anubis26

FreeBSD and Pen Testing / Wargaming Programs

26 posts in this topic

Does anyone have know of any good software for FreeBSD which would scan for vulnerabilities or be used in an attack (wargames, of course ;). Don't worry - I'm not doing anything malicious. Not cloaking, proxies, or any of that. Just actual scanners.

0

Share this post


Link to post
Share on other sites

Nessus comes to mind ... use google, there are literally tons upon tons of vulnerability scanners.

0

Share this post


Link to post
Share on other sites

I tried nessus... but the problem is that I need root to install, and that's kinda a problem. Its for a wargame called semaphore (wargaming.org) where two teams have identical FreeBSD setups in virtual machines (jails, to be percise) and you have to find vulnerabilities in the other team's server while fixing them in your own. And so I can have the admin run a command as root if need so, but probably not for installation of software (which is allowed, if you can do it on your own).

0

Share this post


Link to post
Share on other sites
I tried nessus... but the problem is that I need root to install, and that's kinda a problem. Its for a wargame called semaphore (wargaming.org) where two teams have identical FreeBSD setups in virtual machines (jails, to be percise) and you have to find vulnerabilities in the other team's server while fixing them in your own. And so I can have the admin run a command as root if need so, but probably not for installation of software (which is allowed, if you can do it on your own).

I guess exploiting your own box first is not an option..

0

Share this post


Link to post
Share on other sites

I just made myself an account. That is a really fun wargame.....ermm....until my brother compiled an explot and crashed the damn kgb lol. Hopefully it will be back up soon.

0

Share this post


Link to post
Share on other sites
I tried nessus... but the problem is that I need root to install, and that's kinda a problem. Its for a wargame called semaphore (wargaming.org) where two teams have identical FreeBSD setups in virtual machines (jails, to be percise) and you have to find vulnerabilities in the other team's server while fixing them in your own. And so I can have the admin run a command as root if need so, but probably not for installation of software (which is allowed, if you can do it on your own).

GOT ROOT ?

*you need root to do good sniffing.

* you need root for nessusd etc

you can just try nikto or something...

I did a twat on nessus http://twatech.org/alleps.php

0

Share this post


Link to post
Share on other sites

I like nmap, it searches for open ports and tells you what that port is running, and the operating system of the box.

0

Share this post


Link to post
Share on other sites
I tried nessus... but the problem is that I need root to install, and that's kinda a problem. Its for a wargame called semaphore (wargaming.org) where two teams have identical FreeBSD setups in virtual machines (jails, to be percise) and you have to find vulnerabilities in the other team's server while fixing them in your own. And so I can have the admin run a command as root if need so, but probably not for installation of software (which is allowed, if you can do it on your own).

I guess exploiting your own box first is not an option..

Actually, finding and fixing your own flaws is part of the game.

I just made myself an account. That is a really fun wargame.....ermm....until my brother compiled an explot and crashed the damn kgb lol. Hopefully it will be back up soon.

I'm on cia right now. :pissed:

I tried nessus... but the problem is that I need root to install, and that's kinda a problem. Its for a wargame called semaphore (wargaming.org) where two teams have identical FreeBSD setups in virtual machines (jails, to be percise) and you have to find vulnerabilities in the other team's server while fixing them in your own. And so I can have the admin run a command as root if need so, but probably not for installation of software (which is allowed, if you can do it on your own).

GOT ROOT ?

*you need root to do good sniffing.

* you need root for nessusd etc

you can just try nikto or something...

I did a twat on nessus http://twatech.org/alleps.php

There was an issue with a commander giving out wheel group access (what gives sudo rights) and people were deleting logs, accounts, files, etc... so now only two people (the owners / admins) know the password. Definitely no root access.

I like nmap, it searches for open ports and tells you what that port is running, and the operating system of the box.

I know, but that needs root for "make install" :(

0

Share this post


Link to post
Share on other sites

Lol Anubis, come march 1st me and my fellow kgb comrades will annihilate j00! :P

0

Share this post


Link to post
Share on other sites

I really want to get in on this, but it looks like its in Alpha?

What are you guys doing? How did you get on teams already. It looks like the site is in development and the forum has 11 users.

How do I get in on this thing?

I've wanted to do something like this a loong time now, but all the other sites like this (rootcontest.org HTS root this box etc.. are dead)

0

Share this post


Link to post
Share on other sites

Yeh it is in Alpha at the moment, all thats going on at the moment is bug reporting and just looking around testing out the system. You get into teams by creating your account. To see how you do that go here: [ulr]http://wargaming.org/?p=Enlist . So far all ive done is created a secure dir for some shell scripts to use later on and i left a little shell script in the main dir for people to see (just a basic calander with the time date and amount of users logged on).

0

Share this post


Link to post
Share on other sites

i got to know one of the admins when i was thinking of putting a trojan in some of the software, tripped an alarm, and we had a little chat and told me that it is alpha and not to screw with anything only look around, he was really cool about it ( he is a really nice and understanding guy =] )

0

Share this post


Link to post
Share on other sites

Lol Yeh same thing happened when my brother crashed the kgb server.

EDIT: So i was just wondering, has anyone found anything interesting yet? I know one guy Sicon(sp?) has but i didnt manage to catch what he said he found.

Edited by Rambo
0

Share this post


Link to post
Share on other sites

What if you ssh into the bsd box, with the executable for nessus on your current box, and copied it into a folder? Then you type, ./nessus, or whatever the name of the executable is.

0

Share this post


Link to post
Share on other sites
Lol Anubis, come march 1st me and my fellow kgb comrades will annihilate j00! :P

I talked with kn0x today, and the beta might be up even sooner than that. Joing cia, its sooo much better.

Highlight!

|

|

V

When beta comes, the KGB server is being wiped again, but there are no probs with CIA, so we get to keep everything ;)

What if you ssh into the bsd box, with the executable for nessus on your current box, and copied it into a folder? Then you type, ./nessus, or whatever the name of the executable is.

Not a bad idea, but there might be dependencies / packages to install as root to run this.

Edited by anubis26
0

Share this post


Link to post
Share on other sites

And here's the follow up to Octal's idea.

Nessus comes in a .tbz archive, so I unzipped it into a directory in my home folder.

The output after a successful unzip is shown in the attached screenshot

post-5305-1171768538_thumb.png

0

Share this post


Link to post
Share on other sites
And here's the follow up to Octal's idea.

Nessus comes in a .tbz archive, so I unzipped it into a directory in my home folder.

The output after a successful unzip is shown in the attached screenshot

Yeah, I figured that would come up. Maybe you could download the /etc/shadow for root(on the BSD) onto your box, then get the root password(for the BSD) using john the ripper or some other password cracker.

0

Share this post


Link to post
Share on other sites

Yeh and only a few people have root at the moment because people were deleting accounts etc..

0

Share this post


Link to post
Share on other sites
Only thing is, you need to be root to read /etc/shadow.

Exactly.

post-5305-1171813930_thumb.png

0

Share this post


Link to post
Share on other sites
Only thing is, you need to be root to read /etc/shadow.

Exactly.

/etc/shadow doesn't exist. Hmm, ohh wait, this is BSD, and the file system is diffrent. I'm not sure where passwords reside in BSD.

If you have physical acess to the box, and found where the passwords are located, use a LiveCD to save the password file somewhere. You will have to mount the file system before hand.

0

Share this post


Link to post
Share on other sites
Only thing is, you need to be root to read /etc/shadow.

Exactly.

/etc/shadow doesn't exist. Hmm, ohh wait, this is BSD, and the file system is diffrent. I'm not sure where passwords reside in BSD.

If you have physical acess to the box, and found where the passwords are located, use a LiveCD to save the password file somewhere. You will have to mount the file system before hand.

I don't have physical access to the machine, its in some guy's house in a different state. I guess there's no way around this but to social engineer an admin on a ski trip next weekend ;)

0

Share this post


Link to post
Share on other sites
I tried nessus... but the problem is that I need root to install, and that's kinda a problem. Its for a wargame called semaphore (wargaming.org) where two teams have identical FreeBSD setups in virtual machines (jails, to be percise) and you have to find vulnerabilities in the other team's server while fixing them in your own. And so I can have the admin run a command as root if need so, but probably not for installation of software (which is allowed, if you can do it on your own).

I guess exploiting your own box first is not an option..

Actually, finding and fixing your own flaws is part of the game.

I just made myself an account. That is a really fun wargame.....ermm....until my brother compiled an explot and crashed the damn kgb lol. Hopefully it will be back up soon.

I'm on cia right now. :pissed:

I tried nessus... but the problem is that I need root to install, and that's kinda a problem. Its for a wargame called semaphore (wargaming.org) where two teams have identical FreeBSD setups in virtual machines (jails, to be percise) and you have to find vulnerabilities in the other team's server while fixing them in your own. And so I can have the admin run a command as root if need so, but probably not for installation of software (which is allowed, if you can do it on your own).

GOT ROOT ?

*you need root to do good sniffing.

* you need root for nessusd etc

you can just try nikto or something...

I did a twat on nessus http://twatech.org/alleps.php

There was an issue with a commander giving out wheel group access (what gives sudo rights) and people were deleting logs, accounts, files, etc... so now only two people (the owners / admins) know the password. Definitely no root access.

I like nmap, it searches for open ports and tells you what that port is running, and the operating system of the box.

I know, but that needs root for "make install" :(

I guess you really dont get it...

I realize that patching your own box is part of the game...

If you exploit your own box first, YOU GET ROOT, THEN YOU CAN INSTALL ANY FREAKIN THING YOU NEED

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now