Cloud server exploit report

[Polyphony]

It's been a while since I posted on EZ, but I found something pretty cool.  Below you can find the full report released by Cloud Passage detailing the attack vector, yada yada.

Code: [Select]

http://upload.evilzone.org/download.php?id=676334&type=zip


So in September of this year, Cloud Passage ran a sort of ctf type contest with a cash prize and this guy named Terrence (mentioned in the article) exploits a minimally setup cloud server in under 4 hours.  It's pretty funny because he's just this lonely little 28 year old undergrad who's worked for a computer company for about a year and he just absolutely blows the competition out of the water.

[Kulverstukas]

It's no surprise that the "lonely little 28 year old undergrad" blew it off. Sometimes self-thought people can be much better than those with a paper, hell, not to brag, but even I, that didn't study anywhere, can do better than some people I met that finished university studies of that field. It's just sad that education system does not take into account that.

Whoah that seemed like a bit of thread jacking

When was this released?

[Polyphony]

Hey, I understand the not-so-surprising fact that the lonely 28 year old undergrad got it done lol.  The only reason he was able to do it so fast is that the servers were setup with all the default settings I mean... not even the most basic precautionary steps of hardening the servers against infiltration. (Edit, not saying that he wouldn't have been able to break into it without a degree or anything, I'm just saying the whole default passwords and such may have helped him out a bit )


As for when that report was released, I'm not sure.  Cloud Passage has a blog post about it though, and it is dated December 19, 2013 so I'm guessing the report was published not too long ago.

Code: [Select]


http://blog.cloudpassage.com/2013/12/19/hacker-compromised-server-four-hours/