computer hacking
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 37

Thread: computer hacking

  1. #1
    Junior Member
    Join Date
    Apr 2004
    Posts
    7

    computer hacking

    Hello,
    I am enrolled in a college security class. We have a final lab competition in there. There are 2 teams againt each other and we have 12 hours to attack and 12 hours to defend ourselves. The server/client we need to attack are on the same network as ours, and have Windows 2000 Gold on them. The network is completely isolated from the school network and the outside world I am not aware on what software or anti virus stuff the other team has on. Does anyone have any ideas on how we can attack them? We need to either bring their server down, or even alter the data in the database, or anything like this. If anyone can help with ideas, I would really appreciate it.
    Thanks a lot!

  2. #2
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    Install a hardware Keylogger on server PC (link before task starts - when people go on lunch or whatever access keylogger - get password format C:

    if I was your lecturer I'd give extra credit for highlighting that physical security is just as (if not more) important than what software systems are running

    v_Ln

  3. #3
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Physical security is at the very least, just as important as, software security. No matter how much you lock anything down, it is worthless when you can just ask for a password

  4. #4
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    There is also a really good tutorial written by our very own MsMittens on wargames such as this. You might want to give it a read. You will find it in the security tutorials section of this site

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    it is worthless when you can just ask for a password
    Or threaten him/hold him up with a .9 for the password, ey?
    Space For Rent.. =]

  6. #6
    Junior Member
    Join Date
    Apr 2004
    Posts
    7
    Thanks for the feedback. I just found out that the other team will install Sygate firewall to protect themselves. What can we use to break into that?
    We used Superscan to scan for open ports. Do you suggest something else?

  7. #7
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    You can use google to search for Sygate Vulnerabilities or any flaw's in the firewall, way's to bypass, etc etc.. Do you know the version of the firewall? That would help in your search. Gather as much information as possible about your target, then search for vuln's and exploit's for the software they use.

    P.S: BTW, when you scanned for open port's, what did you get? *smacks forhead* that would help, knowing what they got open.
    Space For Rent.. =]

  8. #8
    Junior Member
    Join Date
    Apr 2004
    Posts
    7
    Ok, I will look for vulnerabilities on Google. I do not know what version of Sygate they use, of course they won't tell us When one of my teamates scaned for ports he got that they had 52 open ports; however, none of them was port23 (telnet).
    Today we just have to turn in the attack plan in class. So besides tha firewall and the open ports, what else can we hit them with?

  9. #9
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Well use what you've found in your port scan.

    however, none of them was port23 (telnet).
    HAHA! The world does not revolve around telnet my friend. What you need to do is to take a look at what ports you found were open, lookup what services those ports were, then look up some exploits and vuln's for those services that you can use to gain access. 52 open ports, ey? Wow.. your bound to get in. I'd have a field day!

    Anyways, your main objective right now is to jot down the services for the ports that are open. Find out what services are on them, then google some vulnerabilities and exploit's for that service. You could probably even search AO's database for some help as well.
    Space For Rent.. =]

  10. #10
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Location
    Boston, MA
    Posts
    1,840
    Do you have physical access to the computers? If you do, then there's no need to find a sygate vulnerability. Just try what Val told u, install a keylogger. If possible, try STARR's Proctor spyprogram which offers a wide array of spy techniques and offers a completely invisible install. (The user will almost-never become aware of the program, unless you screw up somewhere).

    I'd give Nessus and LanGuard a thought too.

    One more thought: If you have a physical access to the PC, there's a whole lot of other ways to bring the server down: Propane, gasoline, matches, Spiked Baseball Bat, Flame Thrower, Screw driver, Pliers, Water, Or just plain old picking the PC up and walking out the door with it, could take care of the issue, But I doubt that'll get ya any credit. I'm guessing you have to get in remotely.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •