Vulnerability Development mailing list archives
Re: Kill the DOG and win 100 000 DM
From: "Fabio Pietrosanti (naif)" <fabio () TELEMAIL IT>
Date: Tue, 7 Nov 2000 13:51:54 +0100
A strange thing.... Trying 193.102.208.43... Connected to 193.102.208.43. Escape character is '^]'. 220 pitbull ESMTP Sendmail 8.9.3+Sun/8.9.1; Tue, 7 Nov 2000 12:43:49 +0100 (MET) vrfy root 250 Super-User <root@pitbull> vrfy bin 250 <bin@pitbull> expn bin 451 include: initgroups(bin, 2) failed: Operation not permitted expn root 451 include: initgroups(root, 1) failed: Operation not permitted expn nobody4 451 include: initgroups(nobody4, 65534) failed: Operation not permitted vrfy nobody4 250 SunOS 4.x Nobody <nobody4@pitbull> quit 221 pitbull closing connection naif On Mon, 6 Nov 2000, Christian Schwalm wrote:
hi :)I just tried getting through, and although it took a LONG time iteventually loaded the webpage. I was actually in the act of >emailing them to ask which server they want us to take down lol (since they have 3 (main, hacking-contest.com, and >193.102.208.43). i tried alot , but the connection always failed. even telnetting to port 80 didnt work. i have 2 (legal) shells very very close to the system, so i think you have to catch a lucky moment to get the / page. <joke> i could mirror the site if anyone send me an apropriate .tgz hehe </joke> port 25 and 23 ( try root/toor maybe it works haha ) work like a charm.Although I see that most "security professionals" seem to dislike thesecontests as a poor example of security publicity; I likethese contests just for an aspect of a free/legal public system for anyoneto play around on. I think wargames do help anyonetrying to learn since they may not have the funds/knowledge right away toset up their own unix box. and hacking your own boxesis not *that* thrill, because (i hope) everyone fixes the holes he knows. and if you want to stay on the legal side contests or good friends? boxes are the only choice ...Maybe the site is already experiencing DOS attacks.or pitbull isnt the right choice for high traffic webservers because it has to much overhead checking everything *g* only thing i could do was checking their relaying rules (relaying denied) and looking for some user accs: 550 www... User unknown 250 nobody... Recipient ok 250 root... Recipient ok 550 ftp... User unknown 250 nobody4... Recipient ok 250 uucp... Recipient ok [...] 550 admin... User unknown 550 administrator... User unknown 550 gast... User unknown 550 guest... User unknown 550 toor... User unknown 550 argus... User unknown 550 argusadmin... User unknown [...] 550 bla... User unknown 550 blabla... User unknown maybe you could send an email with the "|" thingie i just read ... but i belive they will never read the mail delivered to that system during the contest neither reply to them. at the moment this looks like a "i-close-all-ports-and-say-hackme" machine. are there any cgis ? whats on the webpage ? i suppose a static html or so .. >:( is there a database or aplication server in the backend ? that would be real. never heard of a pitbull oracle/sybase database but of some exploitable bugs in those dbs. so i just sit and wait for some login info ... plz dont flame me because of my xmailer ... i like "mousekliggikliggi" :)))) - christian `eldoc? schwalm schwalmATstud.uni-hannover.de *** signature is ill today.
Current thread:
- Re: Kill the DOG and win 100 000 DM, (continued)
- Re: Kill the DOG and win 100 000 DM ratz (Nov 07)
- Message not available
- Re: Kill the DOG and win 100 000 DM Lincoln Yeoh (Nov 07)
- Re: Kill the DOG and win 100 000 DM Sven van 't Veer (Nov 07)
- Message not available
- Re: Kill the DOG and win 100 000 DM Jay Tribick (Nov 07)
- Re: Kill the DOG and win 100 000 DM Christian Schwalm (Nov 07)
- Re: Kill the DOG and win 100 000 DM James Cox (Nov 07)
- Re: Kill the DOG and win 100 000 DM Fabio Pietrosanti (naif) (Nov 08)
- Re: Kill the DOG and win 100 000 DM Jay Tribick (Nov 08)
- Re: Kill the DOG and win 100 000 DM Mark (Nov 08)
- Re: Kill the DOG and win 100 000 DM Jon Larimer (Nov 09)
- Re: Kill the DOG and win 100 000 DM Jay Tribick (Nov 09)