Jump to content











Photo

Challenge #28 - A Bashing Challenge


  • Please log in to reply
5 replies to this topic

#1 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 29 January 2015 - 08:30 PM

Team Reboot is back with another bashing challenge. Below are the rules:

You'll need to set up the challenge environment yourself. Download and import the OVF package in Oracle VirtualBox >=4.3.10 (Might work with VMware, too, but not tested). You may like to compare the hashes before proceeding further. Test whether host-only networking is up and running by pinging the box. Note that, it'll take ~30 seconds for all the network services to come up after the boot-up. Pinging the box immediately after booting may cause all ping requests to get dropped. There are a couple of network adapters attached; eth0 should get configured as host-only adapter while eth1 is a NAT adapter. Both the interfaces are set to obtain IP dynamically, hence you can use either the built-in DHCP server or an external one, e.g. TFTP32/64 for the first interface. You objective is to acquire and submit a flag, as usual.

DO's

  • You are allowed to configure the default hardware specification, viz. Processor/Memory/Networking etc. of the VM to make it run on your system.
  • While solving the challenge, you can collaborate with others by posting on this thread only. However, any crucial achievement/discovery must be hidden inside a [spoiler] tag.
  • This is for the first time I'm deploying a VM based challenge. In case of anything seems going wrong, you can contact me on this thread or via PM.
DONT's

  • You are not allowed to login to the system. I didn't make any effort, including encrypting grub and setting a stupidly complicated login password, to prevent 'physical' access as this can only make things difficult but not impossible at all to perform any offline attack. Let your ethics be relied on.
  • You are not allowed to boot up the system from a Live CD/Floppy.
  • You are not allowed to attach the hard disk to other VM for offline inspection.
  • You are not allowed to hex-edit the disk image to probe its contents.
  • In short, you are not allowed to perform any activity which emulates a 'physical access' to a 'real system'.


#2 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 05 February 2015 - 04:14 PM

Did anyone give a try? Or, does anybody need any clue?



#3 Icecube

Icecube

    Gold Member

  • Team Reboot
  • 1062 posts
  •  
    Belgium

Posted 10 February 2015 - 09:57 PM

It would be nice if you could update the image so it shows the IP address of the VM before the login prompt:

 

http://askubuntu.com...-precise-server

http://offbytwo.com/...in-message.html

 

I tought I had the right IP address for the VM, but it was the host only network adapter :doh7: .

Which made is difficult to start solving the challenge.



#4 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 11 February 2015 - 11:04 AM

Which made is difficult to start solving the challenge.

 

Nice to know at least one of us is trying to solve the challenge. I have re-uploaded the OVA and hashes. Also,

 

Note that, it'll take ~30 seconds for all the network services to come up after the boot-up. Pinging the box immediately after booting may cause all ping requests to get dropped



#5 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 737 posts
  •  
    United Nations

Posted 13 February 2015 - 12:47 PM

Did anyone give a try?

Spoiler


#6 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 15 February 2015 - 10:55 AM

@Mikorist

 

Good going.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users