Close Calls, But No Cracks

By Jim Rapoza  |  Posted 2001-01-29 Print this article Print

Openhack III is still unscathed, but some hackers are changing tactics.

The dust has settled from the frantic first week of Openhack III, with its heavy traffic and mass of DoS attacks. The second week saw a lot more stability in the site and a bit more frustration from serious hackers still banging away as they rethought their approaches and tried to come up with unique methods to defeat Argus Systems Inc.s Pitbull before the Jan. 31 deadline.

Although Openhack III during the second week saw more uptime than in the first week, eWeek Labs did see a few crashes, especially in the Web server system, which crashed from brute-force attacks involving a few hundred thousand attempts to access the FTP server. However, although denial-of-service and standard attacks were the methods of choice during the first week, the second week saw more intriguing attempts to break the systems.

One of the more interesting developments occurred when a participant was able to gain the root user ID on the shell server system. In a typical Unix system, the game would be over at this point. But in a trusted operating system setup such as Pitbull, being the root user is much like being any other user: You still lack the privileges necessary to compromise the system.

The participant was able to create and modify files with root ID information but was unable to do so in areas where he lacked permission, including the root directory of the system.This prevented the participant from being able to achieve the successful hack of adding a file to the root directory.

Another participant was able to load a Perl script into the mail server on the Domain Name System and thus gain application-level access. This is a classic hacker tactic and one that was a key component of the successful hack in the last Openhack contest. But, again, without the needed permissions under the trusted operating system, this user was unable to do much on the system.

With the failure of these traditional types of attacks, talk on the Openhack III discussion list, at groups., turned to more advanced and nontraditional forms of attack.

The most promising tactic discussed was a direct attack on the operating system kernel. According to Argus engineers monitoring the event, one of the closest calls, so far, was an attempted kernel-level exploit.

However, there might not be enough time left to succeed in this most difficult type of exploit by Jan. 31. A kernel-level attack requires the deepest level of understanding of the operating system, and, even then, a flaw must be found for it to work.

Although this form of attack is difficult, it is not impossible. Several participants have already found potential flaws in the Solaris kernel that could lead to compromise of the Openhack shell system.

Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel