Team Dynamics Whitepaper

roothack.org

by Team Dynamics

We started off with a slackware 7.0 box wich was 
pretty secure at the begin. CODE_POET wrote a 
modified shell wich required a login with 2 passes 
one for the user and one to proceed so you can enter 
the shell. Also we had a backdoor wich restored the 
passwords to default and kicked off all users so if 
we got rooted we could easely recover the box 
because we could login under another user for 
security purposes. We updated to ssh2 so we wouldn't 
get sniffed. And used sftp (via ssh2) to get files 
from acheron so it was mostly all safe. Then we 
removed some suids and install some sniffers and 
installed nmap because on acheron we couldn't use 
the syn stealth portscan nor the udp and some other 
options. Then the grace period was finished and we 
started sniffing with ettercap. We found the 
password of Ebyte's account on acheron. It seemed 
they had some problems because we only spotted one 
service open. After looking at the commands Ebyte 
used we saw his team had ssh on port 1337 we managed 
to get the password and got in as root. CODE_POET 
gave grace a normal user account on the box but 
after he noticed she tried to root it he killed the 
connection and put her account on inactive. Ok that 
was 1 team they were running on linux mandrake I 
beleive. Then we started on hacking into the other 
team (atleast CODE_POET did because lazy me (unixon) 
was sleeping)) Ok then we only needed to get team1 
after a long time sniffing trying to exploit getting 
info and such. (that box was really good secured) 
they noticed our backdoor so they removed it from 
acheron. They logged in their box and rebooted for 
some reason a few mins later one of the team members 
sent an msg on irc saying their box was fucked and 
got stuck on the boot process. So that was the point 
they stopped the game I think. We will not put the 
source code in this whitepaper because it might be 
used for illegal purposes. :) This was our 
whitepaper.
by CODE_POET