Need tips & stratagies for Wargames
Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Need tips & stratagies for Wargames

  1. #1
    Junior Member
    Join Date
    Oct 2006
    Posts
    6

    Need tips & stratagies for Wargames

    Im participating in a wargame at my school and I need some help. The target host machine is a fully patched Windows XP PRO (SP2) and I can reasonably assume that ports:
    7
    9
    13
    17
    19
    135
    445
    3389
    1030
    139

    are opeing and listening, the problem is that the windows firewall is on and set not to allow any exceptions, which Im assuming doesnt alllow any inbound traffic unless in response to outbound traffic. We are on an internal switched (cisco) lan and I have access to XP pro 2, fedora core 4, and server 2003 OS's. I need some ideas on how to bypass this the firewall, also would arp poisoning or using a WSUS server to distribute code help me out in any way?

    Thanks
    Last edited by bnations; November 19th, 2006 at 07:05 PM. Reason: need email notification

  2. #2
    Junior Member
    Join Date
    Nov 2006
    Posts
    5

    Wow a Wargame at school, i wish i was lucky as you

    I smell a rat, what school would run a wargame? and without teaching the pupils common security knowledge?

    But either way, I assume that because its a wargame that the machines aren't actually being used (by people, maybe some bot is running to make sure they're still up and running) and are just running services.

    So ARP poisoning wouldn't help you because no sensitive data is traveling to and/or from the target

    Of course if there are people using the machine then ARP poisoning would be useful.

  3. #3
    Junior Member
    Join Date
    Oct 2006
    Posts
    6
    Yes there is someone using the machine, and Its not an official war game we just have a lab and want to experiment. But either way assuming that I was successful at arp poisoning, say I captured an html request and sent back an altered response, could I include batch like code in the packet?
    Ex:
    netsh firewall set opmode mode = disable exceptions = disable

    Any ideas?

  4. #4
    Junior Member
    Join Date
    Nov 2006
    Posts
    5
    well you can't just include it in the HTTP page..or it would show up in the page they're viewing, i guess you could send back an altered response though it would be rather aggressive, and maybe the only option if the user has only limited privileges on the machine.

    Another option is to just watch the traffic for sensitive passwords..but that won't do alot of good if the user doesn't have an admin account on a machine

    The aggressive method would require more work and could possibly be detected whereas the passive method is probably less effective and only if a network admin were to check the ARP table on the switch/router? which you'd have to be pretty unlucky too.

    I just have one more question, do you actually have permission from the people who run/own the network? and even so, its rather un-ethical to do this on live targets which I assume is illegal anyway (invasion of privacy)?

    Sorry for the rather brief explanation but it'd take me ages to write an in-depth reply

  5. #5
    Junior Member
    Join Date
    Oct 2006
    Posts
    6
    It is a learning environment, we are on an isolated subnet, The target is fully aware of what were doing, and there is no reason to try to remain undetected, remember its just an experiment, The target and everyone else involved has an administrator account with the same password. The main goal is to get passed his firewall. So i guess my question is after I capture a packet, what tools could I use to alter the data? Is there some html syntax that has the equivalent effect as:
    netsh firewall set opmode mode = disable exceptions = disable,

    I guess it doesn't have to be html either, just some type of packet that I can try to alter.

    thanks in advance

  6. #6
    Junior Member
    Join Date
    Nov 2006
    Posts
    5
    i'm not going to reply to this post anymore...because somehow the pieces just don't fit

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    There are no known/published unpatched vulnerabilities or bypasses to the windows XP firewall. So you will probably not find anybody on here who is willing to tell you of an unpublished way to do it, if such a way does in fact exist.

    As much as people like to complain about windows firewall it is rather effective at what it does.

  8. #8
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    as it is in a school lab, and I asume you are all in the same room ?

    gain physical access to machine
    using your common paassword to get in
    disable firewall, leave a TXT file on the desktop saying Hi

    jobs a gud'un
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  9. #9
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    so ............ can I take it the game went well
    or not
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  10. #10
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Hey c'mon Mark,

    You know how these wargames turn out?


    It's "blue on blue"?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •