driveingnow Posted November 30, 2006 Posted November 30, 2006 Ok quick background, I am in a network security class (really I kind you not) and the teacher has let us set up a two networks, each on has running on Win 2k3 Exchange, 2003 SQL ISA firewall Active directory Win xp Redhat Https website everything in behind the ISA firewall. WE WILL NOT BE CONNECTED TO THE INTERNET!!!!! (so now going out side are lab with are hacking) We will have one computer connected to the outside world to look up and download programs to thumbdrives and Sneckernet them to are hacking computers. the otherside has kept there passwords hind from us and vice versa. so what I need is a way in, I am having a hard time figuring out how to do it, he has taught us how to keep people out, we really ahven't coverd how to get in. Any and all help would be great... and if I get and A out of the class with your help I will deffintly let you know as well as let the class know just how great you guys and this site really is.... Quote
VaKo Posted November 30, 2006 Posted November 30, 2006 In a test like this its easy to overlook social engineering, bribery, planting moles, blackmail and "unfair" tactics of a similar nature. A real hacker trying to get into a server to steal information wouldn't play nice. There are other aspects of hacking aside from the technical. Free USB drives? Quote
driveingnow Posted November 30, 2006 Author Posted November 30, 2006 They are against the Rules of Engagment. We can't have physical access, and we can't talk to them about it. Sorry ment to say that before..... This is all software, the only thing we can know about them is there IP address... Quote
VaKo Posted November 30, 2006 Posted November 30, 2006 Rules of Engagment? My eternal enemy strikes again! Nmap & Metaspolit? Quote
cooper Posted November 30, 2006 Posted November 30, 2006 he has taught us how to keep people out, we really ahven't coverd how to get in. Did you understand what he tought? There's a big difference between remembering to remove default ASP files, and understanding why you should do so. When you understand WHY doing something increases security, you will also understand how not doing so can be (ab)used (and, by extension, what your 'in' will be). This alone is a vital lesson. Out in the Real World you'll find that for whatever reason certain precautions you want to take for security simply won't be possible because applications depend on them. You'll be forced to figure out some way to leave the system effectively open to attack, yet sufficiently secured that you can still sleep at night. Stuff like setting up firewall rules that will allow access to that particular service only to one very specific machine. Creating a database schema to which an application has near-administrative access, but which is actually not much more than a view on another database so that even with their high privileges, they still can't destroy the database. Quote
anyedie Posted November 30, 2006 Posted November 30, 2006 Free USB drives? mml, thats wonderful! Quote
rFayjW98ciLoNQLDZmFRKD Posted November 30, 2006 Posted November 30, 2006 In a test like this its easy to overlook social engineering, bribery, planting moles, blackmail and "unfair" tactics of a similar nature. A real hacker trying to get into a server to steal information wouldn't play nice. There are other aspects of hacking aside from the technical. what about a baseball bat? :-) Quote
PoyBoy Posted December 1, 2006 Posted December 1, 2006 to keep the other side out of the red hat server you could constantly put eth0 up and down setting random mac addesses and ip addresess in the proper subnet every few seconds. That will confuse them mightily, if destroying the functionaluity of a web server... Quote
melodic Posted December 1, 2006 Posted December 1, 2006 if they have file sharing enabled do this....bit noobish but works in my networking lessons when we piss about with win2k and i pwn the lecturer... **IP or NetBIOS name of machine**C$ or ** ^^ **ADMIN$ try that pretty noobish but C$ is the cdrive and admin is the win dir Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.