Jump to content

Recommended Posts

Posted

Hello

I’m looking for some mac apps to help me with a security class I’m in.

In this class we are in groups and each group has a server, running server 2003. All servers need to be running a web server and an ftp server.

The servers and client computers are on an isolated network (no internet.)

The servers have software firewalls.

Everyone uses pc’s and I’m the only one with a powerbook. I’m looking for some tools, whats a good doss attack tool? Is there a cain like tool for mac?

What would be the best way to kill a server on a 100mb network? I can get 5-6 people on my team to help with the attacks.

What is a good packet sniffing application for the mac?

Now my powerbook has a gigabit network adapter, can it flood the network faster then the other pc on the network with 100megbit connection? I believe the switches are a gigabit. Any help/ info would be great!

Posted
I’m looking for some mac apps to help me with a security class I’m in.

Fair enough.

Everyone uses pc’s and I’m the only one with a powerbook. I’m looking for some tools, whats a good doss attack tool?

Where's the fun in a DOS attack? Requests come in at such a staggering rate that legitimate users can't access it anymore. Hardy fucking har.

Is there a cain like tool for mac?

Hopefully someone else will answer that.

What would be the best way to kill a server on a 100mb network? I can get 5-6 people on my team to help with the attacks.

Preventing legitimate requests from reaching the server doesn't "kill a server". Try actually hacking the FTP server. You'll learn *WAY* more.

What is a good packet sniffing application for the mac?

I would assume WireShark can be had for the Mac aswell?

Now my powerbook has a gigabit network adapter, can it flood the network faster then the other pc on the network with 100megbit connection? I believe the switches are a gigabit.

Presumably yes, but it should be sufficient to just be able to match the line speed to the server. So those 100 MBit PCs can just as easily fill that line on their own.

What's more interesting, if you really _must_ DOS, is to try an amplification attack. Where you send 10 bytes of data to a server, and it responds by sending 100 bytes back. Make the server think you are the target box and you get a 10-fold increase in traffic to the target box compared to what you're actually sending. Check out the DNS server (assuming there is one). It's typically not firewalled off which can be extra fun.

Posted
is it just me or does this request seems a bit fishy, and a skiddie trying to get info on how to own a school comp?? :wink:

its you.

do you want more info on the servers? I help set one of them up.

Posted

if it were windows you could always use the most basic DOS attack :P

Ping Of Death :D

p.s. can we have that on hak5 (attacking a 95 computer, wont work on much else)

Posted
its you.

do you want more info on the servers? I help set one of them up.

And then we tell you what's wrong with it, you hack it and people think the world of you, yet what have you learned?

This was security class, wasn't it?

The idea isn't to be succesful. The idea is to understand.

Posted
its you.

do you want more info on the servers? I help set one of them up.

And then we tell you what's wrong with it, you hack it and people think the world of you, yet what have you learned?

This was security class, wasn't it?

The idea isn't to be succesful. The idea is to understand.

that is quite right

Posted

do you mean compromised as in exploit and like rooting the box to the stage the attacker controls it or just denial of service from the high bandwidth consumption of the torrent being downloaded/uploaded ??

Posted
its you.

do you want more info on the servers? I help set one of them up.

And then we tell you what's wrong with it, you hack it and people think the world of you, yet what have you learned?

This was security class, wasn't it?

The idea isn't to be succesful. The idea is to understand.

I want to be successful and understand! I post and ask for help here because I know a lot of smart people are on this forum. I want to understand how it (attacks) work and use them.

If anyone knows of other web sites that might be helpful please let me know,

Thanks

Posted
I want to be successful and understand! I post and ask for help here because I know a lot of smart people are on this forum. I want to understand how it (attacks) work and use them.

Smart we are, affected by flattery we are not... ;)

Posted
I want to be successful and understand! I post and ask for help here because I know a lot of smart people are on this forum. I want to understand how it (attacks) work and use them.

If anyone knows of other web sites that might be helpful please let me know,

Thanks

Start by getting intimate with the protocols on the network. You should be able to talk HTTP and FTP with the machine over Telnet. A small calculator is allowed when you're doing FTP . No, I'm not kidding.

Once you have a good grasp at the protocol, look for exploits of all kinds of HTTP/FTP/whatever servers that worked before or on other OSes. Understand what the guy who made the software did wrong at that time, and see if the installation you're up against has made similar errors. Format string bugs were all the rage for a while because once people figured out they were actually exploitable they were uncovered everywhere. People didn't think much of them before then.

A DOS attack is BORING! You're 'exploiting' the network rather than the machine. An exception would be calling a page that takes a lot of system resources to prepare a gazillion times simultaneously, but that can be handily beaten aswell with a bit of server-side caching. DOSes for the most part have NOTHING to do with security.

Posted
is it just me or does this request seems a bit fishy, and a skiddie trying to get info on how to own a school comp?? :wink:

I agree .. btw GOOGLE is very useful ;)

  • 2 years later...
Posted

Hi supercool,

I am new to this site,i am not that much familier with that topic ,i suggest this link i think this is useful for you...

sectools.org/sniffers.html

This is useful to know about packet sniffers...

===========

Ramya

New Jobs

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...