A test for my server.

**God's Whore** · September 3rd, 2004, 01:20 AM

Today I was thinking and came up with a good idea to test my server's security. I have created a little game of 'hack me' for the users of AO to participate in.

All information and rules about this game can be found here http://24.15.51.219/ .

Now I know the issue will arise that this server is not mine and what not, this server is running from my IP (which is logged to this site) and I will do anything anyone asks to further prove that this is my server.

Have fun, and anyone who gets past my 1337 security and bypasses the hidden traps

will get some mad respect. =P

- Cheers, dave

***Cybr1d*** · September 3rd, 2004, 01:21 AM

Even me?

**DemonicKn1ght** · September 3rd, 2004, 01:42 AM

nmap -sN -O -vv -sV 24.15.51.219

# nmap 3.55 scan initiated Thu Sep 2 20:37:14 2004 as: nmap -sN -O -vv -sV -oN dave1.txt 24.15.51.219
Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
All 1660 scanned ports on c-24-15-51-219.client.comcast.net (24.15.51.219) are: filtered
Too many fingerprints match this host to give specific OS details
TCP/IP fingerprint:
SInfo(V=3.55%P=i686-pc-linux-gnu%D=9/2%Time=4137BD5E%O=-1%C=-1)
T5(Resp=N)
T6(Resp=N)
T7(Resp=N)
PU(Resp=N)

# Nmap run completed at Thu Sep 2 20:39:58 2004 -- 1 IP address (1 host up) scanned in 164.058 seconds

nmap -sS -O -P0 -vv 24.15.51.219

# nmap 3.55 scan initiated Thu Sep 2 20:37:26 2004 as: nmap -sS -O -P0 -vv -oN dave2.txt 24.15.51.219
Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Interesting ports on c-24-15-51-219.client.comcast.net (24.15.51.219):
(The 1659 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
80/tcp open http
Device type: general purpose|load balancer
Running (JUST GUESSING) : Apple Mac OS X 10.1.X (94%), FreeBSD 4.X|5.X|2.X|3.X (94%), Microsoft Windows 95/98/ME|NT/2K/XP|2003/.NET (94%), IBM AIX 4.X (92%), F5 Labs embedded (88%)
Aggressive OS guesses: Apple Mac OS X 10.1.4 (Darwin Kernel 5.4) on iMac (94%), FreeBSD 4.3 - 4.4PRERELEASE (94%), FreeBSD 5.0-RELEASE or -CURRENT (Jan 2003) (94%), FreeBSD 4.9 - 5.1 (94%), Microsoft Windows Millennium Edition (Me), Windows 2000 Professional or Advanced Server, or Windows XP (94%), FreeBSD 2.2.1 - 4.1 (94%), Microsoft Windows Server 2003 (94%), FreeBSD 5.2-CURRENT (Jan 2004) on x86 (94%), IBM AIX 4.3.2.0-4.3.3.0 on an IBM RS/* (92%), Apple Mac OS X 10.1.5 (90%)
No exact OS matches for host (test conditions non-ideal).
TCP/IP fingerprint:
SInfo(V=3.55%P=i686-pc-linux-gnu%D=9/2%Time=4137BF7F%O=80%C=-1)
TSeq(Class=TR%IPID=I%TS=0)
T1(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
T2(Resp=N)
T3(Resp=Y%DF=Y%W=FFFF%ACK=S++%Flags=AS%Ops=MNWNNT)
T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
T5(Resp=N)
T6(Resp=N)
T7(Resp=N)
PU(Resp=N)

TCP Sequence Prediction: Class=truly random
Difficulty=9999999 (Good luck!)
TCP ISN Seq. Numbers: C4ED51B4 E31E8E2F 402EA364 5D30299A 9EF55050 4DB427E4
IPID Sequence Generation: Incremental

# Nmap run completed at Thu Sep 2 20:49:03 2004 -- 1 IP address (1 host up) scanned in 697.871 seconds

**pooh sun tzu** · September 3rd, 2004, 01:50 AM

Demonic, it is most certainly a windows server.

Apache/2.0.50 (Win32) PHP/4.3.8 Server at 24.15.51.219 Port 80

I don't think I'll be taking part in this, but it should end up being interesting

**DemonicKn1ght** · September 3rd, 2004, 01:51 AM

Pooh, I'm just running it lol.

**God's Whore** · September 3rd, 2004, 01:57 AM

I should really get rid of those dirty little directory listing pages...

They're such bad liars.

***CybertecOne*** · September 3rd, 2004, 03:16 AM

sounds like fun, however... if its a 'test' for your new server to see how secure it is... if and when somoene defaces it, wouldnt you have to change settings to prevent the exact same attack. when you start using the server... (cause its been done once)[ or will be rather]

n00b.

***MicroBurn*** · September 3rd, 2004, 03:18 AM

I can vouche that it is indeed him. jaguar291 comes to Unerror under the alias dave:

--- [dave] (dave@ane-3D240E4B.client.comcast.net) : dave
--- dave :is connecting from *@c-24-15-51-219.client.comcast.net 24.15.51.219
--- [dave] #lobby
--- [dave] unerror.anewerairc.net :Unerror IRC Server
--- [dave] idle 00:00:03, signon: Thu Sep 2 23:26:29
--- [dave] End of WHOIS list.

Anyways, I think I'll give it a try tommorow after school, I'm nmapping him now. ;-)

Peace
mb

**God's Whore** · September 3rd, 2004, 03:20 AM

Originally posted here by CybertecOne
sounds like fun, however... if its a 'test' for your new server to see how secure it is... if and when somoene defaces it, wouldnt you have to change settings to prevent the exact same attack. when you start using the server... (cause its been done once)[ or will be rather]

n00b.

You're assuming it'll happen... I have a bit different thought to it.

Just look at this place, half the people can't even tie their shoes without help.. =P

***CybertecOne*** · September 3rd, 2004, 03:30 AM

lol, yes of course its IF it happens, i was just asking if it did, would it remain to be a threat??

Thread: A test for my server.

Thread Tools

Display

A test for my server.

Posting Permissions