___        /  /\    
      /__/\      /  /::\   
      \__\:\    /  /:/\:\  
      /  /::\  /  /:/  \:\ 
   __/  /:/\/ /__/:/ \__\:\
  /__/\/:/~~  \  \:\ /  /:/
  \  \::/      \  \:\  /:/ 
   \  \:\       \  \:\/:/  
    \__\/        \  \::/   
                  \__\/    

Resident boot - July 2013

This year's july challenge combines some of the tricks from the 2011 one with a malicious streak. The setup is a small linux system presented in an .raw file. It boots normally with the following qemu command.
qemu -hdb system.raw
Your challenge is to prepare a "drive" with either a valid FAT32 or NTFS filesystem containing images. Which when invoked as -hda stays resident and acts as a back door. So to a casual observer it could look like a perfectly harmless drive containing pictures.
qemu -hda yourfile.raw -hdb system.raw
Some additional options to enable networking will also be required.
-net nic,vlan=0,model=rtl8139 -net tap,vlan=0,ifname=tap0,script=no
You can use tunctl -b to use the tap0 interface.

Rules

system.raw (some assembly required)

The goal is to make your code as robust as possible.

Compressed system.raw.bz2
This is a A gentoo userspace should still be added. Get the latest stage3 from here or grab it from a mirror.
mkdir m
mount -o offset=$((2048*512)) system.raw m
cd m
tar xjkf ../stage3-amd64-*.tar.bz2
cd ..
umount m
It should now boot to a tty login.

Submissions

Not being able to put as much effort into promoting this july challenge as previous years i'm thankful for all the effort put in by the people who submitted their work. I will still process submissions upto at least december2013. There are still a lot of things that can be done to make these exploits more generic.

adrian5

Typing "the best is yet to come" at the login prompt will disable the need for a password.
bin - source

Thanks!