supercool Posted November 16, 2006 Posted November 16, 2006 Hello I’m looking for some mac apps to help me with a security class I’m in. In this class we are in groups and each group has a server, running server 2003. All servers need to be running a web server and an ftp server. The servers and client computers are on an isolated network (no internet.) The servers have software firewalls. Everyone uses pc’s and I’m the only one with a powerbook. I’m looking for some tools, whats a good doss attack tool? Is there a cain like tool for mac? What would be the best way to kill a server on a 100mb network? I can get 5-6 people on my team to help with the attacks. What is a good packet sniffing application for the mac? Now my powerbook has a gigabit network adapter, can it flood the network faster then the other pc on the network with 100megbit connection? I believe the switches are a gigabit. Any help/ info would be great! Quote
VaKo Posted November 16, 2006 Posted November 16, 2006 Roll up on the other teams and DOS them with a .45? Quote
cooper Posted November 17, 2006 Posted November 17, 2006 I’m looking for some mac apps to help me with a security class I’m in. Fair enough. Everyone uses pc’s and I’m the only one with a powerbook. I’m looking for some tools, whats a good doss attack tool? Where's the fun in a DOS attack? Requests come in at such a staggering rate that legitimate users can't access it anymore. Hardy fucking har. Is there a cain like tool for mac? Hopefully someone else will answer that. What would be the best way to kill a server on a 100mb network? I can get 5-6 people on my team to help with the attacks. Preventing legitimate requests from reaching the server doesn't "kill a server". Try actually hacking the FTP server. You'll learn *WAY* more. What is a good packet sniffing application for the mac? I would assume WireShark can be had for the Mac aswell? Now my powerbook has a gigabit network adapter, can it flood the network faster then the other pc on the network with 100megbit connection? I believe the switches are a gigabit. Presumably yes, but it should be sufficient to just be able to match the line speed to the server. So those 100 MBit PCs can just as easily fill that line on their own. What's more interesting, if you really _must_ DOS, is to try an amplification attack. Where you send 10 bytes of data to a server, and it responds by sending 100 bytes back. Make the server think you are the target box and you get a 10-fold increase in traffic to the target box compared to what you're actually sending. Check out the DNS server (assuming there is one). It's typically not firewalled off which can be extra fun. Quote
Dr Zaius Posted November 17, 2006 Posted November 17, 2006 What is a good packet sniffing application for the mac? I would assume WireShark can be had for the Mac aswell? Yes there are third party ports, check the downloads page: http://www.wireshark.org/download.html Although I've never used it on a Mac so I can't say how well it performs compared to the Windows/Linux versions. Quote
Spartain X Posted November 17, 2006 Posted November 17, 2006 is it just me or does this request seems a bit fishy, and a skiddie trying to get info on how to own a school comp?? Quote
supercool Posted November 17, 2006 Author Posted November 17, 2006 is it just me or does this request seems a bit fishy, and a skiddie trying to get info on how to own a school comp?? its you. do you want more info on the servers? I help set one of them up. Quote
CaveMan Posted November 17, 2006 Posted November 17, 2006 if it were windows you could always use the most basic DOS attack :P Ping Of Death :D p.s. can we have that on hak5 (attacking a 95 computer, wont work on much else) Quote
cooper Posted November 17, 2006 Posted November 17, 2006 its you. do you want more info on the servers? I help set one of them up. And then we tell you what's wrong with it, you hack it and people think the world of you, yet what have you learned? This was security class, wasn't it? The idea isn't to be succesful. The idea is to understand. Quote
Spartain X Posted November 17, 2006 Posted November 17, 2006 its you. do you want more info on the servers? I help set one of them up. And then we tell you what's wrong with it, you hack it and people think the world of you, yet what have you learned? This was security class, wasn't it? The idea isn't to be succesful. The idea is to understand. that is quite right Quote
VaKo Posted November 17, 2006 Posted November 17, 2006 Can't you just comprise the server with a badly configured bit torrent client? Quote
Spartain X Posted November 18, 2006 Posted November 18, 2006 do you mean compromised as in exploit and like rooting the box to the stage the attacker controls it or just denial of service from the high bandwidth consumption of the torrent being downloaded/uploaded ?? Quote
supercool Posted November 18, 2006 Author Posted November 18, 2006 its you. do you want more info on the servers? I help set one of them up. And then we tell you what's wrong with it, you hack it and people think the world of you, yet what have you learned? This was security class, wasn't it? The idea isn't to be succesful. The idea is to understand. I want to be successful and understand! I post and ask for help here because I know a lot of smart people are on this forum. I want to understand how it (attacks) work and use them. If anyone knows of other web sites that might be helpful please let me know, Thanks Quote
moonlit Posted November 18, 2006 Posted November 18, 2006 I want to be successful and understand! I post and ask for help here because I know a lot of smart people are on this forum. I want to understand how it (attacks) work and use them. Smart we are, affected by flattery we are not... ;) Quote
cooper Posted November 18, 2006 Posted November 18, 2006 I want to be successful and understand! I post and ask for help here because I know a lot of smart people are on this forum. I want to understand how it (attacks) work and use them. If anyone knows of other web sites that might be helpful please let me know, Thanks Start by getting intimate with the protocols on the network. You should be able to talk HTTP and FTP with the machine over Telnet. A small calculator is allowed when you're doing FTP . No, I'm not kidding. Once you have a good grasp at the protocol, look for exploits of all kinds of HTTP/FTP/whatever servers that worked before or on other OSes. Understand what the guy who made the software did wrong at that time, and see if the installation you're up against has made similar errors. Format string bugs were all the rage for a while because once people figured out they were actually exploitable they were uncovered everywhere. People didn't think much of them before then. A DOS attack is BORING! You're 'exploiting' the network rather than the machine. An exception would be calling a page that takes a lot of system resources to prepare a gazillion times simultaneously, but that can be handily beaten aswell with a bit of server-side caching. DOSes for the most part have NOTHING to do with security. Quote
Guest ABC Posted November 18, 2006 Posted November 18, 2006 is it just me or does this request seems a bit fishy, and a skiddie trying to get info on how to own a school comp?? I agree .. btw GOOGLE is very useful ;) Quote
ramya123 Posted February 2, 2009 Posted February 2, 2009 Hi supercool, I am new to this site,i am not that much familier with that topic ,i suggest this link i think this is useful for you... sectools.org/sniffers.html This is useful to know about packet sniffers... =========== Ramya New Jobs Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.