Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Closed Thread
 
Thread Tools Search this Thread Display Modes
 
Old 10-18-2007, 12:26 PM   #1
Solid State Member
 
Join Date: Oct 2007
Posts: 15
Default Any good Hackers here?

I asked because I work for this company and we setup a dummy website to simulate a honey pot. It's hard to get anyone to hit it, because it doesn't have some big top notch info on it or anything. So, I was wondering if anyone wanted to try and see if they can get anything out of it. Kinda like a "crack it if you can" challenge.
__________________

Rhythmnsmoke is offline  
Old 10-18-2007, 12:41 PM   #2
Golden Master
 
DJ-CHRIS's Avatar
 
Join Date: Apr 2006
Posts: 5,203
Send a message via AIM to DJ-CHRIS Send a message via MSN to DJ-CHRIS Send a message via Yahoo to DJ-CHRIS
Default Re: Any good Hackers here?

I'll give it a shot, if I have proof it's yours.
__________________

DJ-CHRIS is offline  
Old 10-18-2007, 01:12 PM   #3
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 7,999
Default Re: Any good Hackers here?

same as...
sounds like a giggle.

First,

as a way to check that this is legitimate I want you to post the address of the site.
then I want an email from the technical admin of the site (as looked up in whois) to be delivered to my email address (PM me for details).

assuming the delivery server address in the email headers matches the mail records and such for the site where the email claims to come from (I.e you don't try to send me a spoofed mail).

I'll let everyone know whether this challenge is legit or not.

Let me know if you need clarification to this process.

unfortunately, we won't be able to discuss the hacks used openly, because the on site advertisers have previously pulled adverts when we've talked about hacking, so we've sanitized any nefarious activity from the site.
__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline  
Old 10-18-2007, 06:39 PM   #4
Solid State Member
 
Join Date: Oct 2007
Posts: 15
Default Re: Any good Hackers here?

No, not a giggle. I'm legit. The IP of the machine that we are hosting the dummy site on is 69.128.136.20. That is the IP of the machine. The company I work for is Black Lab Security. You can confirm this by sending me an email to tvoorhies@blacklabsecurity.com, and I will reply back with my s/n on this forum to let you know that I am indeed the same person. Should that suffice?

If someone can successfully penetrate the system and deposit code or whatever to bring it down, I would like to open a personal dialog with him/her for research purposes. As our chief programmer can pretty much program anything he wants to control the MS OS and kill/thwart attacks. I'm looking for attacks that we have not tried in house or have never seen before. So, if you believe you have a few tricks that are generally sucessful, I would like for someone to try them for me.

I have tried the 5 most popular Network hacking tools thus far to no avail.

Am I allowed to list the hacking tools that we have tried against our own system and defeated them, or is that against the forum rules?


By the way, this isn't your typical IDS, Anti-virus, or any other Bullcrap that people by in the store....lol.
Rhythmnsmoke is offline  
Old 10-18-2007, 07:04 PM   #5
BSOD
 
0x0161's Avatar
 
Join Date: Apr 2007
Posts: 441
Default Re: Any good Hackers here?

I 'll give it a shot. btw, if I do I'm changing the index.html

Cheers,
0x0161
0x0161 is offline  
Old 10-19-2007, 10:23 AM   #6
Solid State Member
 
Join Date: Oct 2007
Posts: 15
Default Re: Any good Hackers here?

^^No problem.

Also, to verify the box is there, you can input that IP address I provided into your browser and it will come up with the dummy website. It's a coffee shop dummy website, so it's not a big deal if anyone is able to do anything. Just want to open personal dialog with you if you can, so I too can learn new techniques for testing purposes.
Rhythmnsmoke is offline  
Old 10-19-2007, 03:18 PM   #7
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 7,999
Default Re: Any good Hackers here?

I'll post in the staff lounge and ask other mods to have a look at this, assuming this is a discussion about how to secure against attacks, (which would have to mention tools that could be used for hacking) personal I don't see the problem.

David may have other ideas.

TBH, given that blacklab security is on an entirely different network to the site that you're asking us to look at,
there are no details on the site to link it back to yourself and it's got a well known test site on the site, no other defining features or anything so that we actually know it's yours...

I'm not entierly convinced that it's your box...

assuming it's yours you'll have full access to it?

put your black lab security logo (the big b with a dog in it) on a page on that box and then link it here, that'll confirm to all of us that it's actually your box, no questions asked.


then the fun can begin.
__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline  
Old 10-19-2007, 10:43 PM   #8
Solid State Member
 
Join Date: Oct 2007
Posts: 15
Default Re: Any good Hackers here?

^^ I assure you that it's our box. I am a Jr. Network Engineer at Black Lab Security. My boss setup the dummy site and it's just a simple coffee shop site. Is it really necessary for me to work through all these credentials before you attempt to attack it? Monday morning, I will go to the machine, and see if I can put an image on the dummy site with our logo. But I'll take it back off, so I need you to have a time frame into which you would like for me to do this. I'm on CST (TN). Black Lab has a Maryland facility, but our lab is based out of Nashville, TN. So, pick the time frame, and I will try and put the image somewhere. However, there are no website development tools on the dummy box, so I will see what I can do to edit the page or anything.

If I am unable to add the image, what other method would you suggest? I have already offered my email addy to Black Lab, but no one has sent any messages thus far.

Another way you could look at it is, if the site was NOT ours, and I asked you to hit it, and you penetrated it (being someone elses site), that would jepordize my job, as you could point the finger right at me and our company because I lead you to believe the site was ours, and I was running this test for research purposes. Trust me, I LOVE my job. It's our site...lol. Again, you can confirm I work for Black Lab by emailing me at tVoorhies@blacklabsecurity.com I will reply back to let you know I am legit. And no, I am not that good of a hacker to spoof a "security" companies email and add myself to the list, so I can fool people into hacking into someone elses website...
Rhythmnsmoke is offline  
Old 10-19-2007, 10:57 PM   #9
Solid State Member
 
Join Date: Oct 2007
Posts: 15
Default Re: Any good Hackers here?

And to explain the Network segment differences between the actual Black lab site, is because the actual website for Black Lab Security is Outsourced/Hosted by an actual company that deals with setting up servers for Commerical businesses. The dummy coffee site is just a box we through up here in the lab and dumped it on the internet with only just our software running on it. There are no, I repeat no other supporting security software (Anti-virus, IDS's...etc..) on this box.
Rhythmnsmoke is offline  
Old 10-20-2007, 09:09 AM   #10
In Runtime
 
AllThingsSacred's Avatar
 
Join Date: Aug 2007
Posts: 302
Default Re: Any good Hackers here?

What exactly are you testing for? A simple nmap scan should show up certain vulnerabilities, particularly if you are using an older version of Microsoft IIS or an older version of Apache [which, I might add, is archaic and dangerously insecure in some cases].

I would personally be doing some of the following; a port-scan for vulnerabilities, then use some tool like plink to open an SSH tunnel into your machine, perform a privilege escalation exploit and give myself full rights in the SYSTEM usergroup i.e. have complete control of the machine.

That is assuming you are running Windows, if you are running UNIX I would look for things like the MySQL daemon, Apache [which as I have said is open source and not greatly secure], and any other open ports you may have to give myself access to the server.
__________________

__________________
Patrick Moore
Born London, Live London, Die London
As a Londoner, I exercise my God given Right to do as I please
AllThingsSacred is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 04:41 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0