The Solo Wargames are back up and in action. Info can be found here. If you have any problems with the levels, post them here. Also, please let us know how the box is holding up and if there are any network issues.
Sat, 02/28/2009 - 21:24 — s0kket
Hi, great site! can't believe ive missed this for so long! :)
Anyways, just a quick question, without giving anything away, is the portal (the level 7 part, if you know what i mean) simulated?
I ask because, so far everything i have tried, which SHOULD work, isnt, no errors to let me know im on the right track or anything :(
If possible could the possibilities be widened at all?, the message says 'simple' injection but ive tried every single combination i can think of and im getting nowhere.
Side note here: not sure if it's meant to be there, so i havnt removed it, but there is a file in the /tmp directory on erinys that i was able to get euid=0 from, using the ptrace (LD_PRELOAD) exploit, not much as you cant really do anything with euid 0, but thought i would mention it anyway :)
Thanks.
Enigma, yes it is simulated at this point, were working on fixing that level but have a ton of work on our hands, and very little help. Te reason we have little help is because we want the current people in the community to have a chance at playing in these games. Im sorry for the confusion, ill pass a hint, try ones.
Level 7 is really too restrictive. It is a basic SQL auth bypass, but we have it locked down to a very specific string. We are in the process of correcting that and making it more realistic. You haven't been the only one to question that level.
As far as the ptrace exploit...yep, there are several ways to obtain a root session, due to the lack of updates to the box. Of course, we don't really care if the box is owned but we would rather see people complete the challenges.
With that being said, we will be moving over to an OS that will allow us to keep everything updated. We are going to start setting these up today, and once completed, we will just swap over and no one will notice any outage.
If you want to jump on IRC and discuss the level 7, please do...I won't post the answer here, but will gladly assist in a private message on IRC.
Thanks for the help guys,
No problem, i just wanted to make sure it was simulated before i ran out of hair to pull out :) And thanks for the hint ocyrus, it narrows the search by hundreds (seriously).
re exploit: it isnt necessarily a root-giving exploit, as the file is not root-owned, it just gave me an euid of 0, but i still couldnt read anything owned above level 6 :( and with users being unable to 'chown' anything to make it root-owned, its....pointless, lol.
On another note, i will try and get on IRC later, as im currently running of the backtrack 3 live-cd, and so im running as root, and everyone knows its a fool's game running irc as root, so i will have to reboot into ubuntu when ive finished off what im doing :)
Oh and btw, good look with the move :)
What's to stop you from crating a user, su-ing into that account, and using irssi?
Well, because 99% of the time you are using bt you are on the command line, so its good to get away from it for a while, and besides...i like xchat :)
other than that, theres nothing stopping me, except the extreme lack of security at the minute until i get my 'proper' connection back :/
While im here though, has someone forgot to get rid of the 'no-suid' option on the erebus servers? lol. Successfully exploited both strcpy 1 & 2, both gave me a shell, but still level 11, so unable to get the passwd etc :(
Son, don't anger the cli gods. On linux, there is no such thing as too much cli.
First... I'm really enjoying these solo wargames and I wanted to say thank you for your time and effort, but I have a problem: I can't find any debugger (looking for gdb) on erebus... is it normal?
Someone forgot to add gdb when the systems were restored. It should be back on now.
<>
am now english i am now komet
Navigation
Popular content