Have u heard about the IP 62.4.71.36 ??
http://kernel.sysdoor.com/eng/index.php

Has anybody tried and could inform us :eek: ?

Thank u !!

ahaha, ill sure give it a go ! :)

Has anybody tried so far ?

wow....
Lets see who crack it first..

this is a joke. i want to see them running a real world application on that server - anyone can remove enough functionality from a box to make it almost impossible to crack.

the brickhouse web hosting appliance comes to mind - endorsed by carolyn meinel, it is a small appliance based on roothat with a bunch of custom lkms that implemement acls and mdac, running thttpd (not the good one, the simple one). im not even sure if you can use it for email, some form of ftp is available. it is really secure - apart from a couple DoS issues and several almost-there vulnerabilities, nothing could be found. yet it is not useful in any way - the most you could run on there is your family's homepage. case in point.

wow. if i were 16 again i wouldn't eat for a month.

Originally posted by rusko
this is a joke. i want to see them running a real world application on that server - anyone can remove enough functionality from a box to make it almost impossible to crack.

the brickhouse web hosting appliance comes to mind - endorsed by carolyn meinel, it is a small appliance based on roothat with a bunch of custom lkms that implemement acls and mdac, running thttpd (not the good one, the simple one). im not even sure if you can use it for email, some form of ftp is available. it is really secure - apart from a couple DoS issues and several almost-there vulnerabilities, nothing could be found. yet it is not useful in any way - the most you could run on there is your family's homepage. case in point.

Oh God Did you just say Carolyn Meinel? Charlatan of the ISS community?

Those people offering this challenge are clueless twits:

http://groups.google.ca/groups?hl=en&lr=&ie=UTF-8&frame=right&th=2f2f09788e69ab40&seekm=20021115-164324-483373%40foorum.com#link1

I'll be happy to set up a system that only runs a web server on port 80 and nothing else and make a challenge too (all about how secure the kernel is). I (among many others) let this moron have it on usenet last week about this lame challenge.

They've also added an IRC Server. Do u really think that they could put news 'services' on the famous machine (such as a shell ?)

Originally posted by skelley1
wow. if i were 16 again i wouldn't eat for a month.

LOL :)

ms

The thing that's most ridiculous, is that their biggest claim is that they have a secure OS and kernel. Yet, they do not allow any access or have any demo account for the server. How are we supposed to test anything but remote exploits? A patched web server is all they offered. Unless there's a remote exploit in the kernel (Do you know of any for any current kernel? I don't.), then you have no better or worse chances on any other system that runs just a web server.

Anyone can do this and make this challenge. These people are just trying to hype something up to be something it's not, to impress people to thinking they are qualified. This challenge alone shows that they are not. They are either trying to deceive people that aren't educated at all in security, or they are just that clueless.

Originally posted by 2host.com
They are either trying to deceive people that aren't educated at all in security, or they are just that clueless.

I would guess the latter.

These are the only 2 ports i can find open:

TCP: 62.4.71.36 [80-www-http]
TCP: 62.4.71.36 [31337-backdoor]

Originally posted by goodness0001
These are the only 2 ports i can find open:

TCP: 62.4.71.36 [80-www-http]
TCP: 62.4.71.36 [31337-backdoor]

Interesting that they'd be listening to a Windows B.O. trojan port.

OK...explain this to me...looking at their recent attemps, 2 stand out, one of them being:
http://kernel.sysdoor.com/prelude/index-eng.php?alertid=626403

Classification informations :
Origin : Origin of the name is not known
Name : Scanning attack

Impact severity :
Severity : High severity
Completion : The attempt succeeded.
Type : A reconnaissance probe was attempted or completed (Recon).

Its a gimmick to get the big corporates to trust their security systems.

Anybody catch "The Net" on HBO recently? :D

apparently, they are going to add new services on the machine (telnet access ?!)

Kinda useless to try when they have encrypted the file containing the magic words with a PGP like algorithm. Another hour of my life wasted...

Intrusion Attempts : 11240068
Intrusion succeeded : 0
:flamethr: Target : 62.4.71.36

If there was any real money on the table.. I'd say get a small group of people 6-8, former special forces, equip them with small fully auto weapons, and go into the building hosting the server..

One person can get the server's file and exit the building.. They never said it couldn't be physicly compromised :D

damn, yall are sad individuals. I stress individuals ofcourse.

btw I agree with proho's idea. Give me a dollars and I'll bust in there bust a few caps in some peep's arses, steal some HDs while I'm at it and just pull the HD the server is on and be like...

"what up? yall didn't see that coming? did ya? punk bitch!"

"Now where's ma 30 thousand?"

how about we all gather together and just packet the bitch offline :)

Have u read this :

Technology used:
Suffice to say that these methods rely on algorithms that have links to the real world, such as acoustic and vibratory phenomena. That's all we are prepared to reveal.
(http://kernel.sysdoor.com/eng/index.php)

THIS is going to be very very interesting. :bomb:

In most cases. Even if a box is secured. Its not truly secured. The problem is that even though a challenge has been made the connectivity to that box still remains. Meaning that all connections to that system from a uper level sub system still exsist. So that box isnt secure. The day that that system is secure is when the hole internet is completly secure ( not going to happen) or that box is turned off. Now having the right to hack the sub systems and laying down your basic sniffer would be illegal because they dont give any rights to there subsystems. But im sure even if there network was secure that you could hack the network above them and still get access to there network. wouldnt be to much of a challenge. Its funny so many systems out there run these kind of tests. and ive seen it happen time and time again. hell it happens all over the world still :). You guys have fun with this system all this company is doing is trying to atract attention to there software. Although its not a bad marketing plan for the people that are the average company with an average admin that thinks hey this is the best software. But for some who know where im comming form know exactly what im talking about and hopefully now more kind of relize the concept a little better.

Originally posted by espionage
In most cases. Even if a box is secured. Its not truly secured.


It's secure as long as there's no known exploits (if there are any) in the one service they run, by the sound of it. That's really not that difficult to secure. After all, even if Apache was insecure, it would only give up unprivileged access. Putting Apache in a jail would only allow someone to really compromise that one aspect, not the server, which is what the challenge is for. Apparently they aren't running anything else, so there's really no way to get in unless Apache provided a root exploit. I'm not aware of any way or any history that this was or could be an issue.


So that box isnt secure. The day that that system is secure is when the hole internet is completly secure ( not going to happen) or that box is turned off.


I don't know about that. Also, what do you mean about "the hole in the Internet" and what is the relation to the Internet and a server? The only thing that will allow you to compromise a server, is something on that server being vulnerable or set up wrong. If they only run Apache in a chrooted partition, it will not give up root, and it will only affect that one partition's information from a remote attack on Apache, if that's even possible in that nature of attack.


Now having the right to hack the sub systems and laying down your basic sniffer


This has no relevance. The system doesn't run any service that would be passing any data that could be used to log in, since there's no telnet, FTP, SSH, etc.

Trust me, in a situation like this company poses, it's very possible to have a completely secure system (from a root compromise), unless there's something in the one service they run that can result in a root compromise, even if it's running as a nonpriveleged user with no shell/login, in a chroot jailed partition of it's own.

Assuming too that they did a simple thing of killing the connection and a file system revert if there's any change detected from a file system monitor, which could also check logs, the datagrams, etc. This would be very possible to avoid even if that were the case.

Finally, this leaves some exploit in the kernel, how TCP/IP is working or some very complex compromise that I've never personally heard of (so I can't say it's impossible, but). Anyway, I too, like others have stated, could set up a system running only Apache on my cable connection here at home, with no special kernel or configuration and I promise that no one could break in and get root. I could tweak it to not give up root.

In fact, I'd have it fail, reboot and restore the file system and lock everything out for a period of time to make sure that any attempt would fail and everything would be back to normal while I found that one, rare exploitable thing. Yes, I like the challenge, but I don't see how this one here actually is a challenge. It seems like a good way to get people that don't know better to be impressed with them, as other's have guessed (this is my guess too).

Originally posted by klaban
Have u read this :

Technology used:
Suffice to say that these methods rely on algorithms that have links to the real world, such as acoustic and vibratory phenomena. That's all we are prepared to reveal.
(http://kernel.sysdoor.com/eng/index.php)

THIS is going to be very very interesting. :bomb:

What's interesting about it?

yady yady yady.

It's secure as long as there's no known exploits (if there are any) in the one service they run, by the sound of it.

thats funny. Anyone knowing security that isnt a half way wannabe / script kiddie. knows you find your own security holes if there are none public. Any half decent hackers knows this. And just because that there isnt a direct service running doesnt mean that your unable to access that system and the files on it. There are so many ways to bypass a systems security. Lets say the system had a firewall / IDS system on it. If you hacked a trusted system to that system you could bypass the firewall/IDS or if you couldnt get in though the firewall a fragmented / Octal Formated ip addressing should bypass most of the security features that a system would have. Not encluding a DoS that could be ran on the system to take up system resources. I use to work for NAI on there CYbercop monitor. And ive played with lot of other IDS/s if they are running any type of IDS be asured that theres a way in. THe problem with corprate software is they push for release dates and could care less even with a security product the danger of releasing a code to early. The main object in there eyes in the money they get after the program is released then once they get there money they go back and find new features fix a few bugs but present new bugs with new code.

Now lets take a look at another aspect. The protocols that being on the internet allows us to play with. Back in 95 (example) there was a bug present in rip allowing you to re route a secondary ip to your system with out any authinication allowing to do multipule of objectives. DoS (stealing ips) hack trusted networks (using trusted ips) and attack other networks with out a log tracing it back to your account, only traces back to The Network that the ip belongs to. the concept of most protocols are realy good and most are coded nicly. but you have either a few things building sub protocols on broken ideas or half ass programmers programming / on broken ideas. If you think that there is no way in your mistaken. But some times yes it does take time. give it time someone will make them have egg on there face :) its happened time and time again on these so called "Challenges"

thats funny. Anyone knowing security that isnt a half way wannabe / script kiddie.


So, you're saying my post gave you the impression that I'm a wanna-be/script kiddie, or did I misunderstand you? Perhaps I didn't explain my point well enough. I did not post my response to challenge your knowledge of this topic, and I don't believe my view displayed any ignorance about this. If you believe it did, beyond just saying "If you think a server can be secure, you're wrong", no matter how it's configured or what it's running, then just say so and that you don't agree.

However, unless I'm proven wrong by someone rooting a server set up well (and I mean a server running one non exploitable service, with no logins, no shell, no shell for the users, special tweaks and configurations for a non-real world environment like these people are trying to set up), then there's really nothing to debate about it.

We both have our views and you shouldn't mistake mine for being overly confident about it. After all, I was discussing a well set up system with special configurations and tweaks. I don't know if these people have done so. But, if you think you can break a well set up system running only one, non exploitable program, then so be it.

However, I don't believe that just assuming there's "got to be a way in, eventually", is any more correct than people that are overly confident. I remain neutral depending on how it's set up and what it's running. Again, I'm not saying THESE people are secure, because I didn't set it up and don't know if they did anything beyond shutting everything other than Apache down, but that someone could very well do this.


knows you find your own security holes if there are none public.


Yes. Perhaps I didn't word it well. However, few people actually do this, and most rely on what's out there. Also, you have to find a hole. Some programs don't have them. Not all programs do. People have tried for years to break Qmail, for example. Also, whose to say that this challenge would have to even involve any software you could know about or get your hands on? Maybe it's in-house and just displaying an Apache banner?


Any half decent hackers knows this.


There's no reason to insult people in response. Or did I once again misunderstand what you said?


And just because that there isnt a direct service running doesnt mean that your unable to access that system and the files on it.


True, if that service you use to access the other service has the ability to. Or if those programs are on the server, which they very well might not be (and needn't be) if they log in at the console only or even decide "Hey, let's just mount the drive to make changes and not even have a login at console!". That and if you chroot it on it's own partition, it will not ever run as root, you would be very lucky to do anything significant even if you compromised it to view some files that the unprivileged user could view.

You also can mount the entire file system as read only, or the relevant partitions anyway. For all we know, they are running this system on a CD ROM where you can't modify or write to anything. Do you know what I mean? It's perfectly reasonable to agree that a system CAN be secured from someone gaining root. Again, I'm not saying their's is, but I know that there's people that can and it's not difficult to do, since we're not talking about a real-world server. If we were, that is different, no arguing there.


There are so many ways to bypass a systems security.


True, and there's a lot of ways that you're not able to as well, many more ways.


Lets say the system had a firewall / IDS system on it.


I'm not sure how a firewall has to do with this challenge or how it would help them make it more secure given the nature of this challenge.


If you hacked a trusted system to that system you could bypass the firewall/IDS or if you couldnt get in though the firewall a fragmented / Octal Formated ip addressing should bypass most of the security features that a system would have.


What...the...? Um, okay... Anyway, I say again, if you relied on firewalls for making the server more secure or not, this could make a difference, but since they don't rely on firewalls to make any difference and may not even run one, and since they have no login, bypassing a firewall doesn't make any difference. If they don't have any logins to hijack, sniff, etc., nor rely on firewalls to protect their logins, how the server is accessed, and so on, they don't play a role and this doesn't apply here.


Not encluding a DoS that could be ran on the system to take up system resources.


But that's not getting root. Just as even if you could exploit a hole in the web server, that too is not getting root, unless you can manage to use that web server to gain root. However, my point was that this web server could be run as any user, with no login, on it's own partition and have a few other simple things done that would make it pretty much impossible to do anything useful (unless Apache somehow was so exploitable via any user that it could result in root -- that would not happen), or unless you could use Apache once exploited to read and do more.

However, that would be difficult to do remotely only through the web server and you could then easily make it not give up root due to the way it's running. And, whose to say that Apache wasn't hacked and tweaked? That would be another obviously thing in my view, is to rip out anything in the Apache source that would allow for a compromise of any type at all and just have a stripped down web server.


I use to work for NAI on there CYbercop monitor. And ive played with lot of other IDS/s if they are running any type of IDS be asured that theres a way in.


I'm not sure how this relates to this challenge.


THe problem with corprate software is they push for release dates and could care less even with a security product the danger of releasing a code to early.


I imagine this is true of some companies and we've grown accustomed to that.


The main object in there eyes in the money they get after the program is released then once they get there money they go back and find new features fix a few bugs but present new bugs with new code.


Indeed, some people have the wrong idea.


Now lets take a look at another aspect. The protocols that being on the internet allows us to play with. Back in 95 (example) there was a bug present in rip allowing you to re route a secondary ip to your system with out any authinication allowing to do multipule of objectives. DoS (stealing ips) hack trusted networks (using trusted ips) and attack other networks with out a log tracing it back to your account, only traces back to The Network that the ip belongs to. the concept of most protocols are realy good and most are coded nicly. but you have either a few things building sub protocols on broken ideas or half ass programmers programming / on broken ideas.


Other than bad code, I don't see the relevance to a DoS or using trusted IP's, firewalls, IDS, whatever you are discussing. These people likely aren't relying on that. As for broken ideas, bad logic and vulnerabilities based on that. Of course that is how people find holes to compromise programs.


If you think that there is no way in your mistaken.


I think it's quite possible that there might be no way in. Looking at it scientifically, we can only prove there IS a way in, not that there isn't. I.e., you can only prove something is fact, you can't prove it's not. However, if they are running programs that are not insecure and don't have exploits (not all do), then exactly how is it that I'm mistaken if I say that it's possible there's no way in to gain root access?


But some times yes it does take time.


If there's something to exploit, it could take time to, yes.


give it time someone will make them have egg on there face :) its happened time and time again on these so called "Challenges"

They might, they might not ever. It really depends. Being overly confident assuming they can't be compromised is no worse than being overly confident that there "must be". Either view could be wrong. To better example this, let's use a feature that's not been compromised before; Let's say they were only running Qmail instead of a web server using Apache. You might think that eventually, you'll HAVE to find some exploit in Qmail that would allow you to exploit it and somehow get into the system, but that might not be true. Not every program or protocol is exploitable.

It's not all that unreasonable to say that it's very unlikely someone will gain access. it all depends on the software they are running, how they are running it and what modifications they did. I didn't go into any details about how to set it up to harden things, but if you are aware of this field than you can imagine a few ways in what I could mean (since there's a few ways to go about it and it's too involved for this topic). I'm not saying this to argue with you and I'm not saying it because I don't know better and am 'just a script kiddie'.

Truly, it's possible to have a system secure to where it is running so few things, in such as way that there's no room for someone to do much or anything. That is the trick people try and pull when offering these challenges. They set up a system that couldn't possibly do anything useful in the real world, and thus it's not really indicative of anything, nor is it a challenge. I still would like for you to explain this "hole in the Internet" you mentioned and how this would affect the server and how you could compromise the server itself.

Ok mybe i came off a little strong. Its not that i tried to. The fact is i havnt found a system yet from the time i was active until i became un active that couldnt keep me out. Even though a few systems have taken me a year to figure away in. And as far as the firewall/IDS example all they were is an example. and some times under certain race conditions bugs present them self. And thats what i was getting to not so much the DoS attack them self but when you have a race condition in some TCP/IP based programs Expecail in IDS's where they do packet reassembly bugs present them self. Thats what i was getting at in this case. And Sense they are running an IDSM system that . that might be a way to compermize the system. I hadnt taken a look at the system yet and i only skimed though this forum and the challenge site i hand read though it completly.
I was once told that if you set your mind that its possible that something isnt possible you leave room for doubt and thats just an easier way out. And in some cases ive found that not always do you have to get a root shell in order to get what you need some times its creating a program that exploits one weakness inorder to gain access to another program that doesnt have its permissions set quite right. but hey :) anyways. I apologize if i came off strong wasnt my intent. actualy i was told to come here that jobs often pop up and was more wondering about jobs out there then anything. But i saw this and i had to comment :)

It's not a problem, and I appreciate the response. I am not at all saying that any system is impossible, just that there are some ways to set up a system (such as a non writable media) to run one of these 'challenges'. I too haven't seen a system that is unbreakable, even if someone can do the above to try it -- even then there's things you can do with the memory if the media won't let you, but then you can only maybe halt the system, etc.

So, I'm not disagreeing, I just think challenges like this are sort of misleading. At the same time any company claiming what they do and only running what they do thinking it means much, probably doesn't know a lot about this and their system very well may be vulnerable. Of course, that's just the impression I get by them. :-)

I can't find the article now, but I remember there was a popular contest at a convention where the server had a similar set up.

A computer running nothing but a hardened web server, with one static page.

The hackers thought that it was unfair, so they lost interest and wandered off to break into the computer that held the contestant information to list themselves as the winner.

Also, security companies have pulled similar stunts and gotten embarrased. Like the pitbull story.

http://www.theregister.co.uk/content/8/18499.html

The secret word is SYSDOOR, nah that would be too obvious :D