Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: hack windows server?

Hybrid View

  1. #1
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default hack windows server?

    hi guys,

    what is the best way to hack a windows server?

    its on my network i can also remote desktop to it but cant login as do not know the password

    how can i gain access to this server?

    is there someway to get the password to login through remote desktop

    i am using backtrack bt4 beta

    hope you can help

  2. #2
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Quote Originally Posted by roonie View Post

    its on my network i can also remote desktop to it but cant login as do not know the password
    Did you forget the password?

  3. #3
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default

    no it is in a lab enviroment and has been set as a challenge

    but i have no idea where to start

  4. #4
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Can you elaborate a little more?

    What is the challenge? Where did you get it from? Who gave it to you? What are the instructions/rules/requirements?

    Everyone is going to be skeptical when a question like this is asked, as usually these type of questions have some illegal or malicious purpose. You mention that this is in a virtual lab on your network, so you ought to be able to give me a little more info.

  5. #5
    Junior Member
    Join Date
    Jun 2009
    Posts
    47

    Default

    i work in a computer shop repairing computers, i have recently been getting interested in backtrack

    so in work we have set up 3 pcs 2 running xp pro and 1 running windows server 2000 so we can pratice and i wouldn't matter if we messed the machine up

    so as a challenge my boss said to me and my co worker the first one to gain access to the server will get a bounus at the end of the month

  6. #6
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    You could start off with some enumeration. Use programs like nmap to find out what available ports are open. You can use netcat to banner grab information from specific ports as well. Match the programs you enumerate to exploits in metasploit as well as milw0rm. A neat feature with metasploit is the meterpreter shell which will allow you to hash dump the passwords (this is just one of many ways).

    That should give you some ideas to start off. There are tons and tons of other ways to do this, some more efficient. Rather give you some ideas than spoil it for you.

    edit: If there aren't available applications to exploit on the server, look into exploiting the operating system... Check Google.

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by roonie View Post
    hi guys,

    what is the best way to hack a windows server?
    Answering this would require a definition for "best" and for "hack". Do you consider best to be fastest? Easiest? Most stealthy? Do you consider a "hack" to be information disclosure? Remote access? Privilege escalation? Code execution?

    its on my network i can also remote desktop to it but cant login as do not know the password
    If you have physical access you can set the administrator password.

    how can i gain access to this server?
    It's on your network, there are multiple means by which you could access it. Not the least of which is to walk over and login like a normal user.

    is there someway to get the password to login through remote desktop
    You could likely bruteforce it, though being able to do so would point to an obvious flaw in your password policy. Again you have physical access so why bother with remote desktop?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #8
    Junior Member
    Join Date
    Jul 2009
    Posts
    52

    Default

    Quote Originally Posted by thorin View Post
    You could likely bruteforce it, though being able to do so would point to an obvious flaw in your password policy. Again you have physical access so why bother with remote desktop?
    Not only that, but with physical access just boot off of a livecd that contains password recovery tools, wipe the admin pass then give it one of your own. Challenge done.

    You can send me half your bonus since I gave you the clue in to using password recovery tools thanks....

    JT

  9. #9
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Spoonfeeder!
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  10. #10
    Junior Member
    Join Date
    Jul 2009
    Posts
    52

    Default

    Damn Thorin.. you just spoiled the waters of my fishing trip!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •