Compromising this server was not overly complicated as a key password was left in the HTML source for the homepage. It is unfortunately too common for passwords to be left in obvious places, such as source code, to simplify applications and make administrators' or developers' lives easier!! We all like an easy life, well I know I do :) Surprisingly,this password was not retrieved immediately and all teams (apart from one) needed a hint to look at the homepage more closely, which just goes to show that sometimes, the best place to hide something is in plain sight!!
Later slides show that this server was key to being a pivot point for the final server and shows why it's important to think of post exploitation and to explore the compromised server for further information that may be lying around.
By the way, we've had a few entries so for HackEire 2010 and lots of interest so thanks for that. Please bear in mind that we only have ten slots :)