Web server challenge!

Data that travels over the air and how to protect (or decipher) it

Web server challenge!

Post by zebu on Thu May 01, 2008 7:28 am
([msg=1834]see Web server challenge![/msg])

Greetings all.

Today, at my local TAFE college (Australian- Technical And Further Education) we started a new topic on network security. The new teacher spit the class in two (4 aside) and said that for the 4 week module, the oposing site had to build a web sever (and a crapy one page display) and that my side had to crack it and down it on assesment day. There are 2 weeks for research for both teams before any actual hacking can be attempted. Now, appart from phishing for admin information, I don't really know where to start.
So I'm asking for advise from HTS to get me started, a point in the right direction is all I need.
The will be making a xp pro ser pack 2 box into the webserver.

p.s DOS attacks have also been considered, but would rather use some sort of exploit.
zebu
New User
New User
 
Posts: 1
Joined: Thu May 01, 2008 5:30 am
Blog: View Blog (0)


Re: Web server challenge!

Post by hex_wannabe on Sat May 10, 2008 10:44 pm
([msg=2230]see Re: Web server challenge![/msg])

Wow! This sounds so fun!
Just to clarify, the opposing team has to write their own server?
I'm a complete noob with hacking, so I can't help too much sorry. But I'm doing a similar thing with a few mates at home on my network (using Apache and Php instead of writing my own server though... perhaps I should write a server) so please post the outcome of your little challenge, and how you did it if you don't mind sharing it with us.
Oh, and I assume the other team will be given the chance to try and defend their server? If so, will it be via local or network access?
http://www.netninja.co.nz - My writing forum
hex_wannabe
Experienced User
Experienced User
 
Posts: 96
Joined: Sat May 10, 2008 10:15 pm
Blog: View Blog (0)


Re: Web server challenge!

Post by yourmysin on Mon May 12, 2008 6:04 pm
([msg=2319]see Re: Web server challenge![/msg])

Hmm sounds like fun.

Since they are creating their own server chances are you will be most benefited by exploiting the server rathar then the operating system or any of the web content.

I suggest start learning from the bottom up, learn about TCP/IP in a way which you are familiar with the process the packets will take. Once you are comfortable with that learn how the web service handles the data. How does it process POST/GET requests.

My general idea would be to use any type of input, whether it be packet injection or error handeling to your advantage.
A+, Network+, MCTS(70-620), Security+, CCNA
yourmysin
Experienced User
Experienced User
 
Posts: 84
Joined: Mon Apr 21, 2008 9:02 pm
Location: Newport, Maine, USA
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests