Windows 2003 exploits

[r-m-w]

Hello all,

I am currently taking part in a university coursework where we have a network lab which is shut off from the rest of the world in which we all have windows 2003 servers (running an http server, ftp server and ssh) which we have all attempted to lock down and now have a couple of weeks to see if we can exploit anybody elses servers. I have attempted to use some of the 2003 exploits but to no avail.

What appears to be the most likely successful attack is one of the browser exploits as users often go to a webpage on our server. I tried a few and went to the webpage where the exploit is to test it and i got the random characters in the webpage and metasploit said it was trying to send the exploit but it was trying to do it to the default gateway rather than the machine connected with the browser.

Anyway - just wondering if anyone knew what i could do to make that work or if they have any ideas of exploits that may work. Ports people have open are: 80, 21, 22. some also have all or some of 445, 139, 135.

All ideas welcome!

[purehate]

The problem is since we have no way of knowing if you are telling the truth most of the people on this forum will probably hesitate to help you. It may shock you to know that people often misrepresent themselves on the inturnet in order to facilitate malicious behavior.

[streaker69]

The problem is since we have no way of knowing if you are telling the truth most of the people on this forum will probably hesitate to help you. It may shock you to know that people often misrepresent themselves on the inturnet in order to facilitate malicious behavior.

It's amazing how all these 'assignments' are to infiltrate a Windows box, but never a Linux box. Do you find that odd as well?

[purehate]

And the even weirder part is that I am a college student with networking and security as my major in my third year and I have yet to get a " assignment " like this. All of school work includes learning programing, learning about tcp/ip standards and protocol, structured cabling and securing cisco systems. Not one of these classes or any other has just offered me up a box and said "Okay try to exploit this" so I rarely believe the story. Now I have done some interesting "hacks" for school stuff but only when we were allowed to choose a project in a wide field to present on, Like my router project. It seems to me anyway that all these people in "penetration testing" school better learn how to be network admins if they want a job because the field of penetration testing is not huge. Although it sounds glamorous to galavant all around the world hacking people, the more realistic approach in my humble opinion would be the to use the fact that you were experienced in penn testing as a selling point when applying for a network admin job which could effectively save the company money by not having to hire a outside source.

[r-m-w]

Ok, i shall attempt to help you believe me: (sorry about the way i have written the links - i have not got enough posts to submit them apparently)

I am a student at the University of Nottingham (England)
I am a third year student taking a module G53SEC: winster.nottingham.ac.uk/modulecatalogue/asp/moduledetails.asp?crs_id=018176&year_id=000107

This is the module website: cs.nott.ac.uk/~jqf/G53SEC/
and the coursework description: cs.nott.ac.uk/~jqf/G53SEC/G53SEC_Coursework.pdf

There are infact some linux servers as some people have chosen to reinstall as linux boxes, but the majority are windows. Any advice you can give for exploits on centOS and Ubuntu would also be appreciated!

I hope this helps you believe that i am genuine!

[purehate]

Which leads me into my next point. If in fact you are telling the truth then we should not be spoonfeeding you a exploit. The purpose of school is to learn how to do the hardest and most boring part of penetration testing which is recon. In my short time in the field I have learned that the actual execution of the exploit is only a wee tiny part which falls at the end of day or maybe weeks of prep work.

So heres what I suggest.....

1. Ports and services

2.Understanding tcp/ip

3.Milw0rm papers

4. Vulnerability database

5. nmap

That should get you started although you should know all of that stuff if you are a third year student.

[r-m-w]

I am not sure why you feel the need to be as frosty as you are being. Maybe for you picking up and understanding security was easy, fine, i have no problem with that, but when people are just asking for a bit of help it seems to me to be a little rude to be so frosty, especially when they have gone to some effort to try and back up their claims.

Simply all i am asking for if there are any areas which you may think would be a good test for the servers - i appreciate people not wishing to just let anyone know of expliots as indeed you are right about people misrepresenting themselves on the internet. A bit of common courtesty would go a long way though.

[thorin]

Ok, i shall attempt to help you believe me: (sorry about the way i have written the links - i have not got enough posts to submit them apparently)

I am a student at the University of Nottingham (England)
I am a third year student taking a module G53SEC: winster.nottingham.ac.uk/modulecatalogue/asp/moduledetails.asp?crs_id=018176&year_id=000107

This is the module website: cs.nott.ac.uk/~jqf/G53SEC/
and the coursework description: cs.nott.ac.uk/~jqf/G53SEC/G53SEC_Coursework.pdf

There are infact some linux servers as some people have chosen to reinstall as linux boxes, but the majority are windows. Any advice you can give for exploits on centOS and Ubuntu would also be appreciated!

I hope this helps you believe that i am genuine!

Wow imagine that the "course" or "program" website is hosted within a user directory:
http://cs.nott.ac.uk/~jqf/

I am a student at the University of Nottingham located within the ASAP group. Currently I am undertaking a PhD in Computer Security and Artificial Immune Systems under the supervision of Dr. Uwe Aickelin.

My research topic is biologically inspired Computer Security. In particular I am interested in the application of novel immunological ideas to anomaly detection.

Wow the "official" course description is nothing like that listed in the PDF you linked.....strange
http://www.nottingham.ac.uk/computer...ge_var=mod_det

[thorin]

I am not sure why you feel the need to be as frosty as you are being. Maybe for you picking up and understanding security was easy, fine, i have no problem with that, but when people are just asking for a bit of help it seems to me to be a little rude to be so frosty,

How was he rude? He specifically provided links to information you should put to use. How horrible of him.

especially when they have gone to some effort to try and back up their claims.

Wow, wanna see me setup a site that says I'm the king of the world? I'll even print a PDF and include it for you.

Yes we have no reason not to believe you (well actually we do based on history etc but we'll ignore that fact for now), even more important is the FACT that we have no reason to believe you.

Simply all i am asking for if there are any areas which you may think would be a good test for the servers -

Yes there are areas which I think would be a good test for the servers.

[purehate]

Frosty Huh! Well you haven't even documented what you have tried. As far as I'm concerned this is the same old social engineering I get every day. I would be happy to help you with a specific question.

Example of a specific question: Hi kind sirs, I have determined that my target is running windows server 2003 with ftp,ssh and http enabled. I have tried this, this and this and for some reason the are all failing. I have researched the error messages and come up with this, this and this. Do you all have anything to add.

Tip of day: metasploit exploits are generally proof of concept. Most of the time a vulnerability has been patched but the time it makes it into metasploits database. You should check some sites like milw0rm for more up to date exploits.