Bitcoin Forum
December 08, 2016, 04:19:56 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: [ANN] h4xcomp - hack the server, get bitcoins  (Read 2916 times)
mav
Full Member
***
Offline Offline

Activity: 168


View Profile
May 13, 2012, 03:15:36 AM
 #21

Reward is now 5 BTC for a successful hack. See the winner link on the homepage at http://www.h4xcomp.com/ for details on the successful tactic.
I was looking at the details page, and one conclusion you came to was that bitcoind running as root was more secure than bitcoind running as www-data. However, I don't think either is correct; bitcoind should run as its own user in its own group for the most ideal security. The reason is that if somehow it became possible to cause the bitcoind process to execute arbitrary code via some kind of exploit, it would be contained inside the dedicated user and group (theoretically), instead of being allowed to run rampant as root.

I am fairly sure it doesn't need root privileges to run, but if it does you can then use a chroot jail for the best security.

Good point, I will update it with this info. Sounds obvious now you say it, good to get these things sorted out now rather than later. Thanks for picking that up and posting.
1481170796
Hero Member
*
Offline Offline

Posts: 1481170796

View Profile Personal Message (Offline)

Ignore
1481170796
Reply with quote  #2

1481170796
Report to moderator
1481170796
Hero Member
*
Offline Offline

Posts: 1481170796

View Profile Personal Message (Offline)

Ignore
1481170796
Reply with quote  #2

1481170796
Report to moderator
1481170796
Hero Member
*
Offline Offline

Posts: 1481170796

View Profile Personal Message (Offline)

Ignore
1481170796
Reply with quote  #2

1481170796
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
REF
Hero Member
*****
Offline Offline

Activity: 526


View Profile
May 13, 2012, 03:18:16 AM
 #22

http://www.h4xcomp.com/www.h4xcomp.com/1/winners/1
winning script gives a 404 error
mav
Full Member
***
Offline Offline

Activity: 168


View Profile
May 13, 2012, 03:46:27 AM
 #23


Thanks, fixed.
Krakonos
Member
**
Offline Offline

Activity: 60


View Profile
May 13, 2012, 11:02:17 AM
 #24

Nice one! I hope you'll have a lot of success, letting people hack your site is the best way to gain experience!

Also, I'll be watching it closely, I'm looking forward to another round (and looking around for other exploits silently :-))

Tip jar: 1MWj8Etpt3ayLG5AvXwhtEU42szJD2m97z
mav
Full Member
***
Offline Offline

Activity: 168


View Profile
May 13, 2012, 11:50:50 AM
 #25

The second round was a quick one - the server has been hacked. Once the prize is claimed, standby for round 3. This one was a bit of a giveaway, but glad to have done so.
a nice guy
Newbie
*
Offline Offline

Activity: 27


View Profile
May 13, 2012, 11:59:12 AM
 #26

Wow, that was really quick.
Sadly I'm no python developer :/

I hope there will be a general security bounty.

Thanks for this interesting stuff Smiley

kind regards,
a nice guy

1PqBH6NWFBhbVF7Srw5ZYGtmLcya1aaw9g
security audits (http://bitcointalk.org/index.php?topic=75684)
pgp: 0x77DA3A9A @ pgp.mit.edu (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x83F5BD9E77DA3A9A)
stochastic
Hero Member
*****
Offline Offline

Activity: 532


View Profile
July 19, 2012, 02:58:03 AM
 #27

Is there going to be another contest?

Introducing constraints to the economy only serves to limit what can be economical.
mav
Full Member
***
Offline Offline

Activity: 168


View Profile
July 19, 2012, 03:52:26 AM
 #28

Yeah there will definitely be more comps, but probably not for at least a couple of months yet. I've been working like crazy on a product, one which will actually earn me money. For now h4xcomp has helped me learn what I needed, so unfortunately priorities means it has been put on the backburner until I have more time for it.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!