What up?! I made a thread yesterday about an interesting challenge from the german intelligence agency but /g/ wasn't that interested and focused on consumerism instead.
For the challenge you must run a bare debian linux image in a VM.
http://www.bnd.bund.de/DE/Karriere/Forensik_Challenge/Forensik_Challenge_node.html
Some agency from an allied country asks the BND to check an incident. The server of some state insurancy company got hacked. They supply an image of the server.
You have to analyze the image. The hackers left traces on the system (files) and you have to figure out how to get root access. LUCKILY the hackers somehow created a low level user (hacker:abcd1234).
Image can be found here:
http://download.gsb.bund.de/BND/ZIP_Challenge.zip (754 MB - .vmdk)
Hints are that there is a web application involved and this is most likely the attack vector.
What i have found so far:
>a /html/ folder contains a .php with a script that lets potential attackers use ReadFile ... this is most likely the vulnerability that allowed the hackers to change the root password/gain access to the system
>"www-data" seems to be the root's username. I can't find the password to it though.
Questions you have to answer:
>How did the attackers gain access to the system (keep in mind they had no access to the terminal)
>How were they able to get root access
>What data (incl content) did the hackers leave behind and where?
The challenge is for people with masters degrees in computer science.
Can /g/ figure it out?!!
>>59314877
>The challenge is for people with masters degrees in computer science.
>>59314877
physical access, rootkit
social engineering, mitm attack, malware
dirty cow exploit
It's probs a web rce -> shell -> priv ESC like dirty cow
>>59314877
I don't speak German.
>>59315093
no social engineering involved. The exploit obviously came through the website hosted on the server and the .php
>>59315149
you don't have to. The .vmdk is a normal debian linux image.
>>59314877
The downside is that you'll have to work in Berlin, the Hipster capital of Europe.
>>59315291
true but i dont want to work there. Pay is really bad for actual experts in that field i guess. I am not even an expert i just think its a fun and interesting challenge and it can't be that hard to solve it.
Starting is 5k before taxes which is like 60k a year. All salaries and levels are public. I think you can reach over 100k but thats going to take you 20 years or so.
They probably recruit awkward meme patriots or something - or people use it as a platform to get into actual high paying jobs.
>>59315314
You also get job security and a decent pension.
Once you reach public servant status, they virtually can't fire you, as long as you show up for work.
>>59315348
truuuuuuu
>>59314877
>The challenge is for people with masters degrees in computer science.
computer science is about computation, not becoming the hackerman
>>59315393
pretty awkward that this board can't figure this out tbqh.
I guess the memes are true and i have confirmed it for myself. /g/ is a consumer oriented board for linux users that want to rice their desktops and then shitpost about how pajeets are stealing their jobs. Sounds like /pol/ just for tech.
>>59315584
Most of /pol/ are successful, white businessmen with big degrees in business.
>>59315656
and engineers, scientists and scholars and don't forget the 9" cocks, trucks, ex - military, defense contractors, beautiful aryan wife and 3 children with blonde hairs and blue eyes
similiar to how /g/ only uses free software, is smarter than the CIA, doesnt need a degree to write the best code in the industry and is an expert of every linux distro
>>59315668
My favorite /g/ archetype is the C programmer who never makes mistakes (safe languages are for babbies).
>>59315756
>/g/ codes close to the metal but can't navigate with the CLI through a linux filesystem
yaaaaaaaaaaas
>>59315584
Outsourcing your homework to /g is pathetic
>>59316043
this isnt homework .. did you read the post?
>>59315788
>close to mental
>>59315756
Yeah I love that guy too, the hubris is delicious
>>59315090
Hopefully pajeets and changs can get it first then
>>59316533
love how they LARP this hard at the worst NEET day time in the history of mankind
>>59315584
No one cares about you or your employer's challenge, Fritz.