Tuesday, August 24, 2010

Successful Attack of Server 3 in HackEire 2009

Hi Folks,

I have uploaded a short presentation of how to attack 'server 3' in the HackEire 2009 contest. The presentation is pretty short and as in the previous blog posts, you will require a login to the IRISS Cert website but remember it's free so sign up now!!!

Compromising this server was not overly complicated as a key password was left in the HTML source for the homepage. It is unfortunately too common for passwords to be left in obvious places, such as  source code, to simplify applications and make administrators' or developers' lives easier!! We all like an easy life, well I know I do :) Surprisingly,this password was not retrieved immediately and all teams (apart from one) needed a hint to look at the homepage more closely, which just goes to show that sometimes, the best place to hide something is in plain sight!!

Later slides show that this server was key to being a pivot point for the final server and shows why it's important to think of post exploitation and to explore the compromised server for further information that may be lying around.

By the way, we've had a few entries so for HackEire 2010 and lots of interest so thanks for that. Please bear in mind that we only have ten slots :)


Tuesday, August 17, 2010

Registration for HackEire & IRISSCon 2010


Just to let everyone know that registration for HackEire and IRISSCon 2010 is now open.

To enter the HackEire contest, please send an email to info@iriss.ie and provide the following details -

  • Team Name
  • Team Members
  • Organisation (college, work place etc)

Places for the competition will be allocated on a first-come, first-serve basis with preference given to IRISS members. It is free to become an IRISS member and you can sign up here. As a member, you will receive the following services.

Come, play HackEire.......


Thursday, August 12, 2010

Irish Hackerspaces Week

I thought this may be of interest to some of you!!

I've been hearing a lot of good stuff about the Irish Hackerspsaces on Twitter and Boards,  while I've also seen some good information on TOG (hopefully some of the guys will return for HackEire 2010).

So check out 'Irish Hackerspaces Week', it's been run in both Dublin and Galway this week.


Wednesday, August 11, 2010

Some Pictures from the 2009 HackEire Contest

for once they're not communicating over their encrypted IRC channel

giving some hints

hard at work

if you think this scoreboard is cool, come see the 2010 version

IRISSCon 2009

listening to the winning presentation - riveting

motley crew

the camp is split in two

panoramic view

working together - we like to see this

shit, someone is hacking my laptop - I don't want to be pwnd!!

Successful Attack of Server 2 in HackEire 2010

Hi Folks,

Firstly, apologies for the delay in posting this. Unfortunately life keeps getting in the way!!

I have uploaded a short presentation of how to attack 'server 2' in the HackEire 2009 contest. The presentation is pretty short and like last time, you will require a login to the IRISS Cert website but remember it's free!!!

Having retrieved many user details from the first server, we were able to log onto the second server over SSH using the 'lyray' user accounts. An earlier NMAP scan had shown the port 3456 was open and a version scan on port 3456 confirmed that it was SSH. Some system administrators use the 'Security by Obscurity' technique to hide vulnerable services, in this case we can see that it didn't work. Who doesn't love NMAP?

This user was lazy and had used the same password on several servers. This is something that is unfortunately far too commonplace and whilst the easy way out, it can be potentially damaging and is often one of the first things that the 'bad guys' or 'penetration testers' will try.

The next few slides show a very short summary of the 'hacker' exploring the system to see if there's anything lying around. The hacker has noticed that the system is running the Linux 2.6 kernel and performs a search for any key files lying around. In this instance, the system is vulnerable to a 'root escalation' script found in /home/iriss/exploit. We left this 'exploit' script here because in real-life, it often happens that previous attackers leave things lying around or system administrators do likewise when testing.

This short presentation finishes showing successful privilege escalation, transfer of the key files (as id is now zero, we can 'cd' anywhere) and the /etc/passwd and shadow files for local password cracking as the files are merged using 'John'.

Hopefully that short explanation has sparked some interest and whetted the appetite for HackEire 2010 :)