April 5th, 2004, 10:54 PM
I am enrolled in a college security class. We have a final lab competition in there. There are 2 teams againt each other and we have 12 hours to attack and 12 hours to defend ourselves. The server/client we need to attack are on the same network as ours, and have Windows 2000 Gold on them. The network is completely isolated from the school network and the outside world I am not aware on what software or anti virus stuff the other team has on. Does anyone have any ideas on how we can attack them? We need to either bring their server down, or even alter the data in the database, or anything like this. If anyone can help with ideas, I would really appreciate it.
Thanks a lot!
April 5th, 2004, 11:12 PM
Install a hardware Keylogger on server PC (link before task starts - when people go on lunch or whatever access keylogger - get password format C:
if I was your lecturer I'd give extra credit for highlighting that physical security is just as (if not more) important than what software systems are running
April 6th, 2004, 06:25 AM
Physical security is at the very least, just as important as, software security. No matter how much you lock anything down, it is worthless when you can just ask for a password
April 6th, 2004, 01:13 PM
There is also a really good tutorial written by our very own MsMittens on wargames such as this. You might want to give it a read. You will find it in the security tutorials section of this site
April 6th, 2004, 04:22 PM
Or threaten him/hold him up with a .9 for the password, ey?
it is worthless when you can just ask for a password
April 6th, 2004, 04:58 PM
Thanks for the feedback. I just found out that the other team will install Sygate firewall to protect themselves. What can we use to break into that?
We used Superscan to scan for open ports. Do you suggest something else?
April 6th, 2004, 05:08 PM
You can use google to search for Sygate Vulnerabilities or any flaw's in the firewall, way's to bypass, etc etc.. Do you know the version of the firewall? That would help in your search. Gather as much information as possible about your target, then search for vuln's and exploit's for the software they use.
P.S: BTW, when you scanned for open port's, what did you get? *smacks forhead* that would help, knowing what they got open.
April 6th, 2004, 05:12 PM
Ok, I will look for vulnerabilities on Google. I do not know what version of Sygate they use, of course they won't tell us When one of my teamates scaned for ports he got that they had 52 open ports; however, none of them was port23 (telnet).
Today we just have to turn in the attack plan in class. So besides tha firewall and the open ports, what else can we hit them with?
April 6th, 2004, 05:17 PM
Well use what you've found in your port scan.
HAHA! The world does not revolve around telnet my friend. What you need to do is to take a look at what ports you found were open, lookup what services those ports were, then look up some exploits and vuln's for those services that you can use to gain access. 52 open ports, ey? Wow.. your bound to get in. I'd have a field day!
however, none of them was port23 (telnet).
Anyways, your main objective right now is to jot down the services for the ports that are open. Find out what services are on them, then google some vulnerabilities and exploit's for that service. You could probably even search AO's database for some help as well.
April 6th, 2004, 05:19 PM
Do you have physical access to the computers? If you do, then there's no need to find a sygate vulnerability. Just try what Val told u, install a keylogger. If possible, try STARR's Proctor spyprogram which offers a wide array of spy techniques and offers a completely invisible install. (The user will almost-never become aware of the program, unless you screw up somewhere).
I'd give Nessus and LanGuard a thought too.
One more thought: If you have a physical access to the PC, there's a whole lot of other ways to bring the server down: Propane, gasoline, matches, Spiked Baseball Bat, Flame Thrower, Screw driver, Pliers, Water, Or just plain old picking the PC up and walking out the door with it, could take care of the issue, But I doubt that'll get ya any credit. I'm guessing you have to get in remotely.