-
December 30th, 2005, 09:14 AM
#1
Senior Member
Moving onto the next level
Hi all,
umm..To begin with (before guys start falming me or anything), let me ******** that I completely understand and know about Antionline rules and I am just looking for an advice/guidance from some senior pen-tester or a security professional(Since, in my opinion I have learnt alot,alot while just reading the everyday posts on antionline).
So, here is the situation. My friend has decided to set up a war game. He'll defend and I'll attack. His point is that an updated Windows 2000 machine, with all patched software does not need a firewall and only a potential hacker (with sharp programming skills) can either discover a 0 day exploit and then exploit the machine. My point is that he still needs a firewall to harden his machine. Now I am supposed to attack his updated Microsoft Windows 2000 Advanced Server machine and take it down. What I did was is following:
1) I nmap'd his machine and found out the following:
53/tcp open domain Microsoft DNS
80/tcp open http Apache httpd 2.0.55 ((Win32))
135/tcp open msrpc Microsoft Windows RPC
1027/tcp open msrpc Microsoft Windows RPC
1029/tcp open msrpc Microsoft Windows RPC
1030/tcp open msrpc Microsoft Windows RPC
3306/tcp open mysql MySQL 4.1.16-nt
3389/tcp open microsoft-rdp Microsoft Terminal Service
2) I ran nessus against his machine(with all updated plugins) and found no serious vulnerability. What I found was some information from the port scanners and a couple of warnings, which were almost harmless.
3) It's been almost 2 days that I am googling for RPC exploits and searching Packetstorm and BugTraq. What I found was DCE-RPC tester and a couple of old vulnerabilities, which have been already patched by the vendor.(I compiled them and ran against the machine and it didnt work).
Now, its been a couple of days, and I am all lost with this. What i need from you guys is to help me moving in the right direction. I believe there is a difference in "help me taking down my friend's machine" and "help me learning the security concerns" notion.
What I can do is to 'syn flood' or 'DoS' his machine to take it down, but this is not the real purpose of setting up this war game. What I am looking at is Microsoft RPC and RDP terminal services to exploit, but didnt found out something really serious to do that.(Only a couple of NULL session vulnerabilities, which have been already patched). What do you guys have to say about this? Am i moving in the right direction.
I really feel that I lack this confidence of actually carrying out a pen-test and the ability to exploit a hole. Since, it has been long that I am reading alots of stuff on different security portals, mailing lists, pen-testing tutorials, experience with knoppix and other security distributions but hav'nt really shown these exploiting abilities. Help me building my confidence AO
Looking forward to your response...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|