These challenges are "offline" based challenges - Live CD's. Based on the SLAX distro..  
Check it out SLAX - your pocket operating system


We have created live cds's that are prebuilt by IHTB to mimic real world environments..  All for
you're hax0ring pleasures... or fantasies (= .. The ISO/Live CD images for these challenges may be 
used in 1 of 2 ways or both if you prefer... See below.


These CD/ISO's are _DHCP_ enabled.. You first step will be to figure out what is the IP address 
of the server (=.. If you get completely stuck.. Hop on irc.ihtb.org  #penguin for some hints... 
Have fun!..


First Method (easiest): Run the iso via vmware as a bootable CD, QEMU or virtual box. 
Which ever you prefer.

Second Method (requires a blank cd): Burn the iso image to a CD, and boot on a live machine.

m0nkey inc has demanded that the company have a security assessment performed.
There IT staff has already performed some basic vulnerability assessments, using 
Nessus. 

When Nessus found nothing, they presented the report to the CEO & upper management.  
The CEO having a technical background, knows way more than just scanning with 
Nessus will be required to fully access the overall security of the server.

The CEO is also aware of the staff using the securing by obscuring method, so m0nkey Inc 
has demanded an outside person perform the penetration test of this server. Now..

This is where you come in... 

Prove to him that his assumptions are correct by penetrating this server. 
Keep in mind, we do know there IT staff are not the sharpest pencil's in the box..

Gain root access to the server, and find the 'Project Password'. 

It can be found with the project payment details.. 


** view source here (X) for some hints **



No exploiting of servers required. 
This server admin need's 'Security 101'.
Possible server configuration issues.