Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
yet another challenge...
Posted by: gat3way
Date: January 28, 2009 02:49PM

Hello, I'd like to introduce you to another little hack challenge I did.

It's accessible at:

http://www.gat3way.eu/hack/

Basically the aim is to gain remote root access there.

Hope you'd like it :)

Options: ReplyQuote
Re: yet another challenge...
Posted by: rvdh
Date: January 29, 2009 03:19AM

This might hurt:

http://www.gat3way.eu/index.php?mact=News,cntnt01,detail,0&articleid=4&cntnt01&returnid=%2715

Options: ReplyQuote
Re: yet another challenge...
Posted by: rvdh
Date: January 29, 2009 03:20AM

http://www.gat3way.eu/lib/smarty/README

Options: ReplyQuote
Re: yet another challenge...
Posted by: wireghoul
Date: January 29, 2009 09:59PM

Nitpicking time...

I would leave directory index disabled by default myself: http://www.gat3way.eu/tmp/cache/

Oh I smell information disclosure: http://www.gat3way.eu/admin/footer.php

And as expected I just found a remote 0day..better start writing an email

[www.justanotherhacker.com]



Edited 1 time(s). Last edit at 01/29/2009 10:27PM by wireghoul.

Options: ReplyQuote
Re: yet another challenge...
Posted by: gat3way
Date: January 30, 2009 07:40AM

Guys, no point of doing that. Actually gat3way.eu and gat3way.eu/hack are two different hosts, the first one acting as an apache reverse proxy towards the second one.

So supposedly you even got remote root access on gat3way.eu, you will not be able to do anything beyond eavesdropping http traffic going from/to the hack game.

Better concentrate on the vulnerabilities present on the hackgame...there are SQL injections, LFI, XSS vulnerabilities, etc :)

Options: ReplyQuote
Re: yet another challenge...
Posted by: Matt Presson
Date: January 30, 2009 08:59AM

Actually, if I get root on your proxy box I can do whatever I want so I would take the advice of your fellows here and lock that box down.

-----------------------------------------------------------------------
(ú=(θ='',[µ=!(Φ=!θ+{})+θ,Θ=Φ[ø=+!θ]+Φ[+θ],ĩ=µ[ø],Ø=µ[º=ø+++ø],Ç=Φ[º+ø],à=ú[Φ[º+º]+Φ[+θ]+Ç+ĩ]][Ø+Ç+Θ])())[ĩ+à('•êí')](Ç+à('Á«)'))

Options: ReplyQuote
Re: yet another challenge...
Posted by: wireghoul
Date: February 01, 2009 06:26PM

The reverse proxy reveals itself in the 500 error pages from your challenge. The friendly SQL error shows the remote IP as 192.168.1.200 iirc. I didn't mention that, but I was well aware of it.

[www.justanotherhacker.com]

Options: ReplyQuote


Sorry, only registered users may post in this forum.