Clan x86

Technical (Development, Security, etc.) => General Security Information => Topic started by: iago on October 22, 2005, 03:44:52 pm

Title: Contest!
Post by: iago on October 22, 2005, 03:44:52 pm

The contest is to break into this server:

cash.sexchinatown.com

If you go to http://cash.sexchinatown.com (possibly https), you should get a login page.  If you find a valid password, post what is on the actual page here!

I wouldn't recommend portscanning it, but here is the output I get:

iago@slayer:~$ sudo nmap -O cash.sexchinatown.com
Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-10-22 14:54 CDT
Interesting ports on cash.sexchinatown.com:
(The 1667 ports scanned but not shown below are in state: closed)
PORT   STATE SERVICE
80/tcp open  http
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.4.7 - 2.6.11
Uptime 25.130 days (since Tue Sep 27 11:47:11 2005)


Bruteforcing is OK (I swear -- you won't get in trouble)


<edit> by the way, www.sexchinatown.com has the same problem.  I just noticed that.

Title: Re: Contest!
Post by: Quik on October 22, 2005, 03:56:38 pm

Who is running this contest, and where is the explicit notification declaring this contest legitimate?

Title: Re: Contest!
Post by: iago on October 22, 2005, 03:57:22 pm

I am, and it's right here. 

[holds up note]

Would I ever try to get somebody in trouble?

..ok, would I ever try to get my friends in trouble? :)

Title: Re: Contest!
Post by: Quik on October 22, 2005, 06:16:53 pm

Quote from: iago on October 22, 2005, 03:57:22 pm

I am, and it's right here.

[holds up note]

Would I ever try to get somebody in trouble?

..ok, would I ever try to get my friends in trouble? :)

Whos domain is sexchinatown.com and why does it seem to be a lookback address to my router?

Title: Re: Contest!
Post by: iago on October 22, 2005, 06:31:56 pm

Quote from: Quik on October 22, 2005, 06:16:53 pm

Quote from: iago on October 22, 2005, 03:57:22 pm

I am, and it's right here.

[holds up note]

Would I ever try to get somebody in trouble?

..ok, would I ever try to get my friends in trouble? :)

Whos domain is sexchinatown.com and why does it seem to be a lookback address to my router?

I don't know whose domain it is, look it up. 

"lookback address"?

Title: Re: Contest!
Post by: Ergot on October 22, 2005, 06:32:07 pm

Ron: Stop looking for asian porn.

Quik:
jimmy@x86:~/public_html$ host www.sexchinatown.com
www.sexchinatown.com has address 192.168.1.1

Unfortunately there is no 192.168.1.1 on my network :(

WHOIS information for sexchinatown.com:

[whois.enom.com]

Registration Service Provided By: HK82.COM Web Hosting Company
Contact: sales@hk82.com
Visit: http://82name.com
   
Domain name: sexchinatown.com

Registrant Contact:
   Cheung Sze Chun
   Cheung Sze Chun (group@asianude4u.com)
   +852.25183779
   Fax:
   23/F, Sun Hing Ind., Bldg, - 46 Wong chuk Hang Road
   Hong Kong,  852
   HK

Administrative Contact:
   Cheung Sze Chun
   Cheung Sze Chun (group@asianude4u.com)
   +852.25183779
   Fax:
   23/F, Sun Hing Ind., Bldg, - 46 Wong chuk Hang Road
   Hong Kong,  852
   HK

Billing Contact:
   
   Cheung Sze Chun (group@asianude4u.com)
   +852.25183779
   Fax:
   23/F, Sun Hing Industrial Bldg,
   46 Wong Chuk Hang Rd, Hong Kong
   Hong Kong,  00852
   HK

Technical Contact:
   Cheung Sze Chun
   Cheung Sze Chun (group@asianude4u.com)
   +852.25183779
   Fax:
   23/F, Sun Hing Ind., Bldg, - 46 Wong chuk Hang Road
   Hong Kong,  852
   HK

Status: Locked

Name Servers:
   DNS27.REGISTER.COM
   DNS28.REGISTER.COM
   
Creation date: 05 Mar 2003 05:08:19
Expiration date: 05 Mar 2008 05:08:19

Title: Re: Contest!
Post by: iago on October 22, 2005, 06:39:52 pm

Yeah, you guys are right. 

The DNS name points to 192.168.1.1, which is normally a router, which normally requires authentication.  So I figured it'd be fun to post this and see who noticed :-)

And in case you're wondering, I found the URL with a reverse DNS lookup tool:
http://www.searchmee.com/web-info/ip-hunt.php?hosttofind=&ip=192.168.1.1&cidr=24&action=Search

Title: Re: Contest!
Post by: Newby on October 22, 2005, 07:43:19 pm

Too bad I'm not on 192.168.1.x =P

Title: Re: Contest!
Post by: iago on October 22, 2005, 07:50:00 pm

Quote from: iago on October 22, 2005, 06:39:52 pm

The DNS name points to 192.168.1.1, which is normally a router, which normally requires authentication.  So I figured it'd be fun to post this and see who noticed :-)

Title: Re: Contest!
Post by: Newby on October 22, 2005, 09:31:25 pm

Quote from: iago on October 22, 2005, 07:50:00 pm

Quote from: iago on October 22, 2005, 06:39:52 pm

The DNS name points to 192.168.1.1, which is normally a router, which normally requires authentication.  So I figured it'd be fun to post this and see who noticed :-)

I hate you.

Title: Re: Contest!
Post by: Quik on October 23, 2005, 12:57:44 am

My router IS on 192.168.1.1, I believe that's default for all linksys. I noticed immediately when I hit 'cancel' and found the 401 Not Authorized page my router gives me. Quality. Do I win?

Title: Re: Contest!
Post by: Ergot on October 23, 2005, 02:38:39 am

Well, if it went to 192.168.0.1 mine would ask "Enter Username and Password for 'RP114' at '192.168.0.1'" or something.

Title: Re: Contest!
Post by: Screenor on October 23, 2005, 09:48:28 am

I don't have a router, so I don't know. -_-

As soon as my damned mother shows her face to me for once this week, I'm going out to buy one.

Title: Re: Contest!
Post by: Blaze on October 23, 2005, 11:28:06 pm

"Please enter the username for '3AD48F'.  Hey... that sounds familiar!"

btw, I got in, what do I win? :D

Title: Re: Contest!
Post by: Ergot on October 23, 2005, 11:37:10 pm

Chinese porn.

Title: Re: Contest!
Post by: Joe on October 24, 2005, 01:19:35 am

Here it is!

(http://i23.photobucket.com/albums/b376/xErgot/pochi1.png)

Title: Re: Contest!
Post by: Ergot on October 24, 2005, 02:18:39 am

Pochi is awesome ^^