Re: Kill the DOG and win 100 000 DM

[John Herron <john.herron () RRC STATE TX US>]

I just tried getting through, and although it took a LONG time it eventually loaded the webpage.  I was actually in the 
act of emailing them to ask which server they want us to take down lol (since they have 3 (main, hacking-contest.com, 
and 193.102.208.43).

Still, the system seems to be quite slow (but what system wouldn't be that has a set date of an international hack 
attack).  I couldn't ping it, but thats anything from it being slow and simply timing out to the server rejecting my 
ICMP packets.

Although I see that most "security professionals" seem to dislike these contests as a poor example of security 
publicity; I like these contests just for an aspect of a free/legal public system for anyone to play around on.  I 
think wargames do help anyone trying to learn since they may not have the funds/knowledge right away to set up their 
own unix box.

Regardless, just wanted to comment that although the box is unrealistically slow, it IS still up and does (after a few 
minutes) load the webpage.

> > > Lincoln Yeoh <lyeoh () POP JARING MY> 11/06/00 12:38AM >>>
Hmm. The IP is released but I can't reach the webserver - following doesn't
work:
http://193.102.208.43/ 

Maybe the site is already experiencing DOS attacks.

At 09:50 PM 05-11-2000 -0500, //Stany wrote:
> On Mon, 6 Nov 2000, Jay Tribick wrote:
> > root doesn't actually have any privileges on a Pitbull system.. he's
> > just a normal user (out of the box..)
>
> Actually that's not strictly true either - root user has enough
> priviledges to allow the system to boot on power on (not the OBP security
> levels, but the  PB authentication to let system finish booting up), but
> that's about it, yes.

How is remote administration performed? The documentation available online
says that there is a tool for remote admin, but doesn't go into the
details. I think it's ssh.

Is it possible to telnet in, su to root, then run some program to upgrade
your authority? Or telnet in, change your level/authority, then su to root?

For example for Cyberguard on Unixware, you run /sbin/tfadmin newlvl
sys_private. And in theory you're not supposed to be able to do it when you
telnet in from a device at NETWORK level. You can't do that anymore. But
point is often reality refuses to follow theory ;).

For Pitbull systems, what does
/tbin/setsecconfig -D0
do?

From: https://www.argus-systems.com/support/knowledge_base/trouble.shtml#18 

I tried to check their online manual, but the manpage doesn't seem to be
there, even though that command is mentioned in the other manpages dealing
with privileges and related commands.

> > ..if anyone would like Jeff Thompsons talk from Defcon 7 on "Hacking B1
> > Trusted Operating Systems", send me an email and I'll put it up somewhere.
>
> Sure, please.   Knowledge is power, and all that...

It's actually on one of the sites mentioned in the post:

http://www.argusrevolution.com/downloads/DefCon.ppt 
From: http://www.argusrevolution.com/pitbullsupport.html 

Do you know where I can find the release notes for Pitbull? e.g. what bugs
they fixed in each release? This would be more interesting - you find out
what the developers are having trouble with.

Anyway, I may just poke around when they release root - too lazy to get a
special Solaris 7 and a copy of Pitbull. That is if I can telnet in with
all the DOS attacks going on ;).

Cheerio,
Link.