Mopar Security Capture the Flag #1 - Let's have some fun

#1

Mopar Security Capture the Flag #1
I decided you guys were getting lazy, and I’d challenge the security minded of you to have some fun with a little capture the flag style game. I’ve set up a virtual machine, and your job is to pwn it - you’ll know when you’ve won, if you don’t think you’ve won yet then you haven’t.

I purposefully designed the challenge to start off easy, and get progressively harder, so if you breeze it initially, you may want to keep going… :slight_smile: For those of you who are experienced with stuff like this, you may find it pretty simple, however I wanted to give the newer folk a chance. I think I got a good balance here, but we will see.

You may use any technique that makes sense to you to hack the machine located at http://moparctf.pizzey.me, subject to the following rules:

Rules

No automated vulnerability scanners - nmap is fine, but Nessus etc. are out. You won’t win with it, anyway, I promise.

If you do own the box, please don’t ruin it for other users, leave everything as it was. I have backups anyway, so don’t be a dick.

Absolutely no DDOS, obviously. DDOS is not winning and just makes my host mad at me.

Other machines on the network or the pizzey.me domain are not part of the challenge, you may ONLY attack moparctf.pizzey.me / 45.55.65.167.

Please don’t post hints for now until everyone has had a crack, I’ll release hints if people are struggling.

Note #1: You’ll have to use the IP 45.55.65.167 to access for now, not the domain, because Namecheap have maintenance. Will fix when I wake up.
Note #2: It’s entirely possible I fucked up somewhere and my ‘planned’ route to own the box isn’t the only way, or there’s bugs that prevent you taking the planned route (though I tested it) - if you feel you’ve run into a genuine bug let me know and I’ll fix it when I wake up.

#2

Oh yeah and first winner gets a cookie/beer/cake/whatever of their choice on my dime.

#3

it’s down already?

#4

Good beer?

#5

Nope - but you have to use the IP, Namecheap are having DNS problems.

Sure :wink:

#6

Reminder to all staff, sharing the password for the ‘admin’ user will get you demoted, stop doing it!

#7

I fudgeed up testing something, you cannot complete one of the steps before mopman has fixed it.

EDIT: Mopman has no unborked it.

#8

Yeah, fixed now

#9

this is some edgy stuff

#10

blue moon master race
natty light b-b-b-budget master race???

#11

Someone root this piece of shit!

I really hate you Mopman, you’re worse than Hitler!

#12

im lazy can I just spend the next 5 years brute forcing it

#13

I win http://45.55.65.167/tehspede.php

#14

Yep, Teh Spede is definitely the winner of this one. :slight_smile: Good job - I think it was your first time really messing with memory corruption stuff too in anger? You mentioned you ‘didn’t know asm’ yesterday on IRC anyway so I am assuming - anyway, a winner is you.

Other honourable mentions include Bowser Jr/nokip and Stork, who put a ton of effort in early on and both got all of the earlier exploits first (not sure who was first between those two tbh, they both got it at about the same time). I think Bowser basically hates me now for making the final boss such a dramatic jump in difficulty. :slight_smile:

Planning on making another one for shits and giggles after the next couple of weeks which are busy cuz I have an exam and stuff. Might be Windows this time…

#15

[quote=“Mopman, post:14, topic:553453”]Yep, Teh Spede is definitely the winner of this one. :slight_smile: Good job - I think it was your first time really messing with memory corruption stuff too in anger? You mentioned you ‘didn’t know asm’ yesterday on IRC anyway so I am assuming - anyway, a winner is you.

Other honourable mentions include Bowser Jr/nokip and Stork, who put a ton of effort in early on and both got all of the earlier exploits first (not sure who was first between those two tbh, they both got it at about the same time). I think Bowser basically hates me now for making the final boss such a dramatic jump in difficulty. :slight_smile:

Planning on making another one for shits and giggles after the next couple of weeks which are busy cuz I have an exam and stuff. Might be Windows this time…[/quote]
Just not make him cake, cookies etc. And I’ll forgive you.

The final boss wasn’t that hard, as everything you needed was stated in a simple article. You just had to change two bytes. I just didn’t find it :frowning: