Author Topic: Contest!  (Read 7600 times)

0 Members and 2 Guests are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Contest!
« on: October 22, 2005, 03:44:52 pm »
The contest is to break into this server:

cash.sexchinatown.com

If you go to http://cash.sexchinatown.com (possibly https), you should get a login page.  If you find a valid password, post what is on the actual page here!

I wouldn't recommend portscanning it, but here is the output I get:

iago@slayer:~$ sudo nmap -O cash.sexchinatown.com
Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-10-22 14:54 CDT
Interesting ports on cash.sexchinatown.com:
(The 1667 ports scanned but not shown below are in state: closed)
PORT   STATE SERVICE
80/tcp open  http
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.4.7 - 2.6.11
Uptime 25.130 days (since Tue Sep 27 11:47:11 2005)


Bruteforcing is OK (I swear -- you won't get in trouble)


<edit> by the way, www.sexchinatown.com has the same problem.  I just noticed that.
« Last Edit: October 22, 2005, 03:47:46 pm by iago »

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Contest!
« Reply #1 on: October 22, 2005, 03:56:38 pm »
Who is running this contest, and where is the explicit notification declaring this contest legitimate?
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Contest!
« Reply #2 on: October 22, 2005, 03:57:22 pm »
I am, and it's right here. 

[holds up note]

Would I ever try to get somebody in trouble?

..ok, would I ever try to get my friends in trouble? :)

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Contest!
« Reply #3 on: October 22, 2005, 06:16:53 pm »
I am, and it's right here.

[holds up note]

Would I ever try to get somebody in trouble?

..ok, would I ever try to get my friends in trouble? :)


Whos domain is sexchinatown.com and why does it seem to be a lookback address to my router?
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Contest!
« Reply #4 on: October 22, 2005, 06:31:56 pm »
I am, and it's right here.

[holds up note]

Would I ever try to get somebody in trouble?

..ok, would I ever try to get my friends in trouble? :)


Whos domain is sexchinatown.com and why does it seem to be a lookback address to my router?

I don't know whose domain it is, look it up. 

"lookback address"?

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Contest!
« Reply #5 on: October 22, 2005, 06:32:07 pm »
Ron: Stop looking for asian porn.

Quik:
jimmy@x86:~/public_html$ host www.sexchinatown.com
www.sexchinatown.com has address 192.168.1.1

Unfortunately there is no 192.168.1.1 on my network :(

WHOIS information for sexchinatown.com:

[whois.enom.com]

Registration Service Provided By: HK82.COM Web Hosting Company
Contact: sales@hk82.com
Visit: http://82name.com
   
Domain name: sexchinatown.com

Registrant Contact:
   Cheung Sze Chun
   Cheung Sze Chun (group@asianude4u.com)
   +852.25183779
   Fax:
   23/F, Sun Hing Ind., Bldg, - 46 Wong chuk Hang Road
   Hong Kong,  852
   HK

Administrative Contact:
   Cheung Sze Chun
   Cheung Sze Chun (group@asianude4u.com)
   +852.25183779
   Fax:
   23/F, Sun Hing Ind., Bldg, - 46 Wong chuk Hang Road
   Hong Kong,  852
   HK

Billing Contact:
   
   Cheung Sze Chun (group@asianude4u.com)
   +852.25183779
   Fax:
   23/F, Sun Hing Industrial Bldg,
   46 Wong Chuk Hang Rd, Hong Kong
   Hong Kong,  00852
   HK

Technical Contact:
   Cheung Sze Chun
   Cheung Sze Chun (group@asianude4u.com)
   +852.25183779
   Fax:
   23/F, Sun Hing Ind., Bldg, - 46 Wong chuk Hang Road
   Hong Kong,  852
   HK

Status: Locked

Name Servers:
   DNS27.REGISTER.COM
   DNS28.REGISTER.COM
   
Creation date: 05 Mar 2003 05:08:19
Expiration date: 05 Mar 2008 05:08:19
« Last Edit: October 22, 2005, 06:34:48 pm by Ergot »
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Contest!
« Reply #6 on: October 22, 2005, 06:39:52 pm »
Yeah, you guys are right. 

The DNS name points to 192.168.1.1, which is normally a router, which normally requires authentication.  So I figured it'd be fun to post this and see who noticed :-)

And in case you're wondering, I found the URL with a reverse DNS lookup tool:
http://www.searchmee.com/web-info/ip-hunt.php?hosttofind=&ip=192.168.1.1&cidr=24&action=Search

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Contest!
« Reply #7 on: October 22, 2005, 07:43:19 pm »
Too bad I'm not on 192.168.1.x =P
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Contest!
« Reply #8 on: October 22, 2005, 07:50:00 pm »
The DNS name points to 192.168.1.1, which is normally a router, which normally requires authentication.  So I figured it'd be fun to post this and see who noticed :-)

Offline Newby

  • x86
  • Hero Member
  • *****
  • Posts: 10877
  • Thrash!
    • View Profile
Re: Contest!
« Reply #9 on: October 22, 2005, 09:31:25 pm »
The DNS name points to 192.168.1.1, which is normally a router, which normally requires authentication.  So I figured it'd be fun to post this and see who noticed :-)

I hate you.
- Newby
http://www.x86labs.org

Quote
[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

I'd bet that you're currently bloated like a water ballon on a hot summer's day.

That analogy doesn't even make sense.  Why would a water balloon be especially bloated on a hot summer's day? For your sake, I hope there wasn't too much logic testing on your LSAT. 

Offline Quik

  • Webmaster Guy
  • x86
  • Hero Member
  • *****
  • Posts: 3262
  • \x51 \x75 \x69 \x6B \x5B \x78 \x38 \x36 \x5D
    • View Profile
Re: Contest!
« Reply #10 on: October 23, 2005, 12:57:44 am »
My router IS on 192.168.1.1, I believe that's default for all linksys. I noticed immediately when I hit 'cancel' and found the 401 Not Authorized page my router gives me. Quality. Do I win?
Quote
[20:21:13] xar: i was just thinking about the time iago came over here and we made this huge bomb and light up the sky for 6 min
[20:21:15] xar: that was funny

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Contest!
« Reply #11 on: October 23, 2005, 02:38:39 am »
Well, if it went to 192.168.0.1 mine would ask "Enter Username and Password for 'RP114' at '192.168.0.1'" or something.
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline Screenor

  • Hero Member
  • *****
  • Posts: 1611
  • My own little world.
    • View Profile
Re: Contest!
« Reply #12 on: October 23, 2005, 09:48:28 am »
I don't have a router, so I don't know. -_-

As soon as my damned mother shows her face to me for once this week, I'm going out to buy one.

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: Contest!
« Reply #13 on: October 23, 2005, 11:28:06 pm »
"Please enter the username for '3AD48F'.  Hey... that sounds familiar!"

btw, I got in, what do I win? :D
And like a fool I believed myself, and thought I was somebody else...

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Contest!
« Reply #14 on: October 23, 2005, 11:37:10 pm »
Chinese porn.
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology