I entered a system into the DefCon Capture the Flag competition at DefCon 8. The system ran Red Hat Linux 6.1. Open services included wu-ftpd 2.6.1, BIND 8.2.2-P5, apache 1.3.12, ssh2, and qmail. I had intended to give out chrooted shell accounts, but I was unable to access Shiva during the competition.

The majority of attacks I saw were by canned scanning utilities. There were a few attackers who had the patience to actually read the web site, and make some hands on attempts. One managed to plant a Perl script in my /tmp directory, but was unable to execute that script. My congratulations to that person, this was the closest anyone came to rooting Shiva.

Shiva was not rooted during the contest, despite a lot of attention. (NOTE: That is NOT a challenge, and the system this web page is displayed on is NOT Shiva) Shiva was under attack within minutes of CTF going live, and the last attack was at 10 am on the final day of the conference. I believe that at this point someone cut power to Shiva. I found it later that day, powered off and disconnected from the network.

Logs:

messages

secure

access_log

xferlog

Transferred Files:

foo.pl

#!/usr/bin/perl
print "Hello";
system "touch /kestrel";

.rhosts

+ +