The Linux Server Break-in challenge. You will have a server available on the Internet 96 hours without interruption starting from 9 March 2005 2 AM IST. However, the server's life on the Net is in your hands.

IP Address: 202.88.234.250

Read the full story here

Have fun

Rewards: No cash but applaused

Oh, interesting.

Spead the news to ur friends, don't be late..

About time used all the Linux penetration tools and brute force attack that server. It my top priority now..

Share ur attack note here please... such as what Linux penetration tools used...for ur attack.

This post has been edited by debiankl: Mar 9 2005, 03:55 PM

server in india...
No firewall at all..

This post has been edited by kons: Mar 9 2005, 04:05 PM

look like a interesting challenge, i just hope that the server have not been taken down before i get home from work

Here are the details of owner's IP contact and details.. maybe social engineering method of getting root password.. used voice-Ip call cheaper..

Country: INDIA

ARIN says that this IP belongs to APNIC; I'm looking it up there.


Using 0 day old cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).

% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 202.88.224.0 - 202.88.239.255
netname: ASIANET
descr: Asianet is a ISP providing access through Cable.
country: IN
admin-c: PS104-AP
tech-c: PS104-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-IN-ASIANET
changed: **********@apnic.net 20020710
status: ALLOCATED PORTABLE
source: APNIC

person: Praveen Shrikhande
address: Karimpanal Arcade, 3rd Floor
address: East Fort
address: Thiruvananthapuram - 695023
address: Kerala, India
country: IN
phone: +91-471-575353
fax-no: +91-471-575454
e-mail: *******@asianetindia.com
nic-hdl: PS104-AP
mnt-by: MAINT-NEW
changed: ********@asianetindia.com 20020704
source: APNIC

This post has been edited by debiankl: Mar 9 2005, 04:30 PM

running nmap, wait for several minutes already still no result.

Maybe..go wireless broadband..

ping time upto 2733ms
not interested

Yo, last time i did a nmap for a server in M'sia.
Took me 2 days

Becos everyone on internet is hacking it...

Im using 1MB ping avg 1000ms ... not too bad. Used command line tools more than GUI tools.

Try other nmap options without SYN reply.

I'm using remote shell account..
600ms..

choose your location wisely

Telnet to port 25 and 80 seem to be responding but it could be a honeypot system installed.

This post has been edited by debiankl: Mar 9 2005, 04:46 PM

what!? u wait for 2 days to scan a server!!!

the webpage clam that there is no honeypot

anyone have the nmap result already?

look like it is a debian server

it use exim for email

I'm really a noob on this. Only knows about routers and switches, no knowledge on NIXes servers.

Try telnet port 22

Confirmed Debian Sarge

This post has been edited by debiankl: Mar 9 2005, 05:08 PM

nmap -sF 202.88.234.250

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
All 1601 scanned ports on (202.88.234.250) are: closed

Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds

nmap -sA 202.88.234.250

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
All 1601 scanned ports on (202.88.234.250) are: UNfiltered

Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds

i am trying to use nmap -O to scan for the os but the result is not coming up, debian seen to be the best bet.

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-03-09 17:10 EST
Host 202.88.234.250 appears to be up ... good.
Initiating SYN Stealth Scan against 202.88.234.250 at 17:10
Adding open port 5432/tcp
Adding open port 111/tcp
Adding open port 25/tcp
Adding open port 37/tcp
Adding open port 9/tcp
Adding open port 80/tcp
Adding open port 13/tcp
adjust_timeout: packet supposedly had rtt of 11000145 microseconds. Ignoring time.
Adding open port 22/tcp
Adding open port 19/tcp
Adding open port 7/tcp
The SYN Stealth Scan took 491 seconds to scan 1659 ports.
Interesting ports on 202.88.234.250:
(The 1636 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
7/tcp open echo
9/tcp open discard
13/tcp open daytime
19/tcp open chargen
22/tcp open ssh
25/tcp open smtp
37/tcp open time
80/tcp open http
111/tcp open rpcbind
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1080/tcp filtered socks
1214/tcp filtered fasttrack
3128/tcp filtered squid-http
4444/tcp filtered krb524
4480/tcp filtered proxy-plus
5432/tcp open postgres
6588/tcp filtered analogx
17300/tcp filtered kuang2
Nmap run completed -- 1 IP address (1 host up) scanned in 497.618 seconds

Telnet to port 25 seems responding and tcouldnt be honeypot system since the site claime no honeypot installed.

Here's a little something useful for you:



*cough cough* 1.3.31 get_tag overflow *cough*

no honeyport

Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-03-09 20:18 EST
Host 202.88.234.250 appears to be up ... good.
Initiating SYN Stealth Scan against 202.88.234.250 at 17:10
Adding open port 5432/tcp
Adding open port 111/tcp
Adding open port 25/tcp
Adding open port 37/tcp
Adding open port 9/tcp
Adding open port 80/tcp
Adding open port 13/tcp
adjust_timeout: packet supposedly had rtt of 11000145 microseconds. Ignoring time.
Adding open port 22/tcp
Adding open port 19/tcp
Adding open port 7/tcp
The SYN Stealth Scan took 491 seconds to scan 1659 ports.
Interesting ports on 202.88.234.250:
(The 1636 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
7/tcp open echo
9/tcp open discard
13/tcp open daytime
19/tcp open chargen
22/tcp open ssh
25/tcp open smtp
37/tcp open time
80/tcp open http
111/tcp open rpcbind
135/tcp filtered msrpc
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
1080/tcp filtered socks
1214/tcp filtered fasttrack
3128/tcp filtered squid-http
4444/tcp filtered krb524
4480/tcp filtered proxy-plus
5432/tcp open postgres
6588/tcp filtered analogx
17300/tcp filtered kuang2
Nmap run completed -- 1 IP address (1 host up) scanned in 481.179 seconds


Huargh!!~ really make me sleepy

This post has been edited by xanda: Mar 9 2005, 08:17 PM

Here is my ping results: -

C:\>ping 202.88.234.50

Pinging 202.88.234.50 with 32 bytes of data:

Reply from 202.88.234.50: bytes=32 time=140ms TTL=49
Reply from 202.88.234.50: bytes=32 time=130ms TTL=49
Reply from 202.88.234.50: bytes=32 time=120ms TTL=49
Reply from 202.88.234.50: bytes=32 time=120ms TTL=49

Ping statistics for 202.88.234.50:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 120ms, Maximum = 140ms, Average = 127ms

Has it been broken into?
The ping suddenly become so fast..
How's everyone doing?

Trying 202.88.234.250...
Connected to 202.88.234.250 (202.88.234.250).
Escape character is '^]'.
220 challenge ESMTP Exim 4.34 Thu, 10 Mar 2005 12:23:53 +0530
ver 4.34.. hmm.....

how many of u here are hackers???
malaysia so geng ah... so many hackers.... i also wan to be!!

guys dunno if this is helping but it is apache server
http://202.88.234.250/

Guess nobody is interested in it since there's no prize for it.
Well, furthermore, more than 48 hours has passed, why the shell account username and password is not being released yet?

the shell account have been released

Good! It shows that sys admin hv done a great job of hardening the kernel and update the OSS with latest patchs.

can any logging to the system? the connection is so slow

Since remote exploited has been unsuccessful, a users shell account was provided and they allow hackers to have another penetration test on local exploited.

And I hv trouble loggin in too....