Over at the excellent ethicalhacker.net site, the results of the Santa Claus is Hacking to Town Skillz Challenge have been posted:
These challenges are a lot of fun, and educational as well. Ed Skoudis puts a lot of effort into writing and judging them. There’s a whole archive of previous challenges available here, and I highly recommend at least reading through, if not working through, some of the previous challenges.
This time around, I managed to get an honorable mention for my entry! I’m very happy with this. I was unable to test the Windows-centric parts of my solution before I had to submit it and move on to real work, so that part wasn’t %100, but I did have a really solid way of getting netcat onto the web server via the command-injection-vulnerable script, and some nice netcat pivoting.
Oh, and apparently I’m a security stud! :
We had entries from notable security studs like Wesley McGrew, Raul Siles, Ryan Linn, Mark Baggett, Zoher Anis, Paul Tartar, and others.
I might put “notable security stud” on some business cards, or maybe a button, now.