Re: Kill the DOG and win 100 000 DM

[Jay Tribick <jay.tribick () CARRIER1 NET>]

> > Jay Tribick let me know that you guys were having a discussion of the
> > PitBull hacking contest going on right now on this list so I thought I
> > would join and offer myself for questions and whatnot.  To introduce
>
> OK, just curious about a few things:
>
> Wasn't the root password supposed to be published?

The root password wouldn't do you much good.. the isso password
on the other hand would, and I've had a box cracking that shadow
file since it came out. No joy yet :/

> What would happen if someone telneted in from localhost and tried to login
> as isso -e "TS ALL", and used the correct password?

Good question.. although they could have made it so that console
access is a prerequisite for logging into the isso account.

One thing I haven't tried (and therefore don't know if it works or
not) is opening the /dev/console device.. if it was possible to
open that (bypassing the lock that ttymon will hold on it) then
you may be able to login to the box as if you were on the console.

Anyone know if this would work?

There's other issues to deal with.. but it'd be a good first step
to compromising the box.. and would also mean, once we have the
isso password, that we could kick the box into maintennance
mode and start circumventing the security from there.

> Does ps show all processes or only certain processes are seen when logged
> in as beaner?

It will only show the processes within your SL range, seeing as
we don't have any access to /tbin we're limited in the scope of
our attack.. we can't even see what the SL range for the user
is at present :(

. o ( I wonder if it's possible to upload /tbin/setsl from an already
running pitbull system.. after all it's only a few system calls
and I assume this user has GETSL authorisation )

Just a thought.

--
Regards,

Jay Tribick
Senior Systems Engineer
Carrier1
Voice:  +44 207 531 3874
Mobile: +44 7801 526 638