Results 1 to 5 of 5

Thread: Help with Locking down an NT4/Proxy web server

  1. #1
    Junior Member
    Join Date
    Oct 2001
    Posts
    8

    Question Help with Locking down an NT4/Proxy web server

    Hello, all. I'm looking for input re: vulnerabilities on an NT4/Proxy 2.0 sp1, IIS 3.0 box hosting a small website. The box is locked down pretty tight (all SP's and hotfixs applied, IP filtering is tight, icmp blocked, no telnet, no ftp, user accounts are good 2 go, NTFS permissions are tight, current anti-virus in place, etc.) How would you go about trying to hack this box? Browser based attacks? DoS/buffer overflows? I'm interested in the full range of options... It's locked down pretty tight ( I can't hack it... yet ) but, as we all know, nothing's airtight on the internet...

    P.S. I haven't been around here long, but I really am impressed by this community. I want to thank those of you who take your time to post thoughtful and intelligent posts (you know who you are) and, in particular, Mr. Vranesivich, for starting this up. It's one thing to analyze a piece of technology or read a book or tutorial, but, by and large, there's nothing quite like interaction and collaboration with other like-minded people for increasing knowledge and skill. Thank you all.
    \"When you understand yourself and you understand the enemy you cannot be defeated.\" Miyamoto Musashi, The Book of Five Rings

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Location
    Bemidji, Minnesota
    Posts
    228

    hey...

    wished i could help ya out there buddy *sniff* but I am NOT a hacker *sniff* *sniff* smells funny...hmmmm.oh thats me...I think...check ya out later...and we wanna thank YOU

  3. #3
    I cant believe that you disabled icmp... that's just not fair!
    haha, it sound like your pretty tight.

    You could start by portscanning the box from the internet side,
    keeping an eye out for suspicious services,

    If you dont know what services run on what ports, then here are a few to look for:

    21: ftp
    23: telnet
    80: http
    139: heh, heh, heh...
    1080: Socks5
    2021, 2121: sometimes used for a ftp proxy
    4000: sometimes used for a general udp redirect proxy.
    8080: often http proxy.

    You can find a list of all kinds on the net.
    If icmp is totally diabled, then some port-scanners might not work right. Then again, there all different kinds of portscanners.

    You say that Ip-Filtering is tight,
    You could always try on connecting to your proxy from the internet, see if it lets you in at all, and if it does, then see if it lets you use it backwards, to make connections to internal network destinations.

    You should check your nametable from the net,
    (Run a nbtstat -A xxx.xxx.xxx.xxx) looking for what information it gives you. (if you have problems with nbtstat, then you can try disabling any network card on the computer your attempting the hack from.

    You could try to DoS your box... I suppose...
    If you have access to a linux box, then I reccommend jolt2 as the best DoS around.
    You could try a good-old fashioned frag attack, or a ping flood.
    They should have little to no effect on your box.

    Sorry if this is too dumbed-down for ya,
    It's hard to tell what level people what to be responded to at.

    -8trak
    F0 0F C7 C8

  4. #4
    Junior Member
    Join Date
    Oct 2001
    Posts
    8
    Originally posted by 8trak
    I cant believe that you disabled icmp... that's just not fair!
    -8trak
    Heh, heh... I like to keep the bar pretty high for anyone who wants to see my stuff... That way, If they're good enough to get in, they are probably too intelligent to be a malicious little twit

    I've run full scans TCP and UDP using nmap (with all the trimmings, of course) and only port 80 is open. This would seem to make an IIS/browser attack the most likely option, but I'm not very knowledgeable about those kinds of attacks... Anyone feel like enlightening me on that subject? I'm really not concerned too much about DoS....just intrusion or system compromise...
    \"When you understand yourself and you understand the enemy you cannot be defeated.\" Miyamoto Musashi, The Book of Five Rings

  5. #5
    Senior Member
    Join Date
    Aug 2001
    Posts
    170

    Arrow

    Try Nessus to try to beat your way in with browser attacks. http://www.nessus.com It does also do all kinds of other vulnerability testing.
    \"If you torture the data enough, it will confess.\" --Ronald Coase

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •