Recently,I saw the western classic The Good,The Bad and The Ugly.It certainly is a piece of art and a timeless classic directed by Sergio Leone with the likes of Clint Eastwood,Lee Van Cleef and Eli Wallach.
There was one legendary dialog in the film that is still ringing in my head when at the end of film,Clint Eastwood (Blondie) says to Eli Wallach(Tuco) :
“You see, in this world there are two kinds of people, my friend. Those with loaded guns… and those who dig. You dig.”
This reminds me of the kind of obscure game called “Fate” developed by a hacker. Basically,the game starts with you owning a box which you find has been deliberately setup by someone called M101 who now owns you as he has caught you rooting the box(The Ugly).So now you do pretty much what he tells you to do…the game consists of 4 levels each having a server to compromise and gaining root.
I managed to go past the 3 boxes and am still figuring out how to own the 4th one(the game is on my personal box,not on work laptop).
Just a brief idea about how to go about (this is a good game for someone wanting to see how hacking works,the linux box simulated in game is quite good..you get a chance to mess with shell.)
Here is the walkthrough(its not complete one) :
Level 1 :
For this you already have uploaded john the cracker in your home(courtesy of agents whom you contact as in the game).
Basically,you log in as normal user,cd to : /etc/passwd
Get the hash value of root password (surprising that this isnt a shadow file!)
Run john,input the hash and there you go…you are now su as root.
Level 1 over.
This has some more fun.Here you are supposed to do a scan of remote box and then exploit it.Cant just login immediately.So,this time you dont have john to crack password,however you have portscan and ftpexploit.
As common sense dictates,do this :
1.run portscan….find open port (surprise,surprise..port 21 is open)
2.Launch ftpexploit..this will launch remote shell with root on the target box.
Level 2 over.
Slightly harder,no exploits are hinted at this level.You have to dig deep to see what to use.
Portscan once again will show this as a ftp server.
This time,brutus is at your disposal.
FTP scan shows a normal ftp account…running brutus on it gives it’s password.
This makes an entry point into the box with normal privileges.
As it is obvious,what is left is escalation of privileges.
This I leave as an exercise to those who are interested.
The game closely relates to the movie above:
You are The Good
The agents whom you speak to in imaginary IRC channels in game are The Bad.
M101 is The Ugly.
I will try to finish the game when I resume playing.It is an interesting game if you are hooked.