Archive for March, 2005

After 96 Hours (Break-in Challenge)

Friday, March 25th, 2005

None broke into the server which was on the Net for 96 hours. Kudos to Adamantix!

See details at http://www.linuxense.com/challenge

At the end of 48th hour we have released a shell account with the login name ROT13ed. It didn’t take more than a couple of minutes for the first person to login! But there were several contestants who complained about a login account which “just doesn’t work'’.

Most of the attempts had stack-smash as the basic technique which Pax is good at. But there was a Pax privilege elevation bug to which Adamantix 1.0.4 was susceptible. See http://seclists.org/lists/fulldisclosure/2005/Mar/0211.html for more details. But the first exploit wasn’t out till the end of 96 hours (though the Kernel used was not fully susceptible) :)

Packet capture dump is being circulated via Bittorrent and had several downloads so far.

We thank Asianet Satellite communications for providing us bandwidth.

This break-in challenge was unique in a sense that this was the first time an Open source product was put under such a test. Normally companies do this to show off their own product’s capability.

Posted in News, Work | No Comments »

Linux Server Break-in Challenge

Monday, March 7th, 2005

Linuxense is holding a Linux Server Break-in Challenge. We set up a hardened server, connecting it to the Internet and inviting those who are “crackers'’ at heart to break-in to it.

This event does not offer any prize money; and we are not planning to ship the server to the winner. But if you break in you you get a permanent reference in our challenge page –this is a “No Prizes; Just Applause'’ affair.

This is a regular Linux server with its traffic routed through a bridge to sniff the packets passing through and to limit outbound traffic. This bridge (yet another Linux box) will be logging all the packets passing through. This data will be made available to the participants –learn what others did it and do forensic analysis.

This server will become available on the net by 2 AM IST, 9 March 2005 and will be there for 96 hours or till you take it down. See the details on our web site.

Watch this space for updates on the event. Good luck!

Posted in News | 1 Comment »