New HTS Challenge -- Network Scanning

Got an idea on how things should be done? A problem with something on the site? Voice your opinion!

New HTS Challenge -- Network Scanning

Post by ZzBonezZ on Tue Nov 30, 2010 8:43 am
([msg=49650]see New HTS Challenge -- Network Scanning[/msg])

Seems like a legit series of challenges to me. Challenge 1 could be scanning a range of IP addresses for a host with a certain domain name. It could be as complex as Challenge 10 having to scan 1 IP address FROM another IP address with IP and mac spoofing. Or even scanning a range of IP addresses to find a certain host running SSHv1 or Port 23 open.... etc.


If everyone thinks this would be a good addition to HTS, maybe I can devote a little more time into my idea!! :twisted:
ZzBonezZ
New User
New User
 
Posts: 5
Joined: Wed Nov 17, 2010 3:17 pm
Blog: View Blog (0)


Re: New HTS Challenge -- Network Scanning

Post by Goatboy on Tue Nov 30, 2010 1:20 pm
([msg=49658]see Re: New HTS Challenge -- Network Scanning[/msg])

Gonna play Devil's Advocate here.

Whose boxes would we scan? How would we get results back using IP/MAC spoofing? How would the results be confirmed?

It sounds like it could be fun for a while, but scanning is one of those things that's pretty easy to figure out. If we could somehow simulate a large corporate network and include Firewall/IDS/IPS evasion, VLANS, and other realistic challenges, it might work. But simply scanning seems a little flat.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2823
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: New HTS Challenge -- Network Scanning

Post by tremor77 on Tue Nov 30, 2010 2:25 pm
([msg=49659]see Re: New HTS Challenge -- Network Scanning[/msg])

Agreed - However maybe we could setup a honeypot with some easter eggs to be found... a few subdomains right here on hackthissite.org (64.32.24.200) - leave open a few backdoors to nowhere and make it like... a scavenger hunt - the end user has to find like 10 different things.. and make some type of crypto-phrase out of the info they gather, decipher that..... which they can then put into the GO button to beat the challenge.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 899
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: New HTS Challenge -- Network Scanning

Post by thetan on Tue Nov 30, 2010 2:53 pm
([msg=49663]see Re: New HTS Challenge -- Network Scanning[/msg])

"If art interprets our dreams, the computer executes them in the guise of programs!" - SICP

Image

“If at first, the idea is not absurd, then there is no hope for it” - Albert Einstein
User avatar
thetan
Contributor
Contributor
 
Posts: 657
Joined: Thu Dec 17, 2009 6:58 pm
Location: Various Bay Area Cities, California
Blog: View Blog (0)


Re: New HTS Challenge -- Network Scanning

Post by ZzBonezZ on Wed Dec 15, 2010 9:40 am
([msg=50474]see Re: New HTS Challenge -- Network Scanning[/msg])

My bad, work thought they were gonna be slick and implement OpenDNS filtering the same day they piled me with a shit load of stuff to do.

Yeah, I was hoping we could do like some subdomains off of hackthissite.org as well as few hosts a I know of that the owners encourage the public to scan. For instance Fyodor has a host up on his domain named scanme.nmap.org just for playing with nmap. I'm sure there is more hosts in wild just like this one that people encourage scanning of. Plus port scanning is not a crime nor is it intrusive however it does depend on how far people take the mission which could definitely be a liability issue that I highly doubt anyone wants to get involved with.

I'll see what I can do to find some more hosts like scanme.nmap.org and post back here shortly.
ZzBonezZ
New User
New User
 
Posts: 5
Joined: Wed Nov 17, 2010 3:17 pm
Blog: View Blog (0)


Re: New HTS Challenge -- Network Scanning

Post by Goatboy on Wed Dec 15, 2010 1:21 pm
([msg=50481]see Re: New HTS Challenge -- Network Scanning[/msg])

ZzBonezZ wrote:Plus port scanning is not a crime nor is it intrusive

Not necessarily true. There are some loopholes in the legal system that allow pretty much anything to be illegal one way or another. If you scan a network, you might be targeted for wasting bandwidth.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2823
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: New HTS Challenge -- Network Scanning

Post by tremor77 on Wed Dec 15, 2010 2:16 pm
([msg=50485]see Re: New HTS Challenge -- Network Scanning[/msg])

I always use the 'oops my bad' clause... I'm sorry officer I thought I was scanning my personal web server.. I must have copy and pasted the wrong IP address. The only problem with my original thought using HTS with subdomains is that, HTS probably already has it's fair share of skiddies pounding away at it with brute and DDoS.. add in sanctioned activity as part of a challenge and you could grind this puppy to a halt.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 899
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: New HTS Challenge -- Network Scanning

Post by ZzBonezZ on Thu Dec 16, 2010 10:43 pm
([msg=50551]see Re: New HTS Challenge -- Network Scanning[/msg])

Check this out:
hxxp://www.sans.org/security-resources/ ... _legal.php

We just need some German IPs to scan lol. How hard can it be?

And after searching... I think scanme.nmap.org is the only site actually promoting to be scanned lol. I did find this one kind of interesting site though.

hxxp://scanme.ntobjectives.com/
ZzBonezZ
New User
New User
 
Posts: 5
Joined: Wed Nov 17, 2010 3:17 pm
Blog: View Blog (0)



Return to Comments & Suggestions

Who is online

Users browsing this forum: No registered users and 0 guests