Posted: Tue Jan 13, 2009 9:13 am Post subject: New Challenge Type
Hello everyone.I would like to see a new challenge type based on teletting,netcat,servers,ftp etc...Please give suggestions and tell me what you think about this idea.Thanks
Joined: Jun 29, 2008 Posts: 53 Points: 5 Location: Indiana
Posted: Fri Jun 19, 2009 4:27 pm Post subject:
I would love to set up such challenges as these, but there are problems with it. Unless you a challenge that would simulate some type of rooting its hard to do this stuff without setting up actual computers that can be hacked. ____________
A good way to lead into rooting challenges would be to make some apps that have some vulnerabilities and put it up for users to audit and find the vulnerability. Since rooting is more about auditing server apps, servers would be best to use as examples and making the vuln hard to spot is even better. How many users here are familiar with C or C++, if there are enough I wouldn't mind making a couple actually working Client/Server apps that have some hard to spot vulns in them for auditing. Once you have found the vulnerability you can then write up a exploit for it and run it on a active server, thats all rooting really is, auditing and running the exploit on the server. There are some more advanced techniques as you get into real environments with non-executable stacks, canary values and such but auditing is where most of the grunt work is done. ____________ A.K.A DigitalOutcast
Rawr!
