Subj : Re: Nightmares / Dreams
To   : McDoob
From : 2twisty
Date : Thu Mar 31 2022 18:48:59

 Mc> How quaint. You actually think that Mystic's SSH isn't the same as...you
 Mc> know...*actual* SSH...

Do you *actually* think i run Mystic as root?  IF they managed to crash Mystic and get to a bash prompt, then they'd have to use another hack to get root access in order to complete the challenge.

Further, if Mystic *is* using the in-built OpenSSH server in Ubuntu (rather than rolling his own, only g00r00 could answer that), then....they ain't likely gonna break it because...well...OpenSSH is pretty damn secure..far more secure than Telnet.


Remember: in order to claim the bounty, they would have to reveal HOW they did it, thus giving us the information we need to get Mystic fixed and what exploits they used once they got a bash prompt as an unprivileged user.  That would be fed back to the Linux community to be fixed as well.


 Mc> My hat is white, damnit!

if your hat is white, then you have no ethical issue with hacking me....since I gave permission.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
 * Origin: The Ratrace Losers (21:3/166)

.