Any good Hackers here?

Status
Not open for further replies.
R

Rhythmnsmoke

Solid State Member
Messages
15
I asked because I work for this company and we setup a dummy website to simulate a honey pot. It's hard to get anyone to hit it, because it doesn't have some big top notch info on it or anything. So, I was wondering if anyone wanted to try and see if they can get anything out of it. Kinda like a "crack it if you can" challenge.
 
same as...
sounds like a giggle.

First,

as a way to check that this is legitimate I want you to post the address of the site.
then I want an email from the technical admin of the site (as looked up in whois) to be delivered to my email address (PM me for details).

assuming the delivery server address in the email headers matches the mail records and such for the site where the email claims to come from (I.e you don't try to send me a spoofed mail).

I'll let everyone know whether this challenge is legit or not.

Let me know if you need clarification to this process.

unfortunately, we won't be able to discuss the hacks used openly, because the on site advertisers have previously pulled adverts when we've talked about hacking, so we've sanitized any nefarious activity from the site.
 
No, not a giggle. I'm legit. The IP of the machine that we are hosting the dummy site on is 69.128.136.20. That is the IP of the machine. The company I work for is Black Lab Security. You can confirm this by sending me an email to tvoorhies@blacklabsecurity.com, and I will reply back with my s/n on this forum to let you know that I am indeed the same person. Should that suffice?

If someone can successfully penetrate the system and deposit code or whatever to bring it down, I would like to open a personal dialog with him/her for research purposes. As our chief programmer can pretty much program anything he wants to control the MS OS and kill/thwart attacks. I'm looking for attacks that we have not tried in house or have never seen before. So, if you believe you have a few tricks that are generally sucessful, I would like for someone to try them for me.

I have tried the 5 most popular Network hacking tools thus far to no avail.

Am I allowed to list the hacking tools that we have tried against our own system and defeated them, or is that against the forum rules?


By the way, this isn't your typical IDS, Anti-virus, or any other Bullcrap that people by in the store....lol.
 
^^No problem.

Also, to verify the box is there, you can input that IP address I provided into your browser and it will come up with the dummy website. It's a coffee shop dummy website, so it's not a big deal if anyone is able to do anything. Just want to open personal dialog with you if you can, so I too can learn new techniques for testing purposes.
 
I'll post in the staff lounge and ask other mods to have a look at this, assuming this is a discussion about how to secure against attacks, (which would have to mention tools that could be used for hacking) personal I don't see the problem.

David may have other ideas.

TBH, given that blacklab security is on an entirely different network to the site that you're asking us to look at,
there are no details on the site to link it back to yourself and it's got a well known test site on the site, no other defining features or anything so that we actually know it's yours...

I'm not entierly convinced that it's your box...

assuming it's yours you'll have full access to it?

put your black lab security logo (the big b with a dog in it) on a page on that box and then link it here, that'll confirm to all of us that it's actually your box, no questions asked.


then the fun can begin.
 
^^ I assure you that it's our box. I am a Jr. Network Engineer at Black Lab Security. My boss setup the dummy site and it's just a simple coffee shop site. Is it really necessary for me to work through all these credentials before you attempt to attack it? :eek: Monday morning, I will go to the machine, and see if I can put an image on the dummy site with our logo. But I'll take it back off, so I need you to have a time frame into which you would like for me to do this. I'm on CST (TN). Black Lab has a Maryland facility, but our lab is based out of Nashville, TN. So, pick the time frame, and I will try and put the image somewhere. However, there are no website development tools on the dummy box, so I will see what I can do to edit the page or anything.

If I am unable to add the image, what other method would you suggest? I have already offered my email addy to Black Lab, but no one has sent any messages thus far.

Another way you could look at it is, if the site was NOT ours, and I asked you to hit it, and you penetrated it (being someone elses site), that would jepordize my job, as you could point the finger right at me and our company because I lead you to believe the site was ours, and I was running this test for research purposes. Trust me, I LOVE my job. It's our site...lol. Again, you can confirm I work for Black Lab by emailing me at tVoorhies@blacklabsecurity.com I will reply back to let you know I am legit. And no, I am not that good of a hacker to spoof a "security" companies email and add myself to the list, so I can fool people into hacking into someone elses website...:p
 
And to explain the Network segment differences between the actual Black lab site, is because the actual website for Black Lab Security is Outsourced/Hosted by an actual company that deals with setting up servers for Commerical businesses. The dummy coffee site is just a box we through up here in the lab and dumped it on the internet with only just our software running on it. There are no, I repeat no other supporting security software (Anti-virus, IDS's...etc..) on this box.
 
What exactly are you testing for? A simple nmap scan should show up certain vulnerabilities, particularly if you are using an older version of Microsoft IIS or an older version of Apache [which, I might add, is archaic and dangerously insecure in some cases].

I would personally be doing some of the following; a port-scan for vulnerabilities, then use some tool like plink to open an SSH tunnel into your machine, perform a privilege escalation exploit and give myself full rights in the SYSTEM usergroup i.e. have complete control of the machine.

That is assuming you are running Windows, if you are running UNIX I would look for things like the MySQL daemon, Apache [which as I have said is open source and not greatly secure], and any other open ports you may have to give myself access to the server.
 
Status
Not open for further replies.

Similar threads

A
Any Advices for New Software Development Company?
Replies
0
Views
522
angelkrider2001@gmai
A
R
any dell XPS buffs here?
Replies
5
Views
2K
raverx3m
R
B
Multiple Seagate External Drives Not Working(Windows+Mac)
Replies
2
Views
398
Joe C
Joe C
S
Would it benefit me joining Discord chat groups?
Replies
0
Views
859
Scissorman
S
P
VMware vs Hyper V
Replies
8
Views
1K
zahra batool
Z
Back
Top Bottom