BurningDogBlog

Technical musings: from open_source to Apple to linux to Windows; from projectors to websites to hacking and things; also details a bit of the Burning Dog's current work.

Monday, January 09, 2006

Cool hacking analysis project

The Challenge: On August 10, 2003 a Linux Red Hat 7.2 system was compromised. Your mission is to analyze the compromised system. What makes this challenge unique is you are to analyze a live system. The image in question was ran within VMware. Once compromised, we suspended the image. The challenge to you is to download the suspended image, run it within VMware (you will get a console to the system with root access), and respond to the incident. When responding to the incident, you may do a live analysis of the system or you can first verify that the system has been compromised and then take it down for a dead analysis (or a combination of both). In either case, you will be expected to explain the impact you had on the evidence. Fortunately, this system was prepared for an incident and MD5 hashes were calculated for all files before the system was deployed. This challenge was posted at http://www.honeynet.org/scans/scan29/ Here is a solution by Christophe Grenier

Technorati Tags: hacking, linux, rootkit

posted by Roger Saner @ 1:12 pm | Permalink |

Links

archives

• October 2005
• November 2005
• December 2005
• January 2006
• February 2006
• March 2006
• August 2006
• September 2006
• March 2007