Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security Breach practices.. 1

Status
Not open for further replies.
snootalope

snootalope

IS-IT--Management
Jun 28, 2001
1,706
US
Hi there,
My boss recently asked me to test our security the best I could. Well, my knowledge of hacking is about as good as my golf game.. ha ha Anyway, I've got alot of the tools like port scanners, IP scanners, and just the basic tools a hacker might use. I've done the port scaning on our firewall and servers and I know which ports are open..so I try using telnet to get through them..It looks like it goes in and then gets to flashing cursor where I can't see anything I type...I guess that is what it's suppose to do? Is that considered being hacked? I guess what I'm looking for is some kind of information to fully test the security my boss has got setup. I've searched the internet, but all I find is ways to prevent hacking, not testing the security's strength..any help would be greatly appreciated..
Scott "tis better to remain silent and be thought of as a fool..
then open your mouth and remove all doubt" Mark Twain

"I should of been a doctor.." Me
 
Sort by date Sort by votes

The first is a great scanner. Runs all sorts of port scans, but also launches actual attacks against vulnerabilites in applications (DNS servers, web servers, ftp....etc)

You can try to gain root/shell access on servers, DOS the server to crash it. You can do all sorts of nasty stuff with that...all in the good name of penetration/vulnerability testing of course!

Nmap is another great tool, that does standard port scanning, along with other various forms of port scanning. Nmap's documentation will help out a lot when learning good pen-testing techniques.

Best way to start would be to find out what it is you're scanning. Web server, Ftp server, Firewall....then check out the operating system of the server (using nmap's O switch)
Once that's done, find some exploits or vulnerabilites out there to see if you can get past your boss's security.

Let me know if this helps, and if you have any more questions, I'll be glad to help as much as I can.
[thumbsup2] ________________________________________
Check out
 
Upvote 0 Downvote
Wow.. thanks alot..the scanner i'm using now is NSCAN, and I know what it is exactly that I'm trying to get through, a firewall, a VPN controller, and get to a Windows 2000 server.. I'll check out your site's

Thanks again!
Scott "tis better to remain silent and be thought of as a fool..
then open your mouth and remove all doubt" Mark Twain

"I should of been a doctor.." Me
 
Upvote 0 Downvote
one more thing.. I just search the internet for vulnerabitlies with what I'm going into? Or I just search thier documentation? I thought you could gain access by any listening port.. lol this is gonna get interesting "tis better to remain silent and be thought of as a fool..
then open your mouth and remove all doubt" Mark Twain

"I should of been a doctor.." Me
 
Upvote 0 Downvote
Accessing things your not suoopsed to access can get pretty fun. As long as you're doing it with noble purposes....and with permission!

Search for vulnerabilites with . You'll find plenty.

Here's a good starting point for you. Microsoft's IIS server. It has a ton of vulnerabilites/exploits, and could be decent training ground.

Here's a great article from the SANS institute regardin IIS security, and some theory behind attacks:


Now, I'm sure its going to be great fun to mess with your boss, but make sure to be careful. (Hopefully this isn't a production server you're trying to crack) You can do a lot of damage, especially if you're not too sure what you're doing.

And most important! Remeber how you broke in....look for your entries in the logs of the firewall, webserver, and IDS. This will help later when trying to figure out if one of your servers has been compromised.

Check out its a great security site with some great people. Just refrain from asking "How do I hack?" or something like that.

Security is a lot of fun, and once you start digging deep, you'll find yourself learning more than you thought you would.

Good luck! ________________________________________
Check out
 
Upvote 0 Downvote
Great Info!

We pretty much just have a "test" environment right now so if I do damage something that's ok...just more to trace I guess... My problem is that I have to go througha Nortel Baystack firewall..and I can't see anything in the logs from what I've done already.. I've done port scans and the telnetting into listening ports.. I guess I just keep trying huh.. Is it possible to get through a filtered firewall like that? "tis better to remain silent and be thought of as a fool..
then open your mouth and remove all doubt" Mark Twain

"I should of been a doctor.." Me
 
Upvote 0 Downvote
It all depends on what you're trying to access. Firewalls are there to block all access except a few ports that the end users needs open. Most attacks are not made on the firewall, but on servers sitting behind the firewall.

For example....You have a firewall. Behind the firewall you have a webserver. In order for people to access this webserver the firewall needs to open port 80. Therefore an attacker could send http requests through port 80, and the firewall wouldn't do a thing to stop them*. These attacks are centered on the exploits found on the webserver. If these vulnerabilites are not patched on the webserver, then the webserver may be compromised.

*-some firewalls have modules built-in that try to detect such attacks (ie Checkpoint FW-1's HTTP security server module)

Here's a penetration testing tip for you. Most companies have a range of IP addresses. What you normally do is scan the entire range of IP addresses for that company (using nmap for example). Then you'll have a list of every server thats available, and which ports are open on that server. You can then identify which server is which....if a server has port 80 open, for example, then you might assume that it is a webserver. You can then try to probe that server using nessus and find out what operating system, and with luck what webserver application its running. Then you would launch "attacks" against that server based of the intel you gathered.

Now if you do a scan on a machine, and some ports are open that you don't recognize, then use . You'll be able to find out what the port is for in a matter of minutes.....usually.

More than half of penetration testing is simply gathering as much info as you can about the subject network.

I can really explain all day, but most of this knowledge comes from playing with the various apps, practicing, and studying....yeah studying (bleh!)

Here's a great book! Its got alot of the fundamentals you'll need. Don't be overwhelmed by the size of the book. You can read bits and pieces at a time. Most chapters are all pretty much self-contained, and you can (for the most part) jump around in the book if you need to. If you're at all serious about getting into security, or even if you just want to feed your brain a bit check it out.


Ok enough ranting for me!
[thumbsup2] ________________________________________
Check out
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

gbayi_omo
  • Locked
  • Question
Cisco ASA 5505 not allowing access to highest security zone
Replies
0
Views
122
gbayi_omo
gbayi_omo
abhi21
  • Locked
  • Question
Interesting article on Cyber Security
Replies
0
Views
119
abhi21
abhi21
jfp23
  • Locked
  • Question
Site to Site VPN Security
Replies
2
Views
150
PScottC
PScottC
cisco222
  • Locked
  • Question
CCNA security exam
Replies
0
Views
110
cisco222
cisco222
Architeqt
  • Locked
  • News
Boston Bombers and todays security infrastructure
Replies
0
Views
103
Architeqt
Architeqt

Part and Inventory Search

Sponsor

Back
Top