College Project

General technological topics without their own forum go here

Re: College Project

Post by 0phidian on Tue Sep 25, 2012 10:33 pm
([msg=69674]see Re: College Project[/msg])

Heres a little more background info

http://www.linkedin.com/groups/Royal-Holloway-help-defend-country-3859497.S.82591127
The HDF challenge server (an unpatched Windows 2003 server connected directly to the Internet without a firewall in-between) is still standing yet has no protection other than HDF - this despite extensive attempts by hackers to deface it.

HDF is a disruptive new technology that PROACTIVELY protects against malware infection and hacker attack - including zero day and targeted attack. HDF has already been shown to defeat STUXNET and all malware thown at it to date.


Looks like it's sponsored by Royal Holloway and Bedford New College in England.
User avatar
0phidian
Poster
Poster
 
Posts: 257
Joined: Sat Jun 16, 2012 7:04 pm
Blog: View Blog (0)


Re: College Project

Post by -Ninjex- on Tue Sep 25, 2012 10:47 pm
([msg=69675]see Re: College Project[/msg])

0phidian wrote:Heres a little more background info

http://www.linkedin.com/groups/Royal-Holloway-help-defend-country-3859497.S.82591127
The HDF challenge server (an unpatched Windows 2003 server connected directly to the Internet without a firewall in-between) is still standing yet has no protection other than HDF - this despite extensive attempts by hackers to deface it.

HDF is a disruptive new technology that PROACTIVELY protects against malware infection and hacker attack - including zero day and targeted attack. HDF has already been shown to defeat STUXNET and all malware thown at it to date.


Looks like it's sponsored by Royal Holloway and Bedford New College in England.


Yeah, I have been fucking with this one for hours.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1201
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: College Project

Post by greenist on Wed Sep 26, 2012 1:48 pm
([msg=69690]see Re: College Project[/msg])

Evening all

Right ive decided the attack im going to try to TESTING

Conficker worm

I've been looking for the worm but cannot find anything any ideas ???

All i can find just information about it were can i get the exploit files so i can TEST THIS
greenist
New User
New User
 
Posts: 5
Joined: Tue Sep 25, 2012 1:42 pm
Blog: View Blog (0)


Re: College Project

Post by -Ninjex- on Wed Sep 26, 2012 5:16 pm
([msg=69694]see Re: College Project[/msg])

greenist wrote:Evening all

Right ive decided the attack im going to try to TESTING

Conficker worm

I've been looking for the worm but cannot find anything any ideas ???

All i can find just information about it were can i get the exploit files so i can TEST THIS


I am not sure as of now, but I could research it.

The question at hand for this one I believe is more about how you are going to get around the Hard Disk Firewall that is set up, opposed to what you are infecting it with. I was messing around trying directory traversal attacks but no luck.
You should find a way to infect the machine opposed to what with.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1201
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: College Project

Post by limdis on Wed Sep 26, 2012 8:29 pm
([msg=69708]see Re: College Project[/msg])

greenist wrote:Evening all

Right ive decided the attack im going to try to TESTING

Conficker worm

I've been looking for the worm but cannot find anything any ideas ???

All i can find just information about it were can i get the exploit files so i can TEST THIS

Hmm considering you are the OP, this is the only reason I'm hesitating on my normal response to such a request. Care to explain why you feel like this might be successful? If you are simply just wanting a link to just plug and play then the answer will be no.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1311
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: College Project

Post by greenist on Thu Sep 27, 2012 1:28 am
([msg=69711]see Re: College Project[/msg])

Hi limdis

The reason ive chosen Conficker after the research done by my self and other members help we had here i have identified a port for this TEST the reason ive chose Conficker Worm correct me if im wrong it was the most advice type of worm developed by Chinese man first reported in 2008 and a very advanced worm. most systems renaming unprotected to late 2009

Not sure if i right but should allow me to gain full access to the machine .
Were we plan to leave a message on the index.html

Conflick is a windows server 2003 worm the OS were TESTING is an unpatched version of WINSER2003 so this is an ideal worm if it works.

If im wrong please correct me the conflicker worm runs from a host computer and gain access to others once it gives access to remote computer it will allow access to the remote files to be viewed and edited.

Idea is to create an admin account don't need to hide anything can let my Tutor see ive been the then after i planing to disable any java script the sever maybe running as the only source on the index is html and java that should then allow to edit the index.html .

If that wont work next plan would be good to access installed programs check the software that installed on server
the tutor drop a hint in lesson the HDF is a piece of small software so checking installed programs to see if i can disable the the HDF

If not next plan was to access to running services and process to see if there any HDF running there see if i can disable it from there.

We Just need to Gain access and Edit the indexpage.html of the server BUT the HDF is guarding the file so we need to disable this first before the page can be edited.

Thanks Look forward to everyone help on this
greenist
New User
New User
 
Posts: 5
Joined: Tue Sep 25, 2012 1:42 pm
Blog: View Blog (0)


Re: College Project

Post by -Ninjex- on Thu Sep 27, 2012 1:46 am
([msg=69712]see Re: College Project[/msg])

greenist wrote:Hi limdis

The reason ive chosen Conficker after the research done by my self and other members help we had here i have identified a port for this TEST the reason ive chose Conficker Worm correct me if im wrong it was the most advice type of worm developed by Chinese man first reported in 2008 and a very advanced worm. most systems renaming unprotected to late 2009

Not sure if i right but should allow me to gain full access to the machine .
Were we plan to leave a message on the index.html

Conflick is a windows server 2003 worm the OS were TESTING is an unpatched version of WINSER2003 so this is an ideal worm if it works.

If im wrong please correct me the conflicker worm runs from a host computer and gain access to others once it gives access to remote computer it will allow access to the remote files to be viewed and edited.

Idea is to create an admin account don't need to hide anything can let my Tutor see ive been the then after i planing to disable any java script the sever maybe running as the only source on the index is html and java that should then allow to edit the index.html .

If that wont work next plan would be good to access installed programs check the software that installed on server
the tutor drop a hint in lesson the HDF is a piece of small software so checking installed programs to see if i can disable the the HDF

If not next plan was to access to running services and process to see if there any HDF running there see if i can disable it from there.

We Just need to Gain access and Edit the indexpage.html of the server BUT the HDF is guarding the file so we need to disable this first before the page can be edited.

Thanks Look forward to everyone help on this


There is no doubt that it would not infect the target machine, as I said before.
This machine is actually open to over 200 attacks from Armitage alone.
The thing is, it has a hard disk firewall that you need to look at getting around.
Your goal here would be to get around the firewall opposed to what you are using, that worm is one of the hundreds of possible attacks.

This machine is sitting there open ports and only running that hard disk firewall.
The firewall is very advanced, and blocks all attacks I have tried so far.

Find a way around it, then you are golden to any type of attack almost.

How do you plan on launching this attack against this machine may I ask?
With the hard disk firewall there, I believe the only option is nearly social engineering unless the machine is located in your LAN.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1201
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: College Project

Post by tomjones10 on Wed Dec 12, 2012 10:43 am
([msg=71658]see Re: College Project[/msg])

Right high everyone got another one for ya all

http://pen-testing.sans.org/holiday-challenge/2012

http://snowmiser.counterhack.com/zone-0 ... 10BBE783F/
http://heatmiser.counterhack.com/zone-0 ... BFE963E91/

this was given to me by a tutor today

Were would you start with this as this not a server attack and is a web application attack if anyone willing to help us get started on this be very grateful now got backtrack 5 installed

ive tried some of the stuff this site has thought me in challenges but think it a bit more difficult then first thought

Be greatfull for any advice
tomjones10
New User
New User
 
Posts: 1
Joined: Wed Dec 12, 2012 10:35 am
Blog: View Blog (0)


Re: College Project

Post by telemancer on Thu Dec 13, 2012 5:42 pm
([msg=71695]see Re: College Project[/msg])

Hey Tom,

I'm also taking part in the Sans Holiday challenge, although I'm a total hacking noob. And now that finals have ended I can finally start on it. I started with the heatmiser page, so far I have only made it to zone-2.

Read carefully here, they give you some hints to get started, "Unlike my brother, my fridged minions (without freakish hair) didn't mess up and leak our URLs to search engines or have to block them from the search engines. There is no vulnerability to get to the next zone and you will not find a vulnerability here. Move along."
And
"We had a security concern where the Zone 1 URL ended up in search engine results. We added a file to prevent the search engines from caching these pages. The system is now secure an no unauthorized users have access to the URL."

I don't know how many apache servers or webpages you've set up before, I've done a couple, but my hint is robots!
Here's everything else I can tell I know. A scan has revealed the only open ports are 80 (http) and 443 (SSL), although I don't know how one might exploit SSL here or if it's even used. There is no database linked to the server, I've checked for all kinds, don't even bother. If you want to discuss the challenge further, I suggest starting a new thread, and please send me a pm!

Telemancer
- this is my first post...maybe I'll make a sig in the future, lol
telemancer
New User
New User
 
Posts: 1
Joined: Thu Dec 13, 2012 5:32 pm
Blog: View Blog (0)


Re: College Project

Post by fashizzlepop on Thu Dec 13, 2012 5:59 pm
([msg=71696]see Re: College Project[/msg])

I started another thread already. I didn't realize you posted the same links in here, my bad.

As for the SM, in order to get to Zone 1 you have to search through their twitter accounts (seems weird, but just look).

For the HM you will listen to previous advice and look at robots. To get to Zone 3 you will need to go to the twitters again. Zone 4 is more difficult and when you get there, if you can't figure it out, I can give some more hints.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Previous

Return to General

Who is online

Users browsing this forum: No registered users and 0 guests