driveingnow Posted November 30, 2006 Share Posted November 30, 2006 Ok quick background, I am in a network security class (really I kind you not) and the teacher has let us set up a two networks, each on has running on Win 2k3 Exchange, 2003 SQL ISA firewall Active directory Win xp Redhat Https website everything in behind the ISA firewall. WE WILL NOT BE CONNECTED TO THE INTERNET!!!!! (so now going out side are lab with are hacking) We will have one computer connected to the outside world to look up and download programs to thumbdrives and Sneckernet them to are hacking computers. the otherside has kept there passwords hind from us and vice versa. so what I need is a way in, I am having a hard time figuring out how to do it, he has taught us how to keep people out, we really ahven't coverd how to get in. Any and all help would be great... and if I get and A out of the class with your help I will deffintly let you know as well as let the class know just how great you guys and this site really is.... Quote Link to comment Share on other sites More sharing options...
VaKo Posted November 30, 2006 Share Posted November 30, 2006 In a test like this its easy to overlook social engineering, bribery, planting moles, blackmail and "unfair" tactics of a similar nature. A real hacker trying to get into a server to steal information wouldn't play nice. There are other aspects of hacking aside from the technical. Free USB drives? Quote Link to comment Share on other sites More sharing options...
driveingnow Posted November 30, 2006 Author Share Posted November 30, 2006 They are against the Rules of Engagment. We can't have physical access, and we can't talk to them about it. Sorry ment to say that before..... This is all software, the only thing we can know about them is there IP address... Quote Link to comment Share on other sites More sharing options...
VaKo Posted November 30, 2006 Share Posted November 30, 2006 Rules of Engagment? My eternal enemy strikes again! Nmap & Metaspolit? Quote Link to comment Share on other sites More sharing options...
cooper Posted November 30, 2006 Share Posted November 30, 2006 he has taught us how to keep people out, we really ahven't coverd how to get in. Did you understand what he tought? There's a big difference between remembering to remove default ASP files, and understanding why you should do so. When you understand WHY doing something increases security, you will also understand how not doing so can be (ab)used (and, by extension, what your 'in' will be). This alone is a vital lesson. Out in the Real World you'll find that for whatever reason certain precautions you want to take for security simply won't be possible because applications depend on them. You'll be forced to figure out some way to leave the system effectively open to attack, yet sufficiently secured that you can still sleep at night. Stuff like setting up firewall rules that will allow access to that particular service only to one very specific machine. Creating a database schema to which an application has near-administrative access, but which is actually not much more than a view on another database so that even with their high privileges, they still can't destroy the database. Quote Link to comment Share on other sites More sharing options...
anyedie Posted November 30, 2006 Share Posted November 30, 2006 Free USB drives? mml, thats wonderful! Quote Link to comment Share on other sites More sharing options...
rFayjW98ciLoNQLDZmFRKD Posted November 30, 2006 Share Posted November 30, 2006 In a test like this its easy to overlook social engineering, bribery, planting moles, blackmail and "unfair" tactics of a similar nature. A real hacker trying to get into a server to steal information wouldn't play nice. There are other aspects of hacking aside from the technical. what about a baseball bat? :-) Quote Link to comment Share on other sites More sharing options...
PoyBoy Posted December 1, 2006 Share Posted December 1, 2006 to keep the other side out of the red hat server you could constantly put eth0 up and down setting random mac addesses and ip addresess in the proper subnet every few seconds. That will confuse them mightily, if destroying the functionaluity of a web server... Quote Link to comment Share on other sites More sharing options...
melodic Posted December 1, 2006 Share Posted December 1, 2006 if they have file sharing enabled do this....bit noobish but works in my networking lessons when we piss about with win2k and i pwn the lecturer... **IP or NetBIOS name of machine**C$ or ** ^^ **ADMIN$ try that pretty noobish but C$ is the cdrive and admin is the win dir Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.