Greg22
Hello Guys,
We're a group of AUB students and have a project consisting of optimizing the security of a network. We are two teams, an attack team and a defense team. As part of the attack team, we have to breach into the network and try to do as much damage as possible.
As the 2nd phase of the project, the defense team has removed the firewall. Our laptops are hence now directly connected to their network. We have also got 2 limited user accounts on both Linux (Fedora core 5) and Windows XP stations. We have set our IPs, Subnet Mask and Default Gateway to those of the defense team (after running some Nessus scans to deduce them) in order to get access to their local website(they have a windows NT server).
We still have two weeks to try to incur as much damage as possible....
We would be really gratefull if you guys can post any useful, efficient and realistic hacks, and we would be glad if we can meet with anyone on the AUB campus in order to work with us and give us some tips.
Thx
teodorgeorgiev
Post here how to access the Fedora so I could check if spending my breakfast money for "Hacking for Dummies" have had any good :) :) :)
Greg22
We access the fedora using a username and password that they gave us(if this is what u mean). it's a limited user account as i already said.
by the way, the command prompt on fedora is available, but they disabled it on XP.
cheers...
Padre
lol, i've already heard of this FYP last year. dunno how they setted it up this year, but last time it was so messy and badly set up that it was a total mess and guetting in could take at max 30 seconds :P
anyway, what are the services running ? Web ? Email ? FTP ?
do the "defense" team have any times where they log in and remotly check theire services ?
btw, i dont really beleive in this FYP, usually they dont teach anything.
use ur creativity
why did u take this FYP ?
Greg22
hehehe Padre....
Believe me it's not a mess this year. The running services are Web, Email and FTP as u said. The defense team can log on at any time on the machines if we are not working, since all the stations are in the same room. They don't do it remotely.
Anyway, we still have one week of attacks... Come on guys!!!
Padre
chou cmon on guys ???
lol, man it's ur job not ours ;)
and who said we are not working with the defense group ?
is it a domain ? or just local logins ?
post the mail/ftp/web services running.
Linux distro.
man, do some reckon and post what u get. post what u wanna do and we can discuss.
we can't just help you out of the blues !!
Greg22
Padre if there's gonna be a hilarious joke each time u post a reply.... baleha man, no one is asking for ur help "out of the blues"!!
I don't have time to waste...
If anyone else is interested plz let me know
10x
samer
Greg,
What Padre meant is that he wants you to be more specific about what you're asking.
Don't ask " how can I hack? " ; ask : " is X or Y attack vector possible using X or Y method ? " :)
Waiting for your questions! ^^
Padre
exactly !
im not here to make fun of you, or joke. or ur just reading the last line of the post ?
again
is it a domain ? or just local logins ?
post the mail/ftp/web services running.
Linux distro.
man, do some reckon and post what u get. post what u wanna do and we can discuss.
mir
Well Greg , if i was you , i would attack the weaker part first :
that is the win xp and winNT
and "Attack where unprepared .. appear where unexpected"
I wouldn't do the things they expept me to do
since my goal is to damage the network as much as possible
i would first start with the silliest and easiest things to do
i think you have physical access to the computer and network... lot of silly stuff can be done here
i would try install a hardware keylogger .. i bet they can't stop u from doing that
i would attack the personal computers of the defenders and see what i can get from there
i would try all the 0 day exploits
and of course use social engeneering skills .. (try putting a CD loaded with malware with the name of Sara's Pictures) or usb (shi 20 $ .. lot of ppl bidibo l usb for their use )
of course also .. i would make a plan for my attack with the outputs
ano.. if u can't get it easily.. and there is some security .. you need a plan my man
and post about the things or the results you find in each step of ur plan
maybe then the ppl here can help :D
teodorgeorgiev
I think that the "teacher" who has assigned that project must be brutally hissed. Giving such a task to students, who have no deep experience in TCP/IP networking and the Linux OS, will create future script kiddies, who will just browse the Web for compiled hacks/exploits.
If you know Linux well you can easily think of some local exploits / DoS attacks.
battikh
if you have to do maximum damage, just run with an axe and swing around the room. and it will really be fun, believe me, you'll enjoy it
samer
@battikh: roflmao :D
@Greg: as you have local access (and even physical access, as I understand) ; there are multiple attack vectors possible:
First, the easiest, for the NT machine, just take out the motherboard and do some magic to reset the BIOS password. Set the boot order to boot from CD or USB, use any linux live CD, mount your NT partition (Knoppix does it for you), take out the SAM file and decrypt it :) (various online crackers use rainbow tables)
As I understand, you have a local user on the machine. Just exploit a vulnerability that gets you admin, or even system privileges (buffer overflow?) ; there are plenty available if you can't write your own.
If you have any further questions, do not hesitate to post.
Padre
First, the easiest, for the NT machine, just take out the motherboard and do some magic to reset the BIOS password. Set the boot order to boot from CD or USB, use any linux live CD, mount your NT partition (Knoppix does it for you), take out the SAM file and decrypt it smile (various online crackers use rainbow tables
bios and that shit was used last year -> not a good idea.
anyway, try to see if u can exploit the web they have IF it's an active one.
You got plenty of good ppl in AUB that could help you out. i know at least 3 good guys that managed to fuck up the AUB network, dunno if they are still there, so u may want to seek them out for local help. i know them throught online communication, so dont ask for theire names :P
Greg22
ok 10x guys...
we'll try and give u feedback...