Vulnerability Development mailing list archives
Re: Kill the DOG and win 100 000 DM
From: Christian Schwalm <schwalm () CIAO COM>
Date: Mon, 6 Nov 2000 20:26:55 +0100
hi :)
I just tried getting through, and although it took a LONG time it
eventually loaded the webpage. I was actually in the act of >emailing them to ask which server they want us to take down lol (since they have 3 (main, hacking-contest.com, and >193.102.208.43). i tried alot , but the connection always failed. even telnetting to port 80 didnt work. i have 2 (legal) shells very very close to the system, so i think you have to catch a lucky moment to get the / page. <joke> i could mirror the site if anyone send me an apropriate .tgz hehe </joke> port 25 and 23 ( try root/toor maybe it works haha ) work like a charm.
Although I see that most "security professionals" seem to dislike these
contests as a poor example of security publicity; I like
these contests just for an aspect of a free/legal public system for anyone
to play around on. I think wargames do help anyone
trying to learn since they may not have the funds/knowledge right away to
set up their own unix box. and hacking your own boxesis not *that* thrill, because (i hope) everyone fixes the holes he knows. and if you want to stay on the legal side contests or good friendsĀ“ boxes are the only choice ...
Maybe the site is already experiencing DOS attacks.
or pitbull isnt the right choice for high traffic webservers because it has to much overhead checking everything *g* only thing i could do was checking their relaying rules (relaying denied) and looking for some user accs: 550 www... User unknown 250 nobody... Recipient ok 250 root... Recipient ok 550 ftp... User unknown 250 nobody4... Recipient ok 250 uucp... Recipient ok [...] 550 admin... User unknown 550 administrator... User unknown 550 gast... User unknown 550 guest... User unknown 550 toor... User unknown 550 argus... User unknown 550 argusadmin... User unknown [...] 550 bla... User unknown 550 blabla... User unknown maybe you could send an email with the "|" thingie i just read ... but i belive they will never read the mail delivered to that system during the contest neither reply to them. at the moment this looks like a "i-close-all-ports-and-say-hackme" machine. are there any cgis ? whats on the webpage ? i suppose a static html or so .. >:( is there a database or aplication server in the backend ? that would be real. never heard of a pitbull oracle/sybase database but of some exploitable bugs in those dbs. so i just sit and wait for some login info ... plz dont flame me because of my xmailer ... i like "mousekliggikliggi" :)))) - christian `eldocĀ“ schwalm schwalmATstud.uni-hannover.de *** signature is ill today.
Current thread:
- Re: Kill the DOG and win 100 000 DM, (continued)
- Re: Kill the DOG and win 100 000 DM //Stany (Nov 06)
- Re: Kill the DOG and win 100 000 DM Jay Tribick (Nov 07)
- Re: Kill the DOG and win 100 000 DM ratz (Nov 07)
- Message not available
- Re: Kill the DOG and win 100 000 DM Lincoln Yeoh (Nov 07)
- Re: Kill the DOG and win 100 000 DM Sven van 't Veer (Nov 07)
- Message not available
- Re: Kill the DOG and win 100 000 DM Jay Tribick (Nov 07)
- Re: Kill the DOG and win 100 000 DM Christian Schwalm (Nov 07)
- Re: Kill the DOG and win 100 000 DM James Cox (Nov 07)
- Re: Kill the DOG and win 100 000 DM Fabio Pietrosanti (naif) (Nov 08)
- Re: Kill the DOG and win 100 000 DM Jay Tribick (Nov 08)
- Re: Kill the DOG and win 100 000 DM Mark (Nov 08)