Moving onto the next level

Printable View

Show 40 post(s) from this thread on one page

December 30th, 2005, 05:54 PM
ommy

Raion: May be I am not putting things clearly.I can take down his machine messing around with the switches or DoS.. But the real motive is'nt "taking the machine down"..It is to figure out operating system weaknesses and proving the fact that "yes it could have been more secure on the operating system level rather then just updating the latest operating system patches and running a more stable version of network services"... I think I have made myself clear enough..:)

killerbeesateme: Your advice is'nt really crappy but it does not fulfill my motive of "taking the machine down" in a real way..exploiting the OS weaknesses...

besides..synflood and ICMP echo reflection (smurf,trinoo) are the only remote Dos that I know about. Would anyone like to add to it?

I am going to try this metasploit framework tonight. If I would be able to discover something, I would share it with AO.
December 30th, 2005, 06:18 PM
Tedob1

Quote:

So, here is the situation. My friend has decided to set up a war game. He'll defend and I'll attack. His point is that an updated Windows 2000 machine, with all patched software does not need a firewall and only a potential hacker (with sharp programming skills) can either discover a 0 day exploit and then exploit the machine.

your searching for exploits on the web. all your going to find is code for non-0day exploits for holes that have already been patched. you friend is right. if there's nobody using the server that you can get to do something stupid your not getting in unless you can find and exploit a weakness that hasn't been discovered yet. or watch the boards for news of a hole that a patch has not been released for yet and move real fast before he does a work around.

you might be able to dig around, look over his shoulder or guess for his admin name and password and use pskill remotely to kill svchosts or services or psexec to open a shell on the server.
December 30th, 2005, 06:41 PM
ric-o

ommy:

So basically your only attack vector is across the network. Some thoughts...

* Research to see if any of the versions of the apps/services he's running (ie.; MySQL) have any known vulnerabilities. You can check this using the various vuln dbs out there: Security Focus, NIST Nat Vuln Db, Secunia.

* Try sending his computer malformed packets. Never done it myself before but have worked with pen-testers who've done it. Maybe look into the tool hping

Good luck, hope this helped.
December 30th, 2005, 07:03 PM
killerbeesateme

well, if it's any consolation, MS has been having a small track record of not fully patching exploit vectors. you could try back tracking a couple patches that have gone out and see if you can think of a way to do around the same thing but just a little bit different.

another thing to think about, what is being served on the apache server? is it running php or asp? you may be able to do something with that. I'd say start nitpicking it.

Can you resolve any of the services/users/shares or anything else that you can use to your advantage?
December 31st, 2005, 09:45 AM
ommy

zencoder: A very smart piece of advice..Thank you for this. Guide me a little further with this in context of DDosing. :)

ric-o: I am going to try this with hping. Does anyone have an idea that how does Microsoft implementation of TCP stack responds to a typically crafted packet? any suggestions??

killerbeesateme: Apache server is not running any PHP or CGI scripting. I have ran nikto against it. No shares or users can be resolved on the machine.

besides I kinda exploited this wmf zero-day vulnerability (thanx to metasploit framework and gore :)). And it kinda gave me a little insight of how this "exploitation" works.

Any thoughts on DoS or DDoS?? guys...
December 31st, 2005, 02:10 PM
|3lack|ce

The more I read this thread the more I begin to see yet another script kiddie asking how to hack a system. Sorry ommy, no help for you here, and reds for the thread. If you're truly wargaming to learn, you'll eventually figure out how to ddos/dos a system on your own.
January 1st, 2006, 03:19 AM
[WebCarnage]

Quote:

Originally posted by ommy
ric-o: I am going to try this with hping. Does anyone have an idea that how does Microsoft implementation of TCP stack responds to a typically crafted packet? any suggestions??

Once you've mastered hping you are one step closer to becoming a God amongst simpleton technocrats.

A good place to start reading is here

Also, theHorse13 had a brilliant 4-part tutorial on the usage of hping right here on AntiOnline.

Speaking of, whatever happened to part 5 of that tutorial, theHorse13?
January 1st, 2006, 04:39 PM
ommy

|3lack|ce: I understand the fact that you are a "senior member" here..But I give you no rights (what so ever) to doubt my intentions of learning. I find myself extremely honest with my network security passion and I allow no one to comment on that. SIR |3lack|ce just for your information, I know some stuff about DoS and D'Dos atleast on the basic level (Smurf,trinoo,header fragmentataion, syn floods, ICMP reflection), because of the fact that I am reading alot about them (from books,articles and GOOGLE)... I just asked it here because I wanted to know that if there is something that I am missing or what sort of DoS attacks are more affective practically (since, I have never done that before and I am learning things gradually and I consider it a good practice to seek an advice from the "Seniors" of the community)..

Can I give you a piece of advice?? Can you be little less cynic while judging people's intentions about their passion for knowledge?? YES, you have certainly offended me a great deal...It's not the matter of "RED's" or "GREEN'S"..Its about one's dignity..It's about doubting their thirst for knowledge..Its about doubting their trust on the community...Its about doubting their honesty..I AM DISAPPOINTED...

You have not inspired me like some other senior AO members...like gore,Thehorse13,MsMittens,Tedobe1,CopyRight and bunch of others..I believe you owe me a sorry for this...

[WebCarnage]:Thanx for the advice..I absolutely feel the importance and strength of hping..and I am going to read more and more about that..

best regards,
SCRIPT KIDDIE (with an honest intention to grow and become a part of security community(may be like tony watson or Fyodor) )
January 1st, 2006, 04:59 PM
|3lack|ce

Quote:

I understand the fact that you are a "senior member" here..But I give you no rights (what so ever) to doubt my intentions of learning.

Wonderful. Now you're in the position of giving rights to someone across the net? Yah, ok.

Of your intentions of learning I have no doubt. You're quite like countless others I've seen come to this security forum asking how to hack, you're just going about it in a bit different manner. Same old stuff, different day.

Skipping the next bit of drivel because frankly I don't care what you know from google - it's usually useless and patched - we arrive at:

Quote:

affective

Oops! Effective. Perhaps a sixth grade reading course might be more to your level? Seriously, if you're going to be decent at what you do, you've got to learn to spell. Contrary to popular belief that isn't a slam, it's serious. Ask any programmer who's spent hours pouring over a piece of code he's written that doesn't function correctly, only to find it's a spelling error.

Quote:

Can I give you a piece of advice??

Yep, you can give all the advice you want. I reserve the right, however, to tell you either politely or impolitely precisely where to stuff it. Now for some serious advice to you: Yesterday I was nice and only redded the thread, which was promptly negated by another senior who greened me. Your posting here whining about me redding your thread has brought attention on you in a negative light. Bad move guy.

Quote:

YES, you have certainly offended me a great deal..

Insert extra drivel ad nauseum because I don't feel like quoting his actual whining here.

Quote:

I AM DISAPPOINTED...

So? Shall we throw you a pity party?

I ALWAYS doubt honesty when it comes to someone asking about how to hack, crack, phreak, or otherwise compromise a system. Others may think that I'm spewing 'elitist' crap here. In reality, I'm being a healthy computer security techie. It's my job to be paranoid.

Quote:

You have not inspired me like some other senior AO members...like gore,Thehorse13,MsMittens,Tedobe1,CopyRight and bunch of others..I believe you owe me a sorry for this...

I'm neither here to inspire you nor to entertain you. I believe you're quite sorry indeed to heap such expectations upon others. There. You've been promoted to 'sorry script kiddie'. Congratulations.

Now bugger off before I get really torqued.
January 1st, 2006, 05:00 PM
ByTeWrangler

Greeting's

Quote:

Currently, 21 out of 113 Secunia advisories, are marked as "Unpatched" in the Secunia database.

Quote:

.......you're just going about it in a bit different manner .........

:rolleyes:

Show 40 post(s) from this thread on one page