[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

Hacking Challenge For Linux Experts

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
  1. Home
  2. /g/ - Technology
  3. Hacking Challenge For Linux Experts
Thread replies: 24
Thread images: 3

Anonymous
Hacking Challenge For Linux Experts 2017-03-09 10:25:11 Post No. 59314877
[Report] Image search: [Google]
File: Z.jpg (5KB, 303x166px) Image search: [Google]
Z.jpg
5KB, 303x166px
Hacking Challenge For Linux Experts Anonymous 2017-03-09 10:25:11 Post No. 59314877 [Report]
What up?! I made a thread yesterday about an interesting challenge from the german intelligence agency but /g/ wasn't that interested and focused on consumerism instead.

For the challenge you must run a bare debian linux image in a VM.

http://www.bnd.bund.de/DE/Karriere/Forensik_Challenge/Forensik_Challenge_node.html

Some agency from an allied country asks the BND to check an incident. The server of some state insurancy company got hacked. They supply an image of the server.
You have to analyze the image. The hackers left traces on the system (files) and you have to figure out how to get root access. LUCKILY the hackers somehow created a low level user (hacker:abcd1234).

Image can be found here:

http://download.gsb.bund.de/BND/ZIP_Challenge.zip (754 MB - .vmdk)

Hints are that there is a web application involved and this is most likely the attack vector.

What i have found so far:

>a /html/ folder contains a .php with a script that lets potential attackers use ReadFile ... this is most likely the vulnerability that allowed the hackers to change the root password/gain access to the system
>"www-data" seems to be the root's username. I can't find the password to it though.

Questions you have to answer:

>How did the attackers gain access to the system (keep in mind they had no access to the terminal)
>How were they able to get root access
>What data (incl content) did the hackers leave behind and where?

The challenge is for people with masters degrees in computer science.

Can /g/ figure it out?!!
>>
Anonymous 2017-03-09 10:51:08 Post No.59315090
[Report] Image search: [Google]
Anonymous 2017-03-09 10:51:08 Post No.59315090 [Report]
File: ywyrHntjPZw.jpg (25KB, 491x585px) Image search: [Google]
ywyrHntjPZw.jpg
25KB, 491x585px
>>59314877
>The challenge is for people with masters degrees in computer science.
>>
Anonymous 2017-03-09 10:51:32 Post No.59315093
[Report]
Anonymous 2017-03-09 10:51:32 Post No.59315093 [Report]
>>59314877
physical access, rootkit
social engineering, mitm attack, malware
dirty cow exploit
>>
Anonymous 2017-03-09 10:53:43 Post No.59315114
[Report]
Anonymous 2017-03-09 10:53:43 Post No.59315114 [Report]
It's probs a web rce -> shell -> priv ESC like dirty cow
>>
Anonymous 2017-03-09 10:57:31 Post No.59315149
[Report]
Anonymous 2017-03-09 10:57:31 Post No.59315149 [Report]
>>59314877
I don't speak German.
>>
Anonymous 2017-03-09 11:11:11 Post No.59315237
[Report]
Anonymous 2017-03-09 11:11:11 Post No.59315237 [Report]
>>59315093

no social engineering involved. The exploit obviously came through the website hosted on the server and the .php

>>59315149

you don't have to. The .vmdk is a normal debian linux image.
>>
Anonymous 2017-03-09 11:19:51 Post No.59315291
[Report]
Anonymous 2017-03-09 11:19:51 Post No.59315291 [Report]
>>59314877
The downside is that you'll have to work in Berlin, the Hipster capital of Europe.
>>
Anonymous 2017-03-09 11:23:02 Post No.59315314
[Report]
Anonymous 2017-03-09 11:23:02 Post No.59315314 [Report]
>>59315291

true but i dont want to work there. Pay is really bad for actual experts in that field i guess. I am not even an expert i just think its a fun and interesting challenge and it can't be that hard to solve it.

Starting is 5k before taxes which is like 60k a year. All salaries and levels are public. I think you can reach over 100k but thats going to take you 20 years or so.

They probably recruit awkward meme patriots or something - or people use it as a platform to get into actual high paying jobs.
>>
Anonymous 2017-03-09 11:27:14 Post No.59315348
[Report]
Anonymous 2017-03-09 11:27:14 Post No.59315348 [Report]
>>59315314
You also get job security and a decent pension.
Once you reach public servant status, they virtually can't fire you, as long as you show up for work.
>>
Anonymous 2017-03-09 11:28:41 Post No.59315360
[Report]
Anonymous 2017-03-09 11:28:41 Post No.59315360 [Report]
>>59315348

truuuuuuu
>>
Anonymous 2017-03-09 11:34:08 Post No.59315393
[Report]
Anonymous 2017-03-09 11:34:08 Post No.59315393 [Report]
>>59314877
>The challenge is for people with masters degrees in computer science.

computer science is about computation, not becoming the hackerman
>>
Anonymous 2017-03-09 11:57:35 Post No.59315584
[Report]
Anonymous 2017-03-09 11:57:35 Post No.59315584 [Report]
>>59315393

pretty awkward that this board can't figure this out tbqh.

I guess the memes are true and i have confirmed it for myself. /g/ is a consumer oriented board for linux users that want to rice their desktops and then shitpost about how pajeets are stealing their jobs. Sounds like /pol/ just for tech.
>>
Anonymous 2017-03-09 12:05:08 Post No.59315656
[Report]
Anonymous 2017-03-09 12:05:08 Post No.59315656 [Report]
>>59315584
Most of /pol/ are successful, white businessmen with big degrees in business.
>>
Anonymous 2017-03-09 12:06:41 Post No.59315668
[Report]
Anonymous 2017-03-09 12:06:41 Post No.59315668 [Report]
>>59315656

and engineers, scientists and scholars and don't forget the 9" cocks, trucks, ex - military, defense contractors, beautiful aryan wife and 3 children with blonde hairs and blue eyes

similiar to how /g/ only uses free software, is smarter than the CIA, doesnt need a degree to write the best code in the industry and is an expert of every linux distro
>>
Anonymous 2017-03-09 12:16:10 Post No.59315756
[Report]
Anonymous 2017-03-09 12:16:10 Post No.59315756 [Report]
>>59315668
My favorite /g/ archetype is the C programmer who never makes mistakes (safe languages are for babbies).
>>
Anonymous 2017-03-09 12:19:16 Post No.59315788
[Report] Image search: [Google]
Anonymous 2017-03-09 12:19:16 Post No.59315788 [Report]
File: maxresdefault.jpg (145KB, 1618x1080px) Image search: [Google]
maxresdefault.jpg
145KB, 1618x1080px
>>59315756

>/g/ codes close to the metal but can't navigate with the CLI through a linux filesystem

yaaaaaaaaaaas
>>
Anonymous 2017-03-09 12:45:45 Post No.59316043
[Report]
Anonymous 2017-03-09 12:45:45 Post No.59316043 [Report]
>>59315584
Outsourcing your homework to /g is pathetic
>>
Anonymous 2017-03-09 12:46:12 Post No.59316048
[Report]
Anonymous 2017-03-09 12:46:12 Post No.59316048 [Report]
>>59316043

this isnt homework .. did you read the post?
>>
Anonymous 2017-03-09 12:48:02 Post No.59316059
[Report]
Anonymous 2017-03-09 12:48:02 Post No.59316059 [Report]
>>59315788
>close to mental
>>
Anonymous 2017-03-09 01:29:33 Post No.59316451
[Report]
Anonymous 2017-03-09 01:29:33 Post No.59316451 [Report]
>>59315756
Yeah I love that guy too, the hubris is delicious
>>
Anonymous 2017-03-09 01:36:06 Post No.59316533
[Report]
Anonymous 2017-03-09 01:36:06 Post No.59316533 [Report]
>>59315668
>>>/pol/115890045
>>
Anonymous 2017-03-09 01:36:15 Post No.59316535
[Report]
Anonymous 2017-03-09 01:36:15 Post No.59316535 [Report]
>>59315090
Hopefully pajeets and changs can get it first then
>>
Anonymous 2017-03-09 01:36:54 Post No.59316543
[Report]
Anonymous 2017-03-09 01:36:54 Post No.59316543 [Report]
>>59316533

love how they LARP this hard at the worst NEET day time in the history of mankind
>>
Anonymous 2017-03-09 04:06:47 Post No.59318447
[Report]
Anonymous 2017-03-09 04:06:47 Post No.59318447 [Report]
>>59315584
No one cares about you or your employer's challenge, Fritz.
Thread posts: 24
Thread images: 3
[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.