Jump to content

Ok I have securty class and I need help.


driveingnow
 Share

Recommended Posts

Ok quick background, I am in a network security class (really I kind you not) and the teacher has let us set up a two networks, each on has

running on Win 2k3

Exchange, 2003

SQL

ISA firewall

Active directory

Win xp

Redhat

Https website

everything in behind the ISA firewall.

WE WILL NOT BE CONNECTED TO THE INTERNET!!!!! (so now going out side are lab with are hacking)

We will have one computer connected to the outside world to look up and download programs to thumbdrives and Sneckernet them to are hacking computers.

the otherside has kept there passwords hind from us and vice versa.

so what I need is a way in, I am having a hard time figuring out how to do it, he has taught us how to keep people out, we really ahven't coverd how to get in.

Any and all help would be great...

and if I get and A out of the class with your help I will deffintly let you know as well as let the class know just how great you guys and this site really is....

Link to comment
Share on other sites

In a test like this its easy to overlook social engineering, bribery, planting moles, blackmail and "unfair" tactics of a similar nature. A real hacker trying to get into a server to steal information wouldn't play nice. There are other aspects of hacking aside from the technical.

Free USB drives?

Link to comment
Share on other sites

he has taught us how to keep people out, we really ahven't coverd how to get in.

Did you understand what he tought? There's a big difference between remembering to remove default ASP files, and understanding why you should do so. When you understand WHY doing something increases security, you will also understand how not doing so can be (ab)used (and, by extension, what your 'in' will be).

This alone is a vital lesson. Out in the Real World you'll find that for whatever reason certain precautions you want to take for security simply won't be possible because applications depend on them. You'll be forced to figure out some way to leave the system effectively open to attack, yet sufficiently secured that you can still sleep at night.

Stuff like setting up firewall rules that will allow access to that particular service only to one very specific machine. Creating a database schema to which an application has near-administrative access, but which is actually not much more than a view on another database so that even with their high privileges, they still can't destroy the database.

Link to comment
Share on other sites

In a test like this its easy to overlook social engineering, bribery, planting moles, blackmail and "unfair" tactics of a similar nature. A real hacker trying to get into a server to steal information wouldn't play nice. There are other aspects of hacking aside from the technical.

what about a baseball bat? :-)

Link to comment
Share on other sites

to keep the other side out of the red hat server you could constantly put eth0 up and down setting random mac addesses and ip addresess in the proper subnet every few seconds. That will confuse them mightily, if destroying the functionaluity of a web server...

Link to comment
Share on other sites

if they have file sharing enabled do this....bit noobish but works in my networking lessons when we piss about with win2k and i pwn the lecturer...

**IP or NetBIOS name of machine**C$ or

** ^^ **ADMIN$

try that pretty noobish but C$ is the cdrive and admin is the win dir

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...