Hello,

I'm a newbie when it comes to the side of hacking/penatrating systems, exposing holes, exploiting vulnerabilities, etc... I've always consentrated on simply learning what was needed to protect against the current threats. But it seems it has become necessary to learn in order to maintain security/stability...

I NEED help!!!

My problem is this;
We have a new guy here in my I.S. Dept that has become 'buddy buddy' with the manager. As such, his 'opinions' are now starting to be taken more seriously then mine - despite my 6yrs experience as a Admin.

The recent issue is "REALLY" bugging me, the manager has allowed this newbie operator to do the install and config on one of our new W2K servers. The problem being the newbie doesn't want to disable ANY services whether their being used or not. As its his 'opinion' that a complete 'vanilla' install/config of W2K is more stable and easier to maintain, and there is no good reason to turn the services off.

This is a stand alone server with always on internet access that stores confidential information, that is not acting as a website server. Well obviously this doesn't sit well with me, how the hell can you call a W2K server 'stable' or 'secure' when you have every service includding IIS running. On top of that, no AV software or firewall, as he says they just eat up resources...

Well after I complained enough, all I got from my manager as a response is "to prove him wrong" along with permission to do anything but access the physical machine to try to hack/break it...


Why I need help;
So now I need to find a way to show the vulnerability of this server, whether doing so breaks it or not, as I obviously don't want to sit back and wait for someone 'possibly malicious' finds this vulnerability and exploits it.

Is there some easyway to hack a W2K server via port 80, or to send it a program or a virus/worm thru that port???

I know of many past instances, like 'Code Red' and 'Nimda', where I was glad the other servers were secure - but I'd rather not wait for something like that to go around again, just to prove my point... (Hell I hope something like that never does go around again, really)...


Any help or direction to look would be appreciated,
RRP