Privilege Escalation

Good idea , feasible

As a level, this might be interesting! But if I had to run it on my server, I wouldn’t do it because such a vulnerability could be easily exploited automatically, thus leaving the box open for real exploitation… I bet that it would soon fall into spammers hands or it would be used to spread malware… :(

how about an application to be downloaded that would simulate that, the catch would be different pass for each user, maybe if the app authenticates with the user/pass of the website it can be done, also the app needs to be cross platform (windows - linux), so as app in C or C++ could do it :)

@daMage: Unless the VM is re-installed / restored every night. That’s how other sites that do offer this kind of hackme’s…..

@ADIGA yes, I’ve been wanting to set something like this up for a long time, after playing around with the De-ICE Pentest images.

What would be nice is to have our own HT VPN, which would be running VMs of various types, and difficulty level. To help reduce spam and noise, we can grant access to users who have completed all levels or show a genuine interest.

The downside of this is that we would require a dedicated box with a good pipe.

hmmm….
this could be ran on a vps (around 4-5 $ a month).
100mb connection, full root access … bla bla bla.
another thing that can be added for such a mission is for the one who roots the box fixes his way in and try to hold the box for as long as possible (a max of 1 week will give full points) or something like that.
users can be auto added to the server from the site database when they finish a % of the levels or what ever.

now this is just an idea… so do not ask me how to make it possible … :P

I like your idea a lot ADIGA! :)

I think it would be better to have a dedicated box, as we would have more control over how to reset the VMs and, will be able to monitor it from above. Where as if we only had a VPS we would not be able to have so much control over the system.

I do like the idea of a capture the flag style game. We could setup a VM with a load of services running, all vulnerable and leave them to fight it out.

The added advantage of having the VMs inside a VPN is that we can disallow/manage communication out onto the web, which, in theory, should reduce the amount of potential spam.

hmmm…. was looking for this post a while ago but i lost it.

any way, regarding “amount of potential spam” …
a hardware firewall can be added that only allows for connections on ports 22,80 to pass through, that way any other service can be stopped from going outside the firewall.

i also assume that after finishing the box setup, an image can be taken of it, incase of it being rooted and the one who rooted it desides to do an “rm -rf /” as root.

Osaka, talking about the capture the flag, you could turn it into a weekly/monthly event to encourage more dialogue between users and for them to help each other. Even offer a point prize for winning? Just a newbies perspective :)

i do not think this is feasable, too much effort needs to be put in a thing like this, maybe twice a year if some more members worked on it together.
other than that, its really hard.

maybe random challenge that are available for 3 days - 1 week, once a month can be done.

and if so i would recommend programming related challenges.

@Adiga, yeah we’d be able to re-image them at will. They would all be running on a virtual network, and all traffic will be routed though a gateway, which we’ll be able to monitor.

@loltac, yep a weekly/monthly event would be nice, as it gives people something to look forward to, and time after to discuss. I imagine there will be points and medals for winners :)

@ADIGA Sorry just missed your post. I think it would be nice to have the service running 24/7, or as near as.

I mean once the initial virtual machines are setup, there should be no reason why they can’t be maintained indefinitely, as they’d get reset every hour or so to prevent any persistent thread.

a reset every hour?! is not that too much, besides, if we can keep them up for 1 week, it would be some sort of capture and hold … not only to break in, but also try to fix and secure …. more fun and learning for all.