Web server challenge!

[zebu]

Greetings all.

Today, at my local TAFE college (Australian- Technical And Further Education) we started a new topic on network security. The new teacher spit the class in two (4 aside) and said that for the 4 week module, the oposing site had to build a web sever (and a crapy one page display) and that my side had to crack it and down it on assesment day. There are 2 weeks for research for both teams before any actual hacking can be attempted. Now, appart from phishing for admin information, I don't really know where to start.
So I'm asking for advise from HTS to get me started, a point in the right direction is all I need.
The will be making a xp pro ser pack 2 box into the webserver.

p.s DOS attacks have also been considered, but would rather use some sort of exploit.

[hex_wannabe]

Wow! This sounds so fun!
Just to clarify, the opposing team has to write their own server?
I'm a complete noob with hacking, so I can't help too much sorry. But I'm doing a similar thing with a few mates at home on my network (using Apache and Php instead of writing my own server though... perhaps I should write a server) so please post the outcome of your little challenge, and how you did it if you don't mind sharing it with us.
Oh, and I assume the other team will be given the chance to try and defend their server? If so, will it be via local or network access?

[yourmysin]

Hmm sounds like fun.

Since they are creating their own server chances are you will be most benefited by exploiting the server rathar then the operating system or any of the web content.

I suggest start learning from the bottom up, learn about TCP/IP in a way which you are familiar with the process the packets will take. Once you are comfortable with that learn how the web service handles the data. How does it process POST/GET requests.

My general idea would be to use any type of input, whether it be packet injection or error handeling to your advantage.