Patikrinkite mano sistemos saugumą

T
Techtronic
Mindaugas N.
  • 21 Lap '12

Sveiki, turiu viena serveri/sistama skirta butent i ji įsilaužti mokslo tikslams
Sukurtas su DVL ideja ~for penetration testig~. Jeigu yra tokiu kurie nori isbandyti tai adresas 86.100.226.46 (portas 22 ssh). Useris 'linux' slaptazodis 'hackme'. Pabandykite gauti root teises.

Laukiu idėjų/pastebėjimų/pasiūlymų.

T
Techtronic
Mindaugas N.
  • 26 Lap '12

Aciu visiems kurie bande!
Serveris veike gana trumpai, vos viena vakara (NE, as ji pats isjungiau ), bet rezultatai tikrai geri .
Buvo tokiu kurie bande paleisti nautilus, arba sukurti nauja user, o buvo ir tokiu kurie isbandyti norejo komanda rm -rf /*.
Vienas is jusu sugebejo atspeti kad tai yra apgaule.

vps24:/$ pstree 
bash: pstree: command not found
vps24:/$ useradd nigger 
Adding user `nigger' ...
Adding new group `nigger' (1001) ...
Adding new user `nigger' (1001) with group `nigger' ...
Creating home directory `/home/nigger' ...
Copying files from `/etc/skel' ...
Password: 
Password again: 
Changing the user information for nigger
Enter the new value, or press ENTER for the default
        Username []: niggr
        Full Name []: fuck your sandbox port 
        Room Number []: -  
        Work Phone []: -
        Home Phone []: - 
        Mobile Phone []: - 
        Country []: -
        City []: - 
        Language []: - 
        Favorite movie []: -  
        Other []: -        
Is the information correct? [Y/n] y  
ERROR: Some of the information you entered is invalid
Deleting user `nigger' ...
Deleting group `nigger' (1001) ...
Deleting home directory `/home/nigger' ...
Try again? [Y/n] y

Changing the user information for nigger
Enter the new value, or press ENTER for the default
        Username []:  Must enter a value!
        Username []: niggr
        Full Name []: tits  
        Room Number []: 893 
        Work Phone []: 861257334 
        Home Phone []: 84358774  
        Mobile Phone []: 867745661 
        Country []: ru 
        City []: mo
        Language []: ru 
        Favorite movie []: fucking sandboxer shiter  
        Other []: no 
Is the information correct? [Y/n] y 
ERROR: Some of the information you entered is invalid
Deleting user `nigger' ...
Deleting group `nigger' (1001) ...
^C
vps24:/$ Deleting home directory `/home/nigger' ... 
Try again? [Y/n] n 
bash: n: command not found
vps24:/$ exit 
Connection to server closed.
localhost:/root$ ls 
localhost:/root$ ls 
localhost:/root$ cd .. 
localhost:/$ exit 
Connection to server closed.
localhost:/root$ exit 
Connection to server closed.
localhost:/root$ cd .. 
localhost:/$ cd .. 
localhost:/$ ls 
sys        bin        mnt        media      vmlinuz    opt        cdrom      
selinux    tmp        proc       sbin       etc        dev        srv        
initrd.img lib        home       var        usr        boot       root       
lost+found 
localhost:/$ cd home 
localhost:/home$ ls 
richard 
localhost:/home$ nautilus. 
bash: nautilus.: command not found 
localhost:/home$ nautilus . 
bash: nautilus: command not found 
localhost:/home$ ↵

Gaila, bet tikru hackeriu nesulaukiau, o butu buve idomu paziureti kas kaip...

Buvo paleistas Kippo (a medium interaction SSH honeypot).
http://www.youtube.com/watch?v=FwZCWcfwzZ0