News
RPISEC Training (1 comment)
Hi man, you wanna get low? Like really really low? Like lower than
you'd be if you compressed one hundred years of low level goodness
into one second? Then have some assembler.
become one with the machine.
You cant get closer to the processor. Well almost (microcode).
So lets hug some processors.
Instructions;
join intruded.net #rpisec
Solve gate1.
ssh gate1@intruded.net -p 31337
Web Security for Beginners 10/03/09
We will be holding a general interest meeting in Sage 4101 from 6-8 pm on October 3rd. Web security was a popular topic in our interest survey, and many of our prospective members said they wanted introductory-level talks, so we're delivering.
Topics to be covered include the HTTP protocol and common website backend software, and the vulnerabilities that plague them: SQL injection, XSS, CSRF, authorization/authentication bypass, you name it. Learn some tools to make your life easier.
Please fill out this survey to tell us what Web stuff you're familiar with.
Web Maintenance (1 comment)
Hey all,
Sorry the servers are not up yet. For those of you looking for IRC, it is coming (tomorrow at the latest).
My proglang assignment took precedence this weekend in terms of getting servers up (if you don't like this, you can adjust my salary accordingly ;-) ).
-Robert
General Interest Meeting 9/19/09
We will be holding a general interest meeting in Ricketts 203 from 6-7 pm on September 19th. Stop by if you have any interest in computer security.
We ask that attendees fill out our interest form.
Account Activation
Some things to keep in mind when registering:
- If we don't recognize your email, shoot us an email and tell us a little about yourself. We just try not to approve spambots; show us you aren't one. You can email redmine @ this domain to contact the admin.
- If you sign up using your RCS email or RPI CS email, you'll be approved automatically.
Lastly, don't feel discourage if you don't get approved shortly after registering. All of us in RPISEC are actively looking for new members, and we want you to join. Send us an email and we'll look into where your account registration stopped (sometimes notification emails don't get through the great firewall).
-Robert
RPISEC System Administrator
Need More Hacking?
Oh man, this water is just not wet enough. If only I could hack something,
...
Well now you can! We've set up 5 challenges for you this weekend.
They'll be running starting 8PM Tonight. In addition, we'll discuss
how to go about solving some of these from 12pm-2pm in Sage 4101
tomorrow Saturday April 25th, 2009.
ssh escrir.stu.rpi.edu
users:
level1 ; level2 ; level3; level4; level5
(guess the passwords)
=-=-=-=-=------=-=--=-=-=-
SPECIAL NEWS:
Andrew Zonenberg will be disclosing an alarming vulnerability he has discovered
in RPI's WebMail System. And he made a pretty cool demo. Moral of the story: whitelist.
RPISEC ties for first in RootHack wargame
Last weekend, members of RPISEC competed in a wargame hosted by RootHack. The players' objective was to locate flags stashed across several machines running a variety of operating systems and services, from insecure Telnet to exploitable Easy Chat Server.
"I really wanted these games to be about stuff you would see in real-life scenarios," RootHack organizer s0kket said. "I want[ed] these to be where you can exploit things easily ... but also have to write your own [exploits] and learn new techniques and/or tools."
The game started slowly Saturday, with all teams exploring the network and the services running on each box. Before long, Team? had taken the lead, with RPISEC following behind with a few short points. With each password spat out by John the Ripper (our own hash cracker not supporting MD5 crypt yet), the gap got shorter, and eventually both teams were step-in-step, each following the other's submission of a flag in kind.
Notable in this game was the existence of a secret workstation which had to be attacked through a proxy; while they did not successfully attack it, RPISEC was the only team to locate it on the network and determine the vulnerable service it was running. More on this will be discussed at the next meeting, tentatively scheduled for this Saturday at 2 pm at a location to be decided.
Despite the stalemate, some of the fruits of this battle include new tools to be published on RPISEC.net in the near future: a simplified command-line interface for tunneling through multiple layers of SSH servers; a new hash implementation for the hash cracker ; and some techniques of network and port scanning through HTTP proxies. Stay tuned for updates on these and other topics.
Thanks to those who were able to compete over the Easter weekend, and to the Electronics Club for providing their workspace to us for the weekend.
Global Police Army recruits RPISEC (1 comment)
This is a web-security mission. The decrypted message follows.
+-+-+-+-+-+-+ +-+-+-+-+-+-+ +-+-+-+-+ |G|L|O|B|A|L| |P|O|L|I|C|E| |A|R|M|Y| +-+-+-+-+-+-+ +-+-+-+-+-+-+ +-+-+-+-+ <<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>> DISCLAIMER: THIS MESSAGE AND ALL CONTENTS ARE CONFIDENTIAL. REMEMBER UNIT, YOU ARE BINDED UNDER A LEGAL CONTRACT THAT MAY RESULT IN PERSONAL INJURY OR EVEN A PERMANENT LOSS OF BREATH IF THE TERMS OF THE AGREEMENT HAVE BEEN VIOLATED. <<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>
Greetings RPISEC,
Needless to say, we were rather impressed by that last one. Your group took dark liquidity pools to a whole new level. It was very satisfying to turn off that light switch, and rather profitable. We are glad you enjoyed your bonus.
Today some academic work is on the menu. We are interested in getting some information on some universities and professors. In addition we would like you to plant incriminating information on a professor named Dave Hollinger who has been less than favorable to our client''s cause. This should take care of his tenure problems.
TIMELINE: 72 hours beginning @ 2.27.09 23:00 UTC¶
STAGE ONE : Gain Control¶
Identify possible vectors for escalating access privileges, extracting unauthorized information from the target, and finally writing information to the system. We are also interested in client-side attacks for this particular case, so do not limit yourselves to gaining entry to the server. We are prepared to bait the target with an exploit if needed, as in prior engagements.
STAGE TWO : The Drop¶
This depends largely on the capabilities accomplished in stage one. We will coordinate with you on this one as you bring in findings. We will provide the information we want placed. Again, this will be dynamic based on what you can achieve within the given time frame.
STAGE THREE¶
Stealth is wealth. Please keep this in mind while tackling this low profile bid. It is imperative that traces of the engagement are permanently erased.
TARGET INFORMATION¶
The <REDACTED> System of interest is <REDACTED>. This is hosted on the <REDACTED>. This is the primary target, not
<REDACTED> (the software developers). It is known that <REDACTED> <REDACTED><REDACTED><REDACTED><REDACTED><REDACTED><REDACTED>!
128.<REDACTED> ; <REDACTED>
<REDACTED> ; <REDACTED>
+-+-+-+-+-+-+ +-+-+-+-+-+-+ +-+-+-+-+ |G|L|O|B|A|L| |P|O|L|I|C|E| |A|R|M|Y| +-+-+-+-+-+-+ +-+-+-+-+-+-+ +-+-+-+-+
Party like it's 1000000000
Last night at approximately 6:31 pm EST, RPISEC hosted a time_t party to celebrate the monotonically increasing digits of the UNIX timestamp, which measures the number of seconds elapsed since January 1, 1970. Guests enjoyed pizza, wings, and soda while watching the 1992 movie Sneakers.
"Security" by xkcd (2 comments)
Also available in: Atom