computer hacking

[marginasc]

Hello,
I am enrolled in a college security class. We have a final lab competition in there. There are 2 teams againt each other and we have 12 hours to attack and 12 hours to defend ourselves. The server/client we need to attack are on the same network as ours, and have Windows 2000 Gold on them. The network is completely isolated from the school network and the outside world I am not aware on what software or anti virus stuff the other team has on. Does anyone have any ideas on how we can attack them? We need to either bring their server down, or even alter the data in the database, or anything like this. If anyone can help with ideas, I would really appreciate it.
Thanks a lot!

[valhallen]

Install a hardware Keylogger on server PC (link before task starts - when people go on lunch or whatever access keylogger - get password format C:

if I was your lecturer I'd give extra credit for highlighting that physical security is just as (if not more) important than what software systems are running

v_Ln

[gore]

Physical security is at the very least, just as important as, software security. No matter how much you lock anything down, it is worthless when you can just ask for a password

[ZomBieMann77]

There is also a really good tutorial written by our very own MsMittens on wargames such as this. You might want to give it a read. You will find it in the security tutorials section of this site

[Spyder32]

it is worthless when you can just ask for a password

Or threaten him/hold him up with a .9 for the password, ey?

[marginasc]

Thanks for the feedback. I just found out that the other team will install Sygate firewall to protect themselves. What can we use to break into that?
We used Superscan to scan for open ports. Do you suggest something else?

[Spyder32]

You can use google to search for Sygate Vulnerabilities or any flaw's in the firewall, way's to bypass, etc etc.. Do you know the version of the firewall? That would help in your search. Gather as much information as possible about your target, then search for vuln's and exploit's for the software they use.

P.S: BTW, when you scanned for open port's, what did you get? *smacks forhead* that would help, knowing what they got open.

[marginasc]

Ok, I will look for vulnerabilities on Google. I do not know what version of Sygate they use, of course they won't tell us When one of my teamates scaned for ports he got that they had 52 open ports; however, none of them was port23 (telnet).
Today we just have to turn in the attack plan in class. So besides tha firewall and the open ports, what else can we hit them with?

[Spyder32]

Well use what you've found in your port scan.

however, none of them was port23 (telnet).

HAHA! The world does not revolve around telnet my friend. What you need to do is to take a look at what ports you found were open, lookup what services those ports were, then look up some exploits and vuln's for those services that you can use to gain access. 52 open ports, ey? Wow.. your bound to get in. I'd have a field day!

Anyways, your main objective right now is to jot down the services for the ports that are open. Find out what services are on them, then google some vulnerabilities and exploit's for that service. You could probably even search AO's database for some help as well.

[Cybr1d]

Do you have physical access to the computers? If you do, then there's no need to find a sygate vulnerability. Just try what Val told u, install a keylogger. If possible, try STARR's Proctor spyprogram which offers a wide array of spy techniques and offers a completely invisible install. (The user will almost-never become aware of the program, unless you screw up somewhere).

I'd give Nessus and LanGuard a thought too.

One more thought: If you have a physical access to the PC, there's a whole lot of other ways to bring the server down: Propane, gasoline, matches, Spiked Baseball Bat, Flame Thrower, Screw driver, Pliers, Water, Or just plain old picking the PC up and walking out the door with it, could take care of the issue, But I doubt that'll get ya any credit. I'm guessing you have to get in remotely.