|
-
November 19th, 2006, 07:04 PM
#1
Junior Member
Need tips & stratagies for Wargames
Im participating in a wargame at my school and I need some help. The target host machine is a fully patched Windows XP PRO (SP2) and I can reasonably assume that ports:
7
9
13
17
19
135
445
3389
1030
139
are opeing and listening, the problem is that the windows firewall is on and set not to allow any exceptions, which Im assuming doesnt alllow any inbound traffic unless in response to outbound traffic. We are on an internal switched (cisco) lan and I have access to XP pro 2, fedora core 4, and server 2003 OS's. I need some ideas on how to bypass this the firewall, also would arp poisoning or using a WSUS server to distribute code help me out in any way?
Thanks
Last edited by bnations; November 19th, 2006 at 07:05 PM.
Reason: need email notification
-
November 19th, 2006, 07:41 PM
#2
Wow a Wargame at school, i wish i was lucky as you
I smell a rat, what school would run a wargame? and without teaching the pupils common security knowledge?
But either way, I assume that because its a wargame that the machines aren't actually being used (by people, maybe some bot is running to make sure they're still up and running) and are just running services.
So ARP poisoning wouldn't help you because no sensitive data is traveling to and/or from the target
Of course if there are people using the machine then ARP poisoning would be useful.
-
November 19th, 2006, 08:04 PM
#3
Junior Member
Yes there is someone using the machine, and Its not an official war game we just have a lab and want to experiment. But either way assuming that I was successful at arp poisoning, say I captured an html request and sent back an altered response, could I include batch like code in the packet?
Ex:
netsh firewall set opmode mode = disable exceptions = disable
Any ideas?
-
November 19th, 2006, 08:20 PM
#4
well you can't just include it in the HTTP page..or it would show up in the page they're viewing, i guess you could send back an altered response though it would be rather aggressive, and maybe the only option if the user has only limited privileges on the machine.
Another option is to just watch the traffic for sensitive passwords..but that won't do alot of good if the user doesn't have an admin account on a machine
The aggressive method would require more work and could possibly be detected whereas the passive method is probably less effective and only if a network admin were to check the ARP table on the switch/router? which you'd have to be pretty unlucky too.
I just have one more question, do you actually have permission from the people who run/own the network? and even so, its rather un-ethical to do this on live targets which I assume is illegal anyway (invasion of privacy)?
Sorry for the rather brief explanation but it'd take me ages to write an in-depth reply
-
November 19th, 2006, 09:31 PM
#5
Junior Member
It is a learning environment, we are on an isolated subnet, The target is fully aware of what were doing, and there is no reason to try to remain undetected, remember its just an experiment, The target and everyone else involved has an administrator account with the same password. The main goal is to get passed his firewall. So i guess my question is after I capture a packet, what tools could I use to alter the data? Is there some html syntax that has the equivalent effect as:
netsh firewall set opmode mode = disable exceptions = disable,
I guess it doesn't have to be html either, just some type of packet that I can try to alter.
thanks in advance
-
November 19th, 2006, 09:55 PM
#6
i'm not going to reply to this post anymore...because somehow the pieces just don't fit
-
November 28th, 2006, 05:31 PM
#7
There are no known/published unpatched vulnerabilities or bypasses to the windows XP firewall. So you will probably not find anybody on here who is willing to tell you of an unpublished way to do it, if such a way does in fact exist.
As much as people like to complain about windows firewall it is rather effective at what it does.
-
November 28th, 2006, 07:23 PM
#8
as it is in a school lab, and I asume you are all in the same room ?
gain physical access to machine
using your common paassword to get in
disable firewall, leave a TXT file on the desktop saying Hi 
jobs a gud'un
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
June 7th, 2007, 10:58 PM
#9
so ............ can I take it the game went well 
or not 
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
June 7th, 2007, 11:10 PM
#10
Hey c'mon Mark,
You know how these wargames turn out?
It's "blue on blue"? 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
