Solved

How to hack my server

Posted on 2004-08-27
5
1,802 Views
Last Modified: 2008-01-09
To all,

I would like to try to hack our dev servers (they are a replication of our producution servers).  We have implemented several new layers of security including a Cisco Pix 501 firewall and IPTables.  But I am hoping somebody can shed some light on how I would go about trying to hack my own server to ensure they are secure.  We already do port scaning to ensure there aren't any extra open ports that aren't being used.  Are there applications that I can use for password hacking? etc.  Thanks for the help in advance.

Specs: (Three tier architecture)
RH 9.0
Apache 2.0.40
MySQL 4.0.2
Jrun4 w/ CFMX
0
Comment
Question by:chigs20
5 Comments
 
LVL 5

Accepted Solution

by:
Chireru earned 250 total points
Comment Utility
For every port that is open, check the version of the daemon that is holding the port open, and see if there are any unpatched exploits available for that daemon.  Bugtraq is a good place to start looking for the advisories.

Next, I would suggest logging into an anonymous or guest account, and see how many files you can delete, and what you can touch that you shouldn't be able to.  Also try this as a regular user.  See if you can get a copy of the /etc/shadow.  Check what processes are running, and see if there are any exploits for them.  Do a google search for "rootkit", see about downloading one and install it.. see if you can take over the box from a regular user.

As long as it's updated, the PIX can take most of the network-based attacks, all you have to look out for now is exploits, and guests and regular users doing things they shouldn't be doing (like installing rootkits).
0
 
LVL 17

Expert Comment

by:owensleftfoot
Comment Utility
Give nessus a go. http://www.nessus.org/
0
 
LVL 16

Expert Comment

by:xDamox
Comment Utility
The version of MySQL is vulnerble to a NULL password:

Vulnerable Systems:
 * MySQL version 4.1 up to but not including 4.1.3
 * MySQL version 5.0

Immune Systems:
 * MySQL version 4.1.3

The diff patch can only be used against the latest alpha version (5.0.0) of MySQL. In order to use it, follow the following steps:

 * Download and unpack the MySQL 5.0.0-alpha source
 * Patch the sql-common/client.c file:
    sql-common/ $ patch client.c mysql.authentication.bypass_client.c.diff
 * Configure and Make as usual

The resultant MySQL client binary can then be used normally but with one exception: The user can completely disregard the password and in fact can enter any password and it would not matter. The provided diff patch:
1941,1956c1941,1942
<   if (passwd[0])
<   {
<     if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
<     {
<       *end++= SCRAMBLE_LENGTH;
<       scramble(end, mysql->scramble, passwd);
<       end+= SCRAMBLE_LENGTH;
<     }
<     else
<     {
<       scramble_323(end, mysql->scramble, passwd);
<       end+= SCRAMBLE_LENGTH_323 + 1;
<     }
<   }
<   else
<     *end++= '\0';                               /* empty password */
---
>   sprintf(end,"\x14\x00");
>   end+=2;


also to check your security use a password crack on your own system see if it can crack them
0
 
LVL 9

Expert Comment

by:_GeG_
Comment Utility
just tell us your ip ;)
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 250 total points
Comment Utility
which kind of penetration test are you interested?
 a) host and/or network
 b) any application
 c) web application

for a) see nmap (or nessus), for b) nmap again and some specialized tools too, and for c) you need $$$$$
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now