[Webinar] Streamline your web hosting managementRegister Today

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1849
  • Last Modified:

How to hack my server

To all,

I would like to try to hack our dev servers (they are a replication of our producution servers).  We have implemented several new layers of security including a Cisco Pix 501 firewall and IPTables.  But I am hoping somebody can shed some light on how I would go about trying to hack my own server to ensure they are secure.  We already do port scaning to ensure there aren't any extra open ports that aren't being used.  Are there applications that I can use for password hacking? etc.  Thanks for the help in advance.

Specs: (Three tier architecture)
RH 9.0
Apache 2.0.40
MySQL 4.0.2
Jrun4 w/ CFMX
2 Solutions
For every port that is open, check the version of the daemon that is holding the port open, and see if there are any unpatched exploits available for that daemon.  Bugtraq is a good place to start looking for the advisories.

Next, I would suggest logging into an anonymous or guest account, and see how many files you can delete, and what you can touch that you shouldn't be able to.  Also try this as a regular user.  See if you can get a copy of the /etc/shadow.  Check what processes are running, and see if there are any exploits for them.  Do a google search for "rootkit", see about downloading one and install it.. see if you can take over the box from a regular user.

As long as it's updated, the PIX can take most of the network-based attacks, all you have to look out for now is exploits, and guests and regular users doing things they shouldn't be doing (like installing rootkits).
Give nessus a go. http://www.nessus.org/
The version of MySQL is vulnerble to a NULL password:

Vulnerable Systems:
 * MySQL version 4.1 up to but not including 4.1.3
 * MySQL version 5.0

Immune Systems:
 * MySQL version 4.1.3

The diff patch can only be used against the latest alpha version (5.0.0) of MySQL. In order to use it, follow the following steps:

 * Download and unpack the MySQL 5.0.0-alpha source
 * Patch the sql-common/client.c file:
    sql-common/ $ patch client.c mysql.authentication.bypass_client.c.diff
 * Configure and Make as usual

The resultant MySQL client binary can then be used normally but with one exception: The user can completely disregard the password and in fact can enter any password and it would not matter. The provided diff patch:
<   if (passwd[0])
<   {
<     if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
<     {
<       *end++= SCRAMBLE_LENGTH;
<       scramble(end, mysql->scramble, passwd);
<       end+= SCRAMBLE_LENGTH;
<     }
<     else
<     {
<       scramble_323(end, mysql->scramble, passwd);
<       end+= SCRAMBLE_LENGTH_323 + 1;
<     }
<   }
<   else
<     *end++= '\0';                               /* empty password */
>   sprintf(end,"\x14\x00");
>   end+=2;

also to check your security use a password crack on your own system see if it can crack them
just tell us your ip ;)
which kind of penetration test are you interested?
 a) host and/or network
 b) any application
 c) web application

for a) see nmap (or nessus), for b) nmap again and some specialized tools too, and for c) you need $$$$$

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now