Subj : Re: SSH BBS Hack Challenge
To   : ALL
From : 2twisty
Date : Thu Mar 31 2022 17:10:09

 Mc> I'm going to give you the excuse of 'youthful exuberance' here. Port 22
 Mc> and SSH access are not the same. Do *not* open ANY SSH port to the world!

Opening any telnet port to the world is actually FAR FAR FAR more dangerous than SSH.  As for "youthful exuberance," the only youth here is my experience with this particular software.  I have been running Linux servers since 1995.



 Mc> And that's kind of my point! Why would you give any Trouble, Dick, and
 Mc> Hasbeen, free access to your underlying OS? Close that port, sir!

Fine.  PROVE ME WRONG.  HACK ME.  

To anyone out there: Hack my board and put some obvious file in the root of the system (please don't cause damage).  Show me that you CAN do it via SSH and NOT do it over Telnet.

First one to succeed gets $100 sent via Facebook Messenger.

Note, you must show your work (so that I can FIX said problem) and you must show that you CANNOT break in over telnet.

If you can prove the opposite ( that you CAN get in over telnet and NOT over SSH) I will send $50.

If you can break in over BOTH, I will send $150.

Furthermore, you exploit a bug in Mystic to gain access, you have to show all that work, as well.  We would want to make sure that g00r00 gets what he needs to plug that hole.

Please note: $150 is a lot of money for me; I don't make this challenge lightly, and if we have a winner, it may take me a while to have that much cash in reserve to send.

If you succeed, please contact me at 2twisty@gmail.com and give me all the proof I need (name of the file you created and your proof of exploit(s)) so that I can validate a winner. Your process has to be repeatable in order to verify how you did it.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
 * Origin: The Ratrace Losers (21:3/166)

.