Resident boot - July 2013
This year's july challenge combines some of the tricks from the 2011 one with a malicious streak. The setup is a small linux system presented in an .raw file. It boots normally with the following qemu command.
qemu -hdb system.raw
Your challenge is to prepare a "drive" with either a valid FAT32 or NTFS filesystem containing images. Which when invoked
as -hda stays resident and acts as a back door. So to a casual observer it could look like a perfectly harmless drive
containing pictures.
qemu -hda yourfile.raw -hdb system.raw
Some additional options to enable networking will also be required.
-net nic,vlan=0,model=rtl8139
-net tap,vlan=0,ifname=tap0,script=no
You can use tunctl -b to use the tap0 interface.
Rules
- as invisible as possible
- Everything has to happen in memory, no writing to the disk.
- your drive has to bzip2 down to 1MiB.
- it should either allow you to login as root, or listen on the network for commands
- send submissions to blapost@gmail.com
- No prizes, but your submissions will be showcased on this page
system.raw (some assembly required)
The goal is to make your code as robust as possible.Compressed system.raw.bz2
This is a
- 1GB disk (compressed: 12MiB)
- 1 primary partition starting at block 2048
- formatted as ext2
- debian 7 grub1 binaries installed in /boot and mbr
- ubuntu raring linux-image-3.8.0-19-generic kernel
mkdir m
mount -o offset=$((2048*512)) system.raw m
cd m
tar xjkf ../stage3-amd64-*.tar.bz2
cd ..
umount m
It should now boot to a tty login.
mount -o offset=$((2048*512)) system.raw m
cd m
tar xjkf ../stage3-amd64-*.tar.bz2
cd ..
umount m
Submissions
Not being able to put as much effort into promoting this july challenge as previous years i'm thankful for all the effort put in by the people who submitted their work. I will still process submissions upto at least december2013. There are still a lot of things that can be done to make these exploits more generic.adrian5
Typing "the best is yet to come" at the login prompt will disable the need for a password.bin - source
Thanks!