Security Basics mailing list archives

Re: Intro To Hacking

From: VHP3 <vhp3 () cox net>
Date: Sun, 17 Oct 2004 19:05:43 -0500

Hi,
I have built a web server and I would like to practice hacking itremotely. Are there any tutorials or a good introductory book thattakes one step by step through the process of 'owning' an unsecured box?

Ummm... yeah, kinda... But may I ask, first, what this is for?Work? Play? Class?

Here are the stats:

  FreeBSD 4.10 (not updated for about a month)
    Default security profile
  Apache 2
    PHP 4.3.8
    No SSI
  No firewall
  On a university network

The fact that it is on a university network may cause you someproblems. Penetration testing, essentially what you are doing...legal"hacking", usually involves getting permission from the /owner/, not thesysadmin, of the box. Aside from that fact, your attack traffic will beflowing across the university network, so I'm sure that there are morethan just a few people in the NOC (network operations center...or theequivilent there of) who wouldn't appreciate this too much. Treadlightly. Depending on the circumstances, I can think of about twooutcomes this could have if you don't cover all of your bases (and I domean /all/) and neither is terribly pleasant.


Vince

_jason

Current thread:

Intro To Hacking Jason Dusek (Oct 15)
- Re: Intro To Hacking Miles Stevenson (Oct 18)
  - Re: Intro To Hacking Jonathan Loh (Oct 19)
    - Re: Intro To Hacking Miles Stevenson (Oct 19)
- Re: Intro To Hacking VHP3 (Oct 18)
  - Re: Intro To Hacking Greg Tracy (Oct 18)
    - Re: Intro To Hacking Barrie Dempster (Oct 19)
  - Re: Intro To Hacking Micheal Espinola Jr (Oct 18)
- Re: Intro To Hacking Jon Lawhead (Oct 18)
  - Re: Intro To Hacking xyberpix (Oct 20)
- Re: Intro To Hacking Andrew Smith (Oct 18)
  - Re: Intro To Hacking Jason Dusek (Oct 18)
    - Re: Intro To Hacking Andrew Smith (Oct 18)
    - Re[2]: Intro To Hacking Jeffrey S. Sims (Oct 20)
- RE: Intro To Hacking David Gillett (Oct 18)

(Thread continues...)