Results 1 to 5 of 5

Thread: Server security

  1. #1
    Just burned his ISO
    Join Date
    Mar 2009
    Posts
    2

    Default Server security

    I have a World of Warcraft private server at home, but I want to test it's security, because i have some ports open. How do i do this with bt3? with medusa or hydra and how do they work? I tested them but with no results, it just always says success, while I typed in a wrong password. Can someone give me a good link to a good tutorial about one of those 2 programs?

  2. #2
    Member imported_onryo's Avatar
    Join Date
    Apr 2009
    Posts
    109

    Default

    I would use nessus. You can get a free license for home use. I like it more then SAINT. Tenable Network Security . I had a "sloppy" L2 server and it got pwned. Careful with your WoW server.

    onryo
    Let me explain officer, I am not a hacker. I am a security tester of sorts!

  3. #3
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by whoopa7 View Post
    I have a World of Warcraft private server at home, but I want to test it's security, because i have some ports open. How do i do this with bt3? with medusa or hydra and how do they work? I tested them but with no results, it just always says success, while I typed in a wrong password. Can someone give me a good link to a good tutorial about one of those 2 programs?
    If this is a simple windows based server then use the MBSA from Microsoft as well as a program like tcp-view both are free to use and very simple.
    This would probably be much easier and faster for you than trying to install and configure a pentest distro and then try and use it with little or know experience.
    If on the other hand you have a nix box and or the desire then start reading here on BT3 or 4 beta.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #4
    Member
    Join Date
    Dec 2007
    Location
    @InterN0T
    Posts
    315

    Default

    Well this is not the only one way to check if the server is secured. To be honest you can't
    really know for sure your server is secure, because most of the developers of the private WoW
    servers does NOT have a secure coding lifetime / period included at all in their projects
    as far as i have seen. If you want to be sure that the server is safe too, i suggest
    that you get someone to audit the code and perhaps fuzz it as well.

    One general recommendation: Only have the ports open you really NEED to have open.
    [quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]

  5. #5
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    One request, don't ask for someone to do it for you on here. We can not verify that it is really your server.

    MaXe Legend's suggestion is quite good to audit the code and fuzz it.

    Depending on how secure you want it to be, you should consider setting up an IDS and other security measures.
    Tiocfaidh ár lá

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •