Page 2 of 7 FirstFirst 1234 ... LastLast
Results 11 to 20 of 69

Thread: Hack me.

  1. #11
    Join Date
    Mar 2008
    Beans
    1,755

    Re: Hack me.

    Is your IP static? The address given isn't even up ATM as I can't even ping it.

  2. #12
    Join Date
    Aug 2005
    Location
    Boston, MA
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Hack me.

    My initial scan shows this...

    nmap -PN 83.95.212.118

    Starting Nmap 4.60 ( http://nmap.org ) at 2008-05-21 16:16 EDT
    Interesting ports on 0x535fd476.arcnxx18.adsl-dhcp.tele.dk (83.95.212.118):
    Not shown: 1714 filtered ports
    PORT STATE SERVICE
    5190/tcp open aol

  3. #13
    Join Date
    Aug 2005
    Location
    Boston, MA
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Hack me.

    My follow up scan shows this...

    nmap -PN -p 1-65535 83.95.212.118

    Starting Nmap 4.60 ( http://nmap.org ) at 2008-05-21 16:23 EDT
    Interesting ports on 0x535fd476.arcnxx18.adsl-dhcp.tele.dk (83.95.212.118):
    Not shown: 65439 filtered ports, 93 closed ports
    PORT STATE SERVICE
    4443/tcp open unknown
    5190/tcp open aol
    5566/tcp open unknown

  4. #14
    Join Date
    Dec 2004
    Location
    Maine, USA
    Beans
    227
    Distro
    Ubuntu

    Re: Hack me.

    All this talk about routers and services running... I think the only reasonable request would be to replicate the scenario from that article. Since the article didn't give many details that will be hard. It did mention, however, that on the first day the hackers were working against just the base system and could not rely on user actions. Later on in the contest additional software was installed and user actions were allowed.
    Nathan Sprangers

  5. #15
    Join Date
    Nov 2005
    Location
    South Yorkshire, UK
    Beans
    238
    Distro
    Xubuntu 10.04 Lucid Lynx

    Re: Hack me.

    I think your test is a good one. A typical usage scenario doesn't involve running services. Joe Bloggs has never heard of apache, ssh etc.

    I vote you don't open services. If anyone here is worth their weight as a hacker they shouldn't need it making easy for them.

  6. #16
    Join Date
    Nov 2006
    Location
    40.31996,-80.607213
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Hack me.

    Quote Originally Posted by yaztromo
    I vote you don't open services. If anyone here is worth their weight as a hacker they shouldn't need it making easy for them.
    Pardon me. I am a hacker, but without an access, there is no hacking. In order to hack the box, the system must be accessible via the internet. Without running any services or having any ports open, this system is not accessible.

    Basically to hack the system, you must find a flaw in the service that is running, or bruteforce your way in. Either way, there must be a service. Without it, it is like walking around the courtyard of a castle that has no gate.
    Last edited by Dr Small; May 21st, 2008 at 08:37 PM.
    "Security lies within the user of who runs the system. Think smart, live safe." - Dr Small
    Linux User #441960 | Wiki: DrSmall

  7. #17
    Join Date
    Jan 2008
    Beans
    204
    Distro
    Hardy Heron (Ubuntu Development)

    Re: Hack me.

    Quote Originally Posted by Dr Small View Post
    Pardon me. I am a hacker, but without an access, there is no hacking. In order to hack the box, the system must be accessible via the internet. Without running any services or having any ports open, this system is not accessible.

    Basically to hack the system, you must find a flaw in the service that is running, or bruteforce your way in. Either way, there must be a service. Without it, it is like walking around the courtyard of a castle that has no gate.
    Yea, I'm a software developer for a living, and I think lots of people watch movies like "Hackers" or watch stuff about "crackers" on 60 minutes and see blacked-out silhouette shady characters talking about their "leet exploits"

    If there's no ports open (which I believe is the case of a default Ubuntu install), you're not getting in. Don't you think if it were that easy to get in that no one would be running Ubuntu??

    I mean heck, if there were a "hacker" good enough to break into a default Ubuntu install why wouldn't he just write a script that would break into everyone's Ubuntu's install? If it were possible, it'd be widespread.

    install some services, leave some ports open, make it fun

  8. #18
    Join Date
    Nov 2005
    Location
    South Yorkshire, UK
    Beans
    238
    Distro
    Xubuntu 10.04 Lucid Lynx

    Re: Hack me.

    Okay, of course I don't view hackers as shady shilouetts similar to some Fox News articles I've seen. I also realise that running services gives a determined hacker a lot more chance to find a flaw.

    If there's no ports open (which I believe is the case of a default Ubuntu install), you're not getting in.
    I agree that open ports are the way in for hackers 99.9% of the time, I don't think anyone would dispute that.

    My feeling is that having no open ports is not like having a room with no doors. Packets are still coming in to the system and the kernel has to look at them in some way, even if to just determine there is no service on the requested port. Since a directly connected machine will examine all data before disregarding it I still feel there are many things a skilled hacker can do to try and trip up a system with no services running.

  9. #19
    Join Date
    Nov 2006
    Location
    40.31996,-80.607213
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Hack me.

    There is ARP poisoning (which 2point0 knows more about than I do) and XSS. Both, I thought had to be done on the network end. Unless a port is open and a service is listening on it, an attacker can not get in, as far as I know.

    Opening a port does not only increase the chance, but makes it possible to exploit or bruteforce. Otherwise, I don't think it is possible.
    "Security lies within the user of who runs the system. Think smart, live safe." - Dr Small
    Linux User #441960 | Wiki: DrSmall

  10. #20
    Join Date
    Oct 2007
    Location
    FL
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Hack me.

    Quote Originally Posted by kaffemonster View Post
    ...I'm trying to do a common, end-user setup scenario.
    Everyone's asking for you to open up a port or run a service that might give them a vulnerability to exploit. But then I read that no end user has ever heard of apache, or ssh. Being as I know nothing of such things myself, my question is what would a typical end-user do to open up a whole to be exploited? If there is something, then doing that to your machine would really make this a real-world test. Wouldn't it ??
    "The irony being that I'm eating booby breast" - Les Stroud, Survivorman

Page 2 of 7 FirstFirst 1234 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •