Team Shaded Youth took control of Orion during a KOH game, this is the whitepaper they submitted.
Well in the normal wargames, the team on 204
messed it up so bad that when everyone logged in, the
login file was destroyed or something around there, so
they decided to reinstall the OS on there. Also they
reinstalled 205 because the person on the team there
(a_d) started doin his offensive work during the grace period.
Anyway so when they opened it up for KOTH (King of The Hill)
amgod and i went to work on it. We opened telnet and tried
port 21, which showed it was wu ftp. Then we got the version
and got the exploit for it. Once the exploit was on it and run,
we got access to root, didnt have time to identify the version
but it was slackware, and killed SSH (oops :P). From there we
ran a backdoor, which we never ran before so it opened port
4000 to everyone. Then someone announced in chat (irc.hack3r.com
chan #roothack) that port 4000 was open, and everyone went in
and tried to get it. Right then, core from team Zion,
got it and killed the backdoor. When he did, because he was
nice and knew we were in it to learn, gave it back to us.
We had Knight420 lock it down by fixing the suids, and
killing the services. Then i went to bed and woke up to hear
that epic got it through ptrace (argh!!!). This was a fun
about 6 hour (lol) fun wargame. Expect to see Shaded Youth
back in the wargames in the future. :)
BTW - Thanks to all the teams for helping us out with simple
questons :)
-Shadez