Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- .:: On the Christmas Day of 1994... ::.
- [subsystem 6: worth 3500 points]
- ~=~=~=~=~=~=~=~=~=~
- The final code to disable MS-42 positronic network is jealously
- guarded by a host with an extremely strong password. All our efforts
- to crack its accounts failed in vain.
- However, our undercover agents were able to map the network
- configuration out before having their brains wiped out by Messy. They
- discovered the presence of an ancient form of trust relationship
- between two hosts, "server"--whose IP address is 172.16.1.1--and
- "x-terminal"--with an IP address set to 172.16.1.100. In particular,
- "x-terminal" completely trusts "server" and asks for no password when
- connections come from "server" itself!
- Unfortunately, we have not been able to hack into "server" (no weak
- accounts) nor into "x-terminal", which stores the secret code. In
- addition, the network 172.16.1.0/24 is only reachable via a VPN
- gateway Messy set up.
- There are good news, tho. We were able to get access to the VPN
- gateway and installed a backdoor for our future use: the time has come
- now to show the machines WE deserve to live! The information about the
- gateway from which our final attack will be fired up are:
- Host: <host>
- Port: <port>
- Protocol: ssh
- User: SusanCalvin
- Password: <password>
- We are pretty sure that a key point for a successful attack against
- the trust relationship requires to flood a service on 172.16.1.1
- ("server"). Unfortunately, Messy is very good at detecting flooding or
- DoS attempts (and syncookies are on too): we cannot be noisy at all!
- Luckily, we have found out that "server" can be tricked into disabling
- specific ports: all you have to do is to send 10 or more spoofed TCP
- segments at a very low speed (1 sec/per segment) with the payload
- "disable". A similar behavior can be exploited to re-enable a
- previously disabled port: sending 1 TCP segment with the "enable"
- payload would do.
- The secret code is on 172.16.1.100 ("x-terminal") under the user
- "tsutomu". You are our only hope...
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement