What up?! I made a thread yesterday about an interesting challenge from the german intelligence agency but Sup Forums wasn't that interested and focused on consumerism instead.
For the challenge you must run a bare debian linux image in a VM.
Some agency from an allied country asks the BND to check an incident. The server of some state insurancy company got hacked. They supply an image of the server. You have to analyze the image. The hackers left traces on the system (files) and you have to figure out how to get root access. LUCKILY the hackers somehow created a low level user (hacker:abcd1234).
Hints are that there is a web application involved and this is most likely the attack vector.
What i have found so far:
>a /html/ folder contains a .php with a script that lets potential attackers use ReadFile ... this is most likely the vulnerability that allowed the hackers to change the root password/gain access to the system >"www-data" seems to be the root's username. I can't find the password to it though.
Questions you have to answer:
>How did the attackers gain access to the system (keep in mind they had no access to the terminal) >How were they able to get root access >What data (incl content) did the hackers leave behind and where?
The challenge is for people with masters degrees in computer science.
Can Sup Forums figure it out?!!
Kayden Hughes
>The challenge is for people with masters degrees in computer science.
It's probs a web rce -> shell -> priv ESC like dirty cow
Jonathan Johnson
I don't speak German.
Samuel Smith
no social engineering involved. The exploit obviously came through the website hosted on the server and the .php
you don't have to. The .vmdk is a normal debian linux image.
Jaxon Watson
The downside is that you'll have to work in Berlin, the Hipster capital of Europe.
Thomas Ramirez
true but i dont want to work there. Pay is really bad for actual experts in that field i guess. I am not even an expert i just think its a fun and interesting challenge and it can't be that hard to solve it.
Starting is 5k before taxes which is like 60k a year. All salaries and levels are public. I think you can reach over 100k but thats going to take you 20 years or so.
They probably recruit awkward meme patriots or something - or people use it as a platform to get into actual high paying jobs.
Owen Ramirez
You also get job security and a decent pension. Once you reach public servant status, they virtually can't fire you, as long as you show up for work.
Hunter Ross
truuuuuuu
Lincoln Collins
>The challenge is for people with masters degrees in computer science.
computer science is about computation, not becoming the hackerman
Wyatt Watson
pretty awkward that this board can't figure this out tbqh.
I guess the memes are true and i have confirmed it for myself. Sup Forums is a consumer oriented board for linux users that want to rice their desktops and then shitpost about how pajeets are stealing their jobs. Sounds like Sup Forums just for tech.
Elijah Sanchez
Most of Sup Forums are successful, white businessmen with big degrees in business.
Michael Hernandez
and engineers, scientists and scholars and don't forget the 9" cocks, trucks, ex - military, defense contractors, beautiful aryan wife and 3 children with blonde hairs and blue eyes
similiar to how Sup Forums only uses free software, is smarter than the CIA, doesnt need a degree to write the best code in the industry and is an expert of every linux distro
Juan Cooper
My favorite Sup Forums archetype is the C programmer who never makes mistakes (safe languages are for babbies).
Jeremiah Smith
>Sup Forums codes close to the metal but can't navigate with the CLI through a linux filesystem
yaaaaaaaaaaas
Noah Flores
Outsourcing your homework to /g is pathetic
Dominic Collins
this isnt homework .. did you read the post?
Benjamin Cox
>close to mental
Nathan Butler
Yeah I love that guy too, the hubris is delicious
Anthony Brooks
...
Chase Hall
Hopefully pajeets and changs can get it first then
Blake Green
love how they LARP this hard at the worst NEET day time in the history of mankind
Angel Anderson
No one cares about you or your employer's challenge, Fritz.