rooting aspect was a bit too straightforward (ie. easy).

Thanks again though, a third challenge will be appreciated.


MoshBat wrote:
What the last two said.


Alright, you asked and you shall receive. I have seriously tried to up the difficulty on this one, though I suspect you will still get through (I just hope it takes you longer to exploit than it did for me to make).

Also another change
the contents of /root/proof.txt can be pasted into a new scoreboard here
http://scoreboard. . . (please if you get it dont spam it with a shit ton of names, or else I will just require registration/captchas/more pain in the ass things for you)


http://www.hackm3. . . - enjoy

Also I may revert the machines every so often (wont be more than once per hour, but on a revert you will lose all your work, so keep notes if you have a bad memory)


Page 1 of 2 1 2 >