Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Zero Knowledge attack


ghost's Avatar
0 0

There's a contest out that says if you hack the website you get the hardware it's running on. I can probably execute the attack however i just don't think i have the right tools.

So this is what i know, the user is running Fedora 5 PowerPC with an HTTP service of some type (probably apache, version ???). (and i'm assuming a relatively static IP)

Essentially the objective is to root the box and then deface the website.

Here's the problem, i don't know anything about the environment i'm working with. He has no SQL, PHP, JS or any other exploitable features i can think of other than having the server running.

So this is what i can do, i can crack open PUTTY and connect to his box and i get the standard login prompt.

Problem 1, i have no username, essentially this shouldn't matter because i simply want to run as root, so i could just put root as my username.

Problem 2, i can only attempt 7 or 8 attempts at the password before i get the disconnect response back. And i have no idea at the password, at all. (neither length or strength)

There is some strange HTML at the bottom of his page that i'll post here something that to me at first seemed like cryptography, however i put it through yellowpipe and nothing of use came up.

<!– PPPC –> <!– 9280 8736 1010 2874 1099 1546 9890 5436 1287 0009 –> <!– 6588 6768 2020 5790 9622 1257 9087 5445 8987 1009 –> <!– 1120 0098 3030 2632 8279 6843 4554 3266 3789 2018 –> <!– 3DA4 430E 4040 53E0 35C8 5A52 2415 48BD 4911 7424 –> <!– DDDH –>

So there you go, any pointers or ideas folks. I'll be much appreciative.