Guest Kovalski Posted June 16, 2012 Report Share Posted June 16, 2012 (edited) server: 94.249.208.71login rstpass rstfaceti si voi un security audit si spuneti aici cam ce ar trebui sa schimb.target:obtain uid=0 gid=0 groups=0schimbari majorecompromitere mysql / apacheescaladare privilegiiinstalare rootkitetc...daca ati reusit, schimbati asta: Secure Edited June 16, 2012 by ps-axl Quote Link to comment Share on other sites More sharing options...
xpaulx Posted June 16, 2012 Report Share Posted June 16, 2012 Pai e competitie sau ne ceri ajutorul? Quote Link to comment Share on other sites More sharing options...
Guest Kovalski Posted June 16, 2012 Report Share Posted June 16, 2012 ia-o cum vrei competitia este pentru a vedea daca am securizat bine.si tot odata ma si ajutati sa il perfectionez Quote Link to comment Share on other sites More sharing options...
PingLord Posted June 16, 2012 Report Share Posted June 16, 2012 Vreau si eu un alt user cu aceleasi permisiuni ca mi se sterge munca care o depun Quote Link to comment Share on other sites More sharing options...
Guest Kovalski Posted June 16, 2012 Report Share Posted June 16, 2012 fa-ti un folder cu numele tau si nu o sa se bage nimeni pesteby the way am vazut ca esti pe calea cea buna frumos Quote Link to comment Share on other sites More sharing options...
PingLord Posted June 16, 2012 Report Share Posted June 16, 2012 Iar mi s-a golit directoru...pfff..ce oameni rai Quote Link to comment Share on other sites More sharing options...
Guest Kovalski Posted June 16, 2012 Report Share Posted June 16, 2012 vad ca esti cel mai bun pana acum, daca tot ti se goleste folderul fa-ti un folder ascuns pe undeva..eu nu le sterg nu stiu cine naiba ti-a sters jucariile Quote Link to comment Share on other sites More sharing options...
PingLord Posted June 16, 2012 Report Share Posted June 16, 2012 Lasa-l si tu deschis pana ajung acasa de la birou te rog.E chiar un challenge foarte tare Quote Link to comment Share on other sites More sharing options...
Guest Kovalski Posted June 16, 2012 Report Share Posted June 16, 2012 ramane deschis permanent Quote Link to comment Share on other sites More sharing options...
pyth0n3 Posted June 16, 2012 Report Share Posted June 16, 2012 Iar mi s-a golit directoru...pfff..ce oameni raiAm creat 2 executabile Unul blocheaza fisierul iar al doilea il deblocheaza, trebuie rulat cu drepturi administrativeUn fisier blocat nu poate fi sters si nici modificat de catre nimeni, nici macar de catre root USAGE: UnBlock <filename>USAGE: Block <filename>Va arata un 0 daca operatiunea a fost executata sau nimic in momentul in care operatiunea nu a fost executata-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256begin 644 Block-Unblock.tar.gzM'XL(".:HW$\``T)L;V-K+55N8FQO8VLN=&%R`.U8#VQ3QQF_9YP06F#.GXZTMI<S:`@TK.'%("*!!FW\0(/Q-8`54WAS[)7;KV)G]S$C%M`0GK"ADRS:#HLV;M@I9-V>1JGIH!$FRB"FM5:9-@ZZ9VTSJJ@F0&F^A&JZU%>-_W[M[SY4@:(P%=MI_=9Y[O?W7?W??>]NW?W?K7^H/LY<F^E'*2ZJ@IS9W55.9]CT;G,646<SNKEMU<Z*RO(J)X&JRF75Q%Y^C_W2)!)672&[G71VJ=[RP+(I]:9K_X3*UQJ:UDJ2M9&`+F4$0=4>M>960GY])ZRN)G<PDI60!>93D:AA2-^A`N@AE3#F0K)!F0"J"M08IZK'F8"@$7LC:))4V@+Z8AZ(@)^Q,;;=?JCD(!M4%$/*9>T6R!+0GH`VM3.?13T+;K2R5@GXIV,94#[B>:]MV6?5,%@N]?YG?UUKF]RSU^P*1_8YPT%%!MZVW,]W6;=[!8T3X%K%\1FSNVA_ZLOOG9?3_ZV8N_;B:G/W-3^99SVU9LF\GZMY;"^O.AQT6.HCR\Q?7@$=MW/%S>^<U;T?S%7+N#CK'4E9+G0OEK`3@$_`JFIMSYJ'_N3C[&6YO2,8D'''J+),($QN#,]R(J_?`K4>7T".A!4/"7>&?`&UC71&MU#`)=X55I0/ZHCKKV^'R!<BZIO6U=7*%HUR/I47[2=K/QN*-8O/YYF#K%H8/M'+/FY4*'(Y#/A$D.8@XXACD$;@AS<#J..01NQ^'+S=%KUA3VW=,S/@AKL?\[M-]/I=-_OU)R4`VI3.3!,ZCK\/;WGM?%T52_T3"]\`?ZQ3WHA6O)B\<I%Z)9>MB!:]V';EO(;1LA?=O7)6P^B!MQAQ4L/HB1<?P95A@/PS<_Y][^&WHY>N;VW9M[AWL!:UA^-NVTUL)6>HE4+XQ.$'87+I7CZ)SD2>/)R`_/0*[H.?J,/R__*$EM>E5:^49XP<`)'#]Z5OHAJJ2+^K!94U_Y1BCU2@X.($7/6?<\,SZ@+B(#9QY'M?1@_>JWX^"CH]IU5"TYA'11FO6HMP;KT^=?&T0?PN.>:#68<_6J>)5+6WS`[M>M;:;SNU%9;+X9:2O,/U)=:!^A+;86M)ZI>WTFF]?`'*5_-AL.=!,?4.H%.XM2F'0S/Q$?[ZXLSF%C[YG_`_Y8/#:_-03..+I8HC.0!3_%[_Z<MK2EU9+G._WM-]C`=AXXA"[T-^2!U73L)=2*OB*MO!5Z*WIN_IZ]\C/C_?-+QHUX'L?W3/3?M:;7P-);:!J-7K>GS_3.@*G*#!LG0U==1(WB3\H,KNV#-S-#VFX6XO2Y5#=F?M\-D7ANUK[&4>95]9(.+WVRO6+'+:%RVR*VYOT%[RI)WL:*Y9U[#*7HL'L-W^MA3:?7PFX.I0U=%VDV3I)<^M%8GMB-J1+!ZUYL"G($K8__?">>^]6.AB''-\5M2Z`=WQ-G`#\`^2Y(#[+^#['QT.=N6`6X]TH)?7_!G,@\[`?]L3P&.;X+<+$7MLARF'(Q!/;@61)^N0W[H(-TK=RKX_M;+GX<S9Q6D#9!V0WHVFFE;5U>WREY:MK[3Z7`%[I:/24;5TQ6):F*S-6:XW$D>XJT-UM4*NAFCNU4OPDE)"G<01"*J*MHZ9V_5+5U<Y0>R#B:(WXX!3P>8B&O*ZPES@\70$8C^9JB+;L4T)A7S`P`<C0M%E+\J$<+G7X5#?K@7U7VPW\;`&@*>ERJBS@4K]P6@L=/'&XU&`J#`9H]ZPYIMQEP=/C<8"*K:'QV-]FP-@YH[V-&A!-3LX_XHH>L)G[UV3DOT^>JBGQV?(YDSM2SM/)7J6Z&)EN9/3:P2]1M`KF42OD="S#/5PS?I!#P^`7$X/$Y[7[\.Z0CU<MTW%F5]3;3.BZ1CU<ZV=`KY/Y(I',N;V39,Y4W!M++'1/B//=2[0]I]G%-7T(M"G,YNQ:6\,Y\B^GA7HA9J'^\793G(<UB?7`OC5GH'N+G@3C*Z>'>.V.A>Q+UMYG!Z1]CX6(_O@$L6&C\QSE_G](I@'Q7!Y+\DZ&'Z-J>'=[YNT$MP%P?]#![BM]/"=LP0>XOQ)[/Z`9-95(^@U@M[&2?1^S.G%0"^6DVGC]9),#Y^==A_,H7$0M]4YR>GC0#4^A]RM.#P^TT2GLCK.YHIYVS\RA=\R9G!Z._QMN/+R7',B]?3Q,M%S@]?.=VY]Z^CS#]B9\'Z`WG3CZ/B\R^-@_0&YU"[S(;3U\CJ+>2T]/OX_ELM+%W>!KU_"'IZ;N'JN^$P*@=CCT%Y*<GLMUG">$FH?(SKR-]-1<'W$='Z4ZU2M`],!&@U,+?@-3&<=-[!V:];>"Q337;?DH([ITSQD8!K!F(%G:7C,P`_0\0S\MH(8O&7@V]3^JXSDT1@:>2^WWZ?A3=#X&IKLM9N!\#0\=U7&!AH<-3-_8HP8NMTG#"P/2D/W!,QY^F_AAX'AW/P,5T/`,_3'B9`5\$_'.SDG?3LSG_)/#O$<X_M"?PKY?R3P#\XD$F2Q<,"\=C([-%U^##9C?X?HW<:Q'CKMO5F]$7[>.3%.?L]M7/PDB-\W!?O?PT)?9KR?"^.=X.(C6>9I^UN?'[$4D+\(^#H7;\GR$/D/%T\[MQ-/*.8Q/;QY^K_32.UH!V']<RJP/Q`Y.WPYIM8"W272]Z-]D3TN9]50`ZVFOM8*]3P`/2Q&\Z/%=U?VW@[T\`CS"<;RDF)Q`?U7$A&4=]\'\W\_?W4F:]V"!^M?P6<Y/`EP?X-0?]#P!^PYUM@F0N)$/SV:6'CS[-D]E<![B]W2`VKD;8VAQL^M*>M:MFR7F]8WM\#7J"S73T`;ZCC@"<KM_F"KRR]K]RK9%=E/X,[4Z5=4Q>.HM6KFB@F"#[//L1U1)M,N8[(ET='3I=AHVUVMCK=U>LZG!0&A&+V>LN`TKGB!ZMNJYI2VU-D[QE[=KFAA:YI::VJ0$[X'U0=H5"KBY9"7@F5FA?RD2NW[6Y9M/ZM.H*7/5;'/J^?>BKS!<V^KMWAB*S=*_7>$S_8Y0W[Y.U*NP\^R$-U?E<XK(2)MW-8I>[]":#?ZK3[)P)G/]@F-$S_[(0`9)P&$@[+7%?#X%?W9Z'$R?-7NP[(,M5UB]%X8!:8,)9A3MI@O16;YBN:-=4>5.MZQZ(X'G'*W[B<8ET)%,N6/9$]MYPSPM/QO187!_SJK*Y#_K:ZL-/G?^R'3\;^OWP?^-PX=XP+_J]7!N1.?@O]-M0GL2VI+_H_QOU>:<#6/__&/COTZD=U[+6_:W"SF_^*[)_]X=_K>;\;^#C/^-M,?YWB/&_<<;_#D_._\:FYW]?T/C?(P;_.RCPOS&!_QT2^-^XP/\.WWW^-\'XM7[QLG1[5^-^1*?C?).5_L5E3I_QOXJ/XW\0D_&_B8^=_W[QW_&_<X'_CV?*_M31_!_R[-FO]E!_#M#/#]XX![/V8..&ERP"8'3$P.^/^9`]XTB1[/`0_U46YWM.@Y8NQ-FP0'C83>2!0>L<[O3<<#:73,+#ECG=J?C@/&=VYL%!XQ<S$@6'#">MYHDL.>!$EASPY2PYX-XL.>`QJ%Q@<L#4_C0<\)#``<<%#GA$`3`@><%#C@M#.=+.>!>@0,>,3#E@!-WR`''!0YX1."`$]-PP`F!`T[>(0<\+'#`0P('G+@#M#O@D%Q_D@'_+S0\YW[<$_"X7;^2`/^#BB1QPCL"!%@L<<*G``9<)G.\:`6\7M..!=`@<L"_:^+.!O"!SP]SG.%SG@GW(<+7+`)Z4,AXX<\#F!`WY=RJP7Y'0OM`A[C\&7!_GN"_DV!`RX4..#B3SX'7&&2P"8);(HIIIABBBFFF&***::88HHIGIIABBBFFF&***::88HHIIIABBBFFF&***::8<C?EOV.41W``4````end-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.10 (GNU/Linux)iF4EAREIAAYFAk/cqe8ACgkQiOFy19RY1SDaaQD9FftXKinTt+m1onug/eKSCCy5vU1K19jlEuS4qbJDU+oBAL57hjkCXiHLlBNRZcC99sZrLoqnCakVRFfkptCky3B/=lvYA-----END PGP SIGNATURE----- Quote Link to comment Share on other sites More sharing options...
Guest Kovalski Posted June 16, 2012 Report Share Posted June 16, 2012 multumesc pyth0n3 Quote Link to comment Share on other sites More sharing options...
pyth0n3 Posted June 16, 2012 Report Share Posted June 16, 2012 (edited) Ca executabilele sa poata fi folosite de catre orice user se pot atribui urmatoarele permisiichmod u+s Blockchmod u+s UnBlockEvident daca un user detine ambele executabile va putea debloca si bloca in acelasi timpAs sugerii sa fie pus doar Block la dispozitia user-ului rst asadar o data ce o persoana a terminat un assessment poate bloca fisierul care poate fi deblocat doar de persoana care detine UnBlock .Note: O data blocat fisierul nu poate fi nici macar modificat si nici sters oricare ar fi userul care incearca acest lucru. Edited June 16, 2012 by pyth0n3 Quote Link to comment Share on other sites More sharing options...
Flubber Posted June 17, 2012 Report Share Posted June 17, 2012 Am creat 2 executabile Unul blocheaza fisierul iar al doilea il deblocheaza, trebuie rulat cu drepturi administrativeUn fisier blocat nu poate fi sters si nici modificat de catre nimeni, nici macar de catre root USAGE: UnBlock <filename>USAGE: Block <filename>Va arata un 0 daca operatiunea a fost executata sau nimic in momentul in care operatiunea nu a fost executata[...]Vreo sansa sa imparti codul sursa si cu noi (*whisper*sau macar prin private message hehe*whisper*)? Quote Link to comment Share on other sites More sharing options...
aelius Posted June 17, 2012 Report Share Posted June 17, 2012 Ba futu-va in cristos de labari, care va bateti joc ma ?rst@ps-axl:~$ history |grep perl 476 perl 486 perl udp.pl 487 perl udp.pl 86.106.63.50 25255 488 perl udp.pl 86.106.63.50 25255 5000 489 perl -c udp.pl 86.106.63.50 25255 5000 490 perl -e udp.pl 86.106.63.50 25255 5000 496 perl udp.pl 86.106.63.50 25255 5000 507 history |grep perlrst@ps-axl:~$ Quote Link to comment Share on other sites More sharing options...
BGS Posted June 17, 2012 Report Share Posted June 17, 2012 Eu am fost , am vrut sa fac o gluma . Quote Link to comment Share on other sites More sharing options...
aelius Posted June 17, 2012 Report Share Posted June 17, 2012 (edited) Vreo sansa sa imparti codul sursa si cu noi (*whisper*sau macar prin private message hehe*whisper*)?Pe linux ai chattr. Pe FreeBSD poti folosi chflags (in functie de securelevel, doar in single mai stergi ceva, sau reboot cu alt securelevel)"A file with the `i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute."idsplus ~ # touch rstcenteridsplus ~ # chattr +i rstcenter idsplus ~ # ls -la rstcenter -rw-r--r-- 1 root root 0 Jun 17 19:12 rstcenteridsplus ~ # iduid=0(root) gid=0(root) groups=0(root)idsplus ~ # rm rstcenter rm: remove regular empty file `rstcenter'? yesrm: cannot remove `rstcenter': Operation not permittedidsplus ~ # chattr -i rstcenter idsplus ~ # rm rstcenter rm: remove regular empty file `rstcenter'? yesidsplus ~ # Edited June 17, 2012 by aelius Quote Link to comment Share on other sites More sharing options...
hades Posted June 17, 2012 Report Share Posted June 17, 2012 stab-urile astea din 2012 is al dracu. ;d Quote Link to comment Share on other sites More sharing options...
Flubber Posted June 17, 2012 Report Share Posted June 17, 2012 Pe linux ai chattr. Pe FreeBSD poti folosi chflags (in functie de securelevel, doar in single mai stergi ceva, sau reboot cu alt securelevel)"A file with the `i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute."idsplus ~ # touch rstcenteridsplus ~ # chattr +i rstcenter idsplus ~ # ls -la rstcenter -rw-r--r-- 1 root root 0 Jun 17 19:12 rstcenteridsplus ~ # iduid=0(root) gid=0(root) groups=0(root)idsplus ~ # rm rstcenter rm: remove regular empty file `rstcenter'? yesrm: cannot remove `rstcenter': Operation not permittedidsplus ~ # chattr -i rstcenter idsplus ~ # rm rstcenter rm: remove regular empty file `rstcenter'? yesidsplus ~ # Mersi frumos, insa, inca mai vreau sa vad sursa ...Da, curiozitatea moare ultima. Quote Link to comment Share on other sites More sharing options...
pyth0n3 Posted June 17, 2012 Report Share Posted June 17, 2012 M-am jucat cu aceleasi flag-uri doar ca am facut un call divers, exista multe alte flag-uri cu care te poti juca pentru a modifica atributiile unui fisier. Quote Link to comment Share on other sites More sharing options...
