Welcome to the Slut-box page

To be brief, the Slut-box is a network-accessible computer that has an (amazingly) old distro running on it. You are allowed to break into it. Some might call it a "wargame".

What's it running?

At this moment, the box is running FreeBSD 5.3 (you can read about the current status here). We'll try some other OSs later.

What can I do?

You can do whatever you wish to slut-box, but you should avoid hurting (mine or third parties) other machines. Also, try not to break the box as restoration takes some time.

Thats it for now. Do something really nasty and I'll add new exciting restrictions. For reference, the following are perfectly OK:

• DOS the box (if it yeilds some ulterior goal and doesn't hurt my bandwidth too much for too long)
• Brute force something
• Scan it
• Exploit known or unknown vulnerabilities
• Compile your kernel, run seti@home or crack passwords on the box (it's an old pentium 166 or something, though)

What's the point?

To provide one more legal target for folks to break into. You know, to keep people out of jail. And possibly learn something interesting in the process.

Anything else?

Well, yeah.. If you haven't ever been to roothack.org, they asked people to write some stuff after their games. I know this one isn't really a game, but I would really appreciate if you'd write something too. Of course, if you find the box easy, you don't have to bother, but if it takes you time and exploration... A page or two will help you organize your experiences and everybody (including your humble host) will get something interesting to read.

I am currently testing the system and would especially appreciate any feedback. If you have trouble connecting, please send me an email so i could fix it for you and everyone else who might get into the same trouble.

I've also experimentally put up a forum - if it works, it'll stay. Feel free to use it until further notice.

Enough of the chit-chat. Where's the box?

Slut-box "has the same IP" as this server. No! Don't start your magic just yet! In order to get to the box, you have to open a connection to TCP port 1000 on this machine (87.119.162.157). While that connection is open, everything you send is routed to the Slut-box. When you close the connection to 1000, you'll get this machine again. So, be a bit careful about that as you are not supposed to pester this machine - only the slut-box. OK?

So, to be clear:

• Connect to ip 87.119.162.157 port 1000 (with telnet or netcat or something else)
• Keep that connection open
• 87.119.162.157 is now forwarded to slut-box
• That means, 87.119.162.157 is now your target
• Use whatever ideas or tools you might have
• Break into slut-box
• Rejoice
• Try another approach, other ideas
• Disconnect from port 1000
• Forwarding has ended
• That means, don't attack 87.119.162.157 any more
• Optionally send me a mail about your experiences

Is the source for this forwarding thingie available?

Yeah

Where can I send you my warm thanks, vulnerability warnings, papers and everything else I might conjure up?

You can use email. I'm all ears. Note, that the email server is also on the same IP, so you'll have to close the connection to 1000 to directly send me mail (not an issue if you use a smarthost).

You can also contact me through the slutbox forums.