Subj : Re: SSH BBS Hack Challenge
To   : McDoob
From : 2twisty
Date : Thu Mar 31 2022 19:51:20

 Mc> Are you giving me permission to break your sh--uh...stuff?
Yes, provided that you abide by the rules I set out.

 Mc> I won't be nice. I won't leave a friendly note. I will destroy
 Mc> everything. You have been warned, more than once.

This would violate the rules.  Let me restate succinctly:

1) No damage is allowed
2) You must prove that you can get in with SSH and not Telnet (since this was your argument)
3) You must reveal all methods and exploits used in such a way that the information can be used to patch/plug the security holes
4) You must leave proof on the system somewhere to prove that you have root access
5) Your documentation of the exploits/methods must be sufficiently complete to replicate your hack.
6) Aside from the firewall and the BBS itself, you must not access any other systems.

The above rules are the very definition of White-Hat hacking.

Please note #2.  This is the key.  You can't exploit anything other than SSH (or Telnet or a bug in Mystic itself) to get in.  Once in, you will likely need to perform a priv escalation attack, and so long as no damage is done to the system, use whatever.

If you agree to the rules above, you have permission to make the attempt.  The goal here is to either prove that SSH is secure or prove that it isn't, and to gather the needed info in order to MAKE it secure.

--- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
 * Origin: The Ratrace Losers (21:3/166)

.