Security practice (contest)

h57xiucj2z946q · 05-07-2008 11:59PM

found some things, but server is down now?

conceited · 06-07-2008 12:00AM

Ok it's been up a few hours now and nobody was able to do anything.
There was plenty of port scanning and such but nothing came of it.
I'll make it easier if you want? But to be honest, this was fairly easy.

h57xiucj2z946q · 06-07-2008 12:01AM

im able to execute commands on the server, i know of the weakness in the system

Directory of c:\

07/05/2008 08:35p <DIR> Inetpub
07/05/2008 11:11p <DIR> WINNT
07/05/2008 08:22p <DIR> Program Files
07/05/2008 08:47p <DIR> WEB_ROOT
07/05/2008 08:27p <DIR> Documents and Settings
07/05/2008 09:39p 5,255,168 lol.txt
1 File(s) 5,255,168 bytes
5 Dir(s) 1,315,172,352 bytes free

conceited · 06-07-2008 12:03AM

I got a few dr watsons alright was looking through the logs :pac: haha
Ah i see you must be using the ././././.././././././././.
?
Any idea of os etc and network?

h57xiucj2z946q · 06-07-2008 12:04AM

i didnt use that, i did a quick sniff with nessus.

h57xiucj2z946q · 06-07-2008 12:06AM

i was hoping to compile src and get a reverse shell as 8080 seems to be the only port going through your router, opening a local port seemed pointless.

conceited · 06-07-2008 12:06AM

Ya i seen a few attemps with that.
I have other machines on the network so i didn't wanted to bridge it ,but your scans are allowed through.

h57xiucj2z946q · 06-07-2008 12:06AM

welll os is win2k

conceited · 06-07-2008 12:07AM

Thats right.
Any idea of sp ?

h57xiucj2z946q · 06-07-2008 12:10AM

I dont recall seeing any SP but i should have checked the splash of cmd.exe

conceited · 06-07-2008 12:11AM

Well if you like i can put her back up?

h57xiucj2z946q · 06-07-2008 12:15AM

is there many people at it?

conceited · 06-07-2008 12:18AM

I'd say you changed ip 2 times and i seen 2 others thats about it so 3 or 4.
You gathered the most info without a doubt.

knuth · 06-07-2008 12:18AM

Down

h57xiucj2z946q · 06-07-2008 12:22AM

my ip shouldnt have changed so i guess there is more at it

knuth · 06-07-2008 12:25AM

8080 is closed, vnc is open. Desktop / http.

conceited · 06-07-2008 12:26AM

The scans looked similar ,guess you were using the same tools.

conceited · 06-07-2008 12:27AM

lordlame are yo drunk sir?

knuth · 06-07-2008 12:28AM

yup

knuth · 06-07-2008 12:29AM

HAH, scanned 84 instead of 86. Damnit!

conceited · 06-07-2008 12:31AM

i'll put it up again tomorrow for yee .

conceited · 06-07-2008 02:10PM

my network.

Router:Netopia
Model: 3347NWG

My router had a nat rule setup,
allow traffic on tcp port 8080 to target host.

The routers firewall was turned off.

Not recommended. This setting disables all levels of protection for your network, and exposes your network to significant security risks by allowing all traffic to and from the Internet through your Router. This setting should be used for testing only, or if you are using another type of firewall in conjunction with your Netopia Router.

Anyway you said you were hoping to compile src and get a reverse shell as 8080 seems to be the only port going through the router, and opening a local port seemed pointless.

What did your port scans show only port 8080?
Should i put my router in bridge mode?

Have another think about what you said above and have a look at this .

Server will be up at 6pm
Any questions you can pm me on windows live.

h57xiucj2z946q · 06-07-2008 05:03PM

I only seen 8080 responding to requests but I didnt scan too much, just when I seen the weakness, I went from there.

conceited · 06-07-2008 05:15PM

Ok just 8080.
Have you tried using hping or any advanced scanning to guess the host behind the nat?
So what do you think shall i make it easier?

h57xiucj2z946q · 06-07-2008 05:16PM

conceited wrote: »

my network.

Router:Netopia
Model: 3347NWG

Anyway you said you were hoping to compile src and get a reverse shell as 8080 seems to be the only port going through the router, and opening a local port seemed pointless.

you see I could open an alternate port on your server via exploit but your router would not forward this port to your win2k machine, so instead you use an exploit to make your win2k machine connect back to me, reversing a shell at the same time.

What do I have to do if i get in?
Put my name on the webpage been served?

h57xiucj2z946q · 06-07-2008 05:17PM

conceited wrote: »

Ok just 8080.
Have you tried using hping or any advanced scanning to guess the host behind the nat?
So what do you think shall i make it easier?

Nah its grand the way it is.

conceited · 06-07-2008 05:22PM

you see I could open an alternate port on your server via exploit but your router would not forward this port to your win2k machine, so instead you use an exploit to make your win2k machine connect back to me, reversing a shell at the same time.

Are you sure about that?

What do I have to do if i get in?
Put my name on the webpage been served?

Yes thats it.

Nah its grand the way it is.

Fair enough.
Goodluck

h57xiucj2z946q · 06-07-2008 05:36PM

conceited wrote: »

Are you sure about that?

yes as that port would then need to be setup in the NAT table on your router togo to the win2k machine.

conceited · 06-07-2008 05:44PM

If you say so:pac:

h57xiucj2z946q · 06-07-2008 05:53PM

unless you setup a static NAT to the win2k machine?

Security practice (contest)

Comments