# [solved] Is linux secure?  Find out with a shell server!

## alex6z

ssh -p 1222 public@98.214.151.249

ssh -p 1222 public0@98.214.151.249

ftp is on port 30021.

To fix jammed accounts:

ssh -p 1222 ag@98.214.151.249

Most TCP ports are firewalled except FTP and HTTP.  UDP, and TCP above port 32768 are open for outgoing data.  UDP/TCP ports 30000-30099 are accessable from the outside.

See the /CRACK_ME file.

If you get root and follow the directions in /CRACK_ME, then I'll send you $5 or a .36oz 90% silver half dollar in the mail.

There was once this guy who had a box where there was a php exploit or something and the apache account was compromised.  He wanted to reformat because of this.  I thought this was silly because it's just the apache user, not the whole system.

So, was my opinion good?  That's what this shell server is for  :Smile:   IF you break in to the root account easily then reformating might have been the right thing to do then, do you think?

enjoy  :Smile:   It's a 133MHz box that I got from the trash.

I added a NEW TOY!:

in "/home/public/EXPLOITABLE_FUNSTUFF/" there is an exploitable version of the exiftags-1.00 tool set which is setgid "cracked". If you want to have a little fun, you can try to gain access to the "cracked" user group. The GLSA concerning exiftags-1.00 is here: http://security.gentoo.org/glsa/glsa-200712-17.xml

Happy hacking.Last edited by alex6z on Wed Feb 20, 2008 10:03 pm; edited 8 times in total

----------

## frostschutz

 *Quote:*   

> There was once this guy who had a box where there was a php exploit or something and the apache account was compromised. He wanted to reformat because of this. I thought this was silly because it's just the apache user, not the whole system.

 

Once it's been compromised, you just don't know for sure. "Just the apache user" can gather a lot of data (all passwords / authentication required on the site that apache is hosting, for instance). Then there are (or may very well be) tons of local exploits. If some unauthorized person had access to your system, and your system is not set up to deal with non-trustworthy users (permissions not restrictive enough etc), you have a serious problem...

----------

## NeddySeagoon

alex6z,

looks like your box is down already

----------

## Simba7

 *alex6z wrote:*   

> enjoy   It's a 133MHz box that I got from the trash.

 

I've found an old Vectra VL 166MHz in the trash. I ended up puting 384MB of RAM, a pair of 40's, and installing Gentoo in/on it.

32MB of RAM is kinda pushing it, but you're not running anything else on it.

I love it when people throw these "useless" systems out and I snag 'em. They work great for firewalls, routers, and low/medium-traffic servers.

----------

## alex6z

 *NeddySeagoon wrote:*   

> alex6z,
> 
> looks like your box is down already

 

It doesn't seem to be down.

----------

## GNUtoo

you could make a little space on this box...

----------

## alex6z

People like to fill the disk.  Just look in /home/public or /tmp for large files and delete them.  I think somebody filled .bash_history to 2GB for some reason. Just delete it.

----------

## bunder

is that a forkbomb script i see?   :Laughing: 

----------

## alex6z

Yes I put fork.c there to save everyone the trouble of making their own and having it not really do much  It also exits on its own after 5 minutes..

----------

## bunder

 *alex6z wrote:*   

> It also exits on its own after 5 minutes..

 

aww, that's no fun...   :Laughing: 

is that scripted or done with limits.conf?

----------

## alex6z

You can copy fork.c and change it.  It's limited with limits.conf so the fork bomb doesn't do much and fork.c exits after 5 minutes so that it doesn't stay running forever and you don't lock yourself out as easily.

----------

## alex6z

Has everyone lost interest already?  :Sad:   Only a couple logins today  :Sad: 

----------

## Naib

don't worry it will heat up again

just re-grouping

----------

## nendzd

I logged in and poked around.  No ideal how to "hack" root or anything..  Someone deleted your fork thing by the way.

----------

## Dagger

hehe i will gladly take a look on it over the weekend  :Very Happy: 

----------

## alex6z

If I had a faster computer, maybe I could make a public distcc server out of it?  I have a 1.3GHz Duron that isn't being used, is it worth it?  How about a Pentium III 1.00GHz?

----------

## frostschutz

Are you aware of the bandwidth requirements of distcc? In a local network it's fine, but public over the internet doesn't much sense... regarding both cpu cycles that a single machine can provide to "the public" and internet traffic...

----------

## fog

This is good fun! I'd just worry about people using it to attack remote hosts or such, but I guess the firewall would do it.

I'm no hacker, but I want to give this a try anyway...Last edited by fog on Fri Jan 18, 2008 5:31 pm; edited 1 time in total

----------

## alex6z

 *frostschutz wrote:*   

> Are you aware of the bandwidth requirements of distcc? In a local network it's fine, but public over the internet doesn't much sense... regarding both cpu cycles that a single machine can provide to "the public" and internet traffic...

 

How much bandwidth does distcc take on a 1.3GHz Duron, exactly?

I added a NEW TOY!:

in "/home/public/exiftags-1.00-CRACK_ME/"  there is an exploitable version of the exiftags tool set which is setgid "cracked".  If you want to have a little fun, you can try to gain access to the "cracked" user group.  The GLSA concerning exiftags-1.00 is here:  http://security.gentoo.org/glsa/glsa-200712-17.xml

Happy hacking.

----------

## NeddySeagoon

alex6z,

The helper nodes get sent the preprocessor output to compile and return the binary to the control node for linking.

Lets take a kernel as a worked example.

The kernel is about 250Mb uncompressed but including its .o files, so to compile a kernel for me I'm going to send you some 200+Mb and download the balance. My uplink is 440kbits/sec, (55kB/sec) so it takes me 4545 seconds to upload the source for you to build (using 200Mb at 55kB/sec). Thats 1.25 hours.

However, I can build a kernel in less than 15 min without your help. So, to break even, I need an upload speed of 275kB/sec.

Then we have the build time on your box and the download of the binaries.

----------

## alex6z

That 250MB is for when you enable ALL the kernel options, isn't it?

If you enable every kernel option, how long does it take to compile?

----------

## fog

 *alex6z wrote:*   

> That 250MB is for when you enable ALL the kernel options, isn't it?

 

250MB (actual: 235.9 for 2.6.23.14) is the size of the uncompressed kernel source code.

----------

## NeddySeagoon

alex6z,

Very true - thats the entire kernel source tree. 

However the preprocessor makes the sources bigger so its swings and roundabouts. I was trying to illustrate the amount of data to be moved and the time it would take.

----------

## alex6z

Now the question is:  Does distcc server cache the data that is sent to it to compile, specifically the header files.

I don't really know how distcc works, but I'm guessing that the file that needs to be compiled, and all the header files that go along with it, are send to the distcc server.  Then the server sends back the object file.  If the distcc server caches the header files then not that much data would need to be sent twice.  Or could it be that the preprocessor runs on the client and the preprocessed data is send to the distcc server to get compiled?

So if you have a slow computer, and you're trying to compile a package that's say 30MB, and distcc caches the data that is send to it, it could be worth while, no?  If you have a 50KB/sec upload, it should only take 10 minutes to upload the whole thing (30MB) to the distcc server, right?

AS far as I know using distcc doesn't ever slow down compiling, does it?  The object files don't have to be compiled in order, do they?

----------

## frostschutz

distcc slows down compiling horribly when there is a slow distcc server. distcc sends a job to this server and expects an answer back ASAP because otherwise the compiling process simply cannot continue. This means you need both a fast network and a fast computer to do the compile. Compile results do depend on each other, you cannot simply tell a server oh you compile this half and I compile this half and we'll put it together later.

----------

## alex6z

Oh ok. I thought object files could be compiled in any order, and then lastly linked together to form the executalbe.  Why not?

I guess the Makefiles expect things to be done in a certain order.  What a shame  :Sad: 

----------

## mbreith

 *alex6z wrote:*   

> I thought object files could be compiled in any order, and then lastly linked together to form the executalbe.

 

That's what I understood as well. That is how ccache works. It stores the object files to be linked with any updated object files that are compiled later.

----------

## NeddySeagoon

alex6z,

What you say is true for simple programs. As complexity increases, so does the number of parts.

They are then not all assembled at the end. Some later compiles can depend on previous outputs.

mbreith,

ccache is slightly different. It stores the compiler output and returns results from the cache when it spots the same code being compiled again. When this happens gcc is not run, the resuts are returned as if it had, so make cannot tell the difference.

----------

## frostschutz

 *mbreith wrote:*   

> That is how ccache works.

 

ccache is a cache. if the program that is to be compiled (a single file, i.e. what the compiler gets to see after the preprocessor put in all includes etc), is already in the database, the result will be returned immediately, otherwise it will actually be compiled, put into the database, and returned. So there is a (very little) overhead for new programs and a huge speedup for known programs as no compile is required for them.

distcc works the same way, but except caching, it simply hands off the task to another machine. just like with ccache, an answer is expected immediately or at least as soon as possible. If it's too slow (because it has to be uploaded/downloaded through a slow internet uplink) waiting for the result may take up more time than compiling it locally in the first place.

gcc is never parallel. make is what makes it parallel by calling more than one gcc at a time. however due to dependencies only so many things can be done in parallel, at some point you'll have to wait for the results. And if that takes too long everything just grinds to a halt.

----------

## alex6z

What other stuff should I put on there for cracking fun?

----------

## frostschutz

the root password in a plain text file?   :Laughing: 

----------

## alex6z

*bump*

----------

## red-wolf76

Put the box down as the prize itself like "Own the Box" at Defcon...

Maybe then, people will get interested more...

Other than that, what services are you running again? How about a php-Forum with credentials. That ought to give some leverage. *g*

----------

## Spudgun

Can't SSH in to the machine at the mo  :Sad: 

----------

## platojones

 *Quote:*   

> Can't SSH in to the machine at the mo 

 

You weren't just about to try this out on it, were you   :Very Happy:  :

https://forums.gentoo.org/viewtopic-t-659999-highlight-.html

----------

## alex6z

Congradulations  :Smile: 

----------

## Spudgun

 *platojones wrote:*   

>  *Quote:*   Can't SSH in to the machine at the mo  
> 
> You weren't just about to try this out on it, were you   :
> 
> https://forums.gentoo.org/viewtopic-t-659999-highlight-.html

 

Damn right I was!

----------

## Simba7

Ahhh Crap.. I wanted to see what would happen.. *grin*

----------

## alex6z

Well somebody beat you to it, and turned off sshd and disabled all the accounts.

----------

## StarDragon

 *alex6z wrote:*   

> If you get root and follow the directions in /CRACK_ME, then I'll send you $5 or a .36oz 90% silver half dollar in the mail.

 

Damn, it almost took two months!

----------

