.

LSO Rootwars this Saturday 28 OCT @1500EST

<<

LSOChris

Post Fri Oct 27, 2006 12:12 pm

LSO Rootwars this Saturday 28 OCT @1500EST

All EH-net members are encouraged to play in the rootwars this weekend.  Begins at 1500 EST.

This is a great way for you to improve your Linux system administration skills, your system hardening skills, and obviously your vulnerability assessment and penetration skills. email Joe at: joe@learnsecurityonline.com if you are interested in playing, and feel free to invite other people to play as well. have them contact Joe for details and log in information.

Here is a post about the rootwars: http://www.ethicalhacker.net/component/ ... pic,649.0/

-Chris
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sun Nov 05, 2006 2:12 am

Re: LSO Rootwars this Saturday 28 OCT @1500EST

How was it? Any more EH-Net members play? Any way to publish a synopsis of the day's activities as a learning tool and enticement to future events?

Don
CISSP, MCSE, CSTA, Security+ SME
<<

LSOChris

Post Sun Nov 05, 2006 1:56 pm

Re: LSO Rootwars this Saturday 28 OCT @1500EST

we had 2 EH-net members play yesterday which was great.

here was the challenge...

Step 1: Research the Unicode attack

Step 2: Execute the Unicode attack
* Send me an email with a directory listing of the "c:\inetpub\scripts"
and "c:\" directories
* The email must also include a screenshot of you executing the attack

Step 3: Use http/smb/ftp/tftp to upload nc.exe/pwdump2.exe on the system
* Figure out how to get nc.exe and pwdump2.exe transfered to your
target host
* After successfully transfering your nc to the system rename it to
your team name (e.g. team1_nc.exe and team1_pwdump2.exe), and then send
me an email with the directory listing proving that you have transfered
the now team renamed files.

Step 4: Use netcat/tftp/ftp to transfer the password hashes from the
system to your attack system

Step 5: Crack the password hashes on your attack system


the implied task in that was a local privilege escalation because unicode will only execute command with IIS privilieges

good stuff.  I am working on a couple of videos for solutions to the challenge.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sun Nov 05, 2006 2:22 pm

Re: LSO Rootwars this Saturday 28 OCT @1500EST

Thanks Chris.

For those of you studying for the CEH, this is exactly the type of activities you will be expected to know how to perform. It touches on a number of different aspects to penetration testing.

This is very similar to one of the exercises in The Training Camp's CEH class. So if you are exploring the self study option and don't have the ability to setup your own lab, you may strongly want to consider playing in the next RootWars with Chris and the gang at LSO.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

LSOChris

Post Sun Nov 05, 2006 2:56 pm

Re: LSO Rootwars this Saturday 28 OCT @1500EST

yeah, i wish someone had been offering me free training when i was studying for mine :-)

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software