Hey all ... Well I have a really strange questions to ask ... I'm a university student taking a Network Security course, and I have an upcoming lab in which our class would be split up into groups and would be issued ubuntu or Windows XP Service Pack 1 computers, and our task would be to exploit vulnerabilities in each others systems .. I know that the systems that would be given to us would have Ubuntu 7.10 or Windows XP Service Pack 1 installed on them .. although it would be just a bare OS install (i.e. no additional security patches are applied) .. any mods we need to apply to harden the system would be up to us .. So basically what I'm asking is for a list of ubuntu/Windows XP exploits which I can practice before the lab ...
I have come across one website which archives exploits, but all the exploits I've seen there assume something about the victim OS ... e.g. the user needs to open some webpage to start the exploit, or it needs to open a site which is set as Trusted, or it needs to have some specific programs installed, etc ... We can't do this as the victim computers won't be under our physical control ... The only thing we know for sure will be running on all systems are the following services (this is part of the rules for this lab, that the following services need to run on all systems .. teams cannot stop these services to avoid getting compromised):
SMTP (*) 25
MySql (**) 3306
So basically I am in need of exploits which exploit vulnerabilities in any one of the above services ..
Thanks in advance ...
(here's to hoping that none of my class mates are reading this ) .. :P