Sysmask security challenge
I need advanced hackers to test my new Linux security package Sysmask, by trying to break the demo page:
wims.unice.fr/wims/wims.cgi?module=adm/unice/challenge
This page accepts and executes unmoderated arbitrary codes, in c, sh or perl, and defies any attempt to read a prohibited file. Script kiddies, don't think you can easily break it! The fact that it is set up as a demo of sysmask means that this is at least extremely hard. It has received 241 "assaults" since last Thursday, including some quite ingeneous tricks, but none of them has posed even a remote threat to the security cordon.
Try anything you like with the challenge, but you are warned: it is hopeless without a ring 0 privilege elevation. And you must find one behind a very commonly used syscall!
The system is at its very beginning, with some known weaknesses and even uncorrected bugs in the public server. Even under such conditions, I believe the challenge is very close to practically unbreakable. But it is the last chance, for within a few days the weaknesses and bugs will be fixed.
I have already all my systems (all of them are Linux) protected by sysmask. All my daemons and browsers are running under similar environments as the challenge. As long as the security challenge stands, I no longer fear infiltrations nor viruses. That allows me to forget about software updates.
Sysmask is released under GPL. But it is still alpha, and lacking user interface tools. So for the time being it is only recommended to experienced sysadmins.
wims.unice.fr/sysmask/doc/
|