Full Version: Challenge #28 - A Bashing Challenge
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Team Reboot is back with another bashing challenge. Below are the rules:
You'll need to set up the challenge environment yourself. Download and import the OVF package in Oracle VirtualBox >=4.3.10 (Might work with VMware, too, but not tested). You may like to compare the hashes before proceeding further. Test whether host-only networking is up and running by pinging the box. There are a couple of network adapters attached; eth0 should get configured as host-only adapter while eth1 is a NAT adapter. Both the interfaces are set to obtain IP dynamically, hence you can use either the built-in DHCP server or an external one, e.g. TFTP32/64 for the first interface. You objective is to acquire and submit a flag, as usual.
  1. You are allowed to configure the default hardware specification, viz. Processor/Memory/Networking etc. of the VM to make it run on your system.
  2. While solving the challenge, you can collaborate with others by posting on this thread only. However, any crucial achievement/discovery must be hidden inside a [spoiler] tag.
  3. This is for the first time I'm deploying a VM based challenge. In case of anything seems going wrong, you can contact me on this thread or via PM.
  1. You are not allowed to login to the system. I didn't make any effort, including encrypting grub and setting a stupidly complicated login password, to prevent 'physical' access as this can only make things difficult but not impossible at all to perform any offline attack. Let your ethics be relied on.[/*]
  2. You are not allowed to boot up the system from a Live CD/Floppy.
  3. You are not allowed to attach the hard disk to other VM for offline inspection.
  4. You are not allowed to hex-edit the disk image to probe its contents.
  5. In short, you are not allowed to perform any activity which emulates a 'physical access' to a 'real system'.
Is anyone up to it?