[Challenge] Testing the security of a server.

**SirPuffy** · 06-05-2008, 01:59 PM

Hi everybody,

I have to setup for my job a very secure public server, containing important and secret informations that only few people will be able to access from different places.

But, before using it in production, I need you to make real security tests and try all the things you want to penetrate/break my system.

There is multiple goals :

- See if my firewall configuration is good.
- Test if my IDS are correctly configured.
- Be sure that I can use my server in production without any fears.

Finally, the server is at this time at home. You can reach it at this address :

REMOVED

Enjoy

**BlackRS** · 06-05-2008, 02:16 PM

Originally Posted by SirPuffy

containing important and secret informations

I hope none of that info is on there yet.

**SirPuffy** · 06-05-2008, 02:18 PM

Originally Posted by BlackRS

I hope none of that info is on there yet.

Of course not

**BlackRS** · 06-05-2008, 02:19 PM

Sorry, had to ask.

**SirPuffy** · 06-05-2008, 02:44 PM

For information, the french backtrack community is trying since one week without any results.

**williamc** · 06-05-2008, 03:07 PM

A public server with "secret documents" and this many ports open? Honeypot maybe, but not a secure server.

Starting Nmap 4.20 ( http://insecure.org ) at 2008-06-05 15:26 EDT
Interesting ports on REMOVED:
Not shown: 1659 filtered ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
61/tcp open ni-mail
80/tcp open http
110/tcp open pop3
119/tcp open nntp
124/tcp open ansatrader
129/tcp open pwdgen
132/tcp open cisco-sys
143/tcp open imap
190/tcp open gacp
199/tcp open smux
202/tcp open at-nbp
270/tcp open unknown
365/tcp open dtk
369/tcp open rpc2portmap
409/tcp open prm-nm
412/tcp open synoptics-trap
415/tcp open bnet
462/tcp open datasurfsrvsec
469/tcp open rcp
475/tcp open tcpnethaspsrv
490/tcp open micom-pfs
513/tcp open login
514/tcp open shell
533/tcp open netwall
548/tcp open afpovertcp
599/tcp open acp
651/tcp open unknown
671/tcp open unknown
688/tcp open unknown
708/tcp open unknown
764/tcp open omserv
838/tcp open unknown
913/tcp open unknown
920/tcp open unknown
936/tcp open unknown
942/tcp open unknown

**Little_Dice** · 06-05-2008, 03:42 PM

lol agreed.

**SirPuffy** · 06-05-2008, 03:46 PM

*sigh*

Please, I need interesting answers. If you don't know how to use a portscanner or if you don't think about why you see these results don't post.

**BlackRS** · 06-05-2008, 04:16 PM

You should think about the fact that more open ports you have the less secure you will be. Are all those ports in use?

**williamc** · 06-05-2008, 04:42 PM

Well, I don't know why you would advertise yourself when you should be limiting your exposure. I mean, you broadcast 50 ports being open, obviously someone can figure out that 22 and 80 are probably legitimate.
Port 80:

You allow directory browsing and disclose that your using Apache. Port 22 comes back with a consistent login prompt. I'd hit both your HTTP and SSH logins with Hydra until it cracked. Also, why arent you using SSL?

William

BackTrack Linux - Penetration Testing Distribution

Thread: [Challenge] Testing the security of a server.

Thread Tools

Search Thread

Display

[Challenge] Testing the security of a server.

Posting Permissions