NEED advice on a hacking project
I take a Computer Engineering class in my highschool, and our awesome teacher has given us an awesome networking security project.
The goal is to hack into our classmate's computers and extract a file out of their "My Documents" folder, through a simple small network, using "any means necessary", aka: we have permission to use password hackers, firewall blockers, worms, viruses et era (as long as we dont break the hardware).
I would GREATLY appreciate advice and opinions on the best way to go about this intrusion and extraction, such as method and software recommendations.
bryslayz
p.s.
i am going to install COMODOS firewall on my computer to help evade my classmates, good idea bad idea? (i am also using avast AV, we arent allowed to use AVG)
The goal is to hack into our classmate's computers and extract a file out of their "My Documents" folder, through a simple small network, using "any means necessary", aka: we have permission to use password hackers, firewall blockers, worms, viruses et era (as long as we dont break the hardware).
I would GREATLY appreciate advice and opinions on the best way to go about this intrusion and extraction, such as method and software recommendations.
bryslayz
p.s.
i am going to install COMODOS firewall on my computer to help evade my classmates, good idea bad idea? (i am also using avast AV, we arent allowed to use AVG)
Tags: comodos, documents, firewall, hack, my, noob, school, security
Replies to This Discussion
-
Permalink Reply by Griff on -
I would suggest using the latest windows version of metasploit and I would recommend checking out some videos on miliworm.
-
Permalink Reply by Jonah Hex on -
I have spend endless hours playing with metasploit. There are a lot of exploits to work through, and the most relevant ones (DCOM etc) will surelly not work on M$ box that's patched above XP SP1...unless you are running Win95.
-
Permalink Reply by Jonas on -
I would say the first thing is to gather information about the system. That one is kind of obvious.
So do a portscan,OS scan and so on if you haven't already and work from there.
Good luck, and i just wish our school was like this.
I mean the school network here isn't even safe...
-
Permalink Reply by CorryL on -
Sorry but we can not make an assessment at random so we must see what the server assembled in a way that is protected, there are thousands of programs, but many times not serve, even nonsense allows you access to a server sometimes we need to combine different systems of the pentest intrusion is a very vast and mostly serves a lot of experience and cleverly, it can be done at random
-
Permalink Reply by bryslayz on -
thanks guys I made a 100% on the project, I ran out of time before making my intrusion for the private document but luckily he decided to grade it upon how well you attempted (or else everyone in the class would have failed)
but he said he liked my approach, I was using the "net use" command in CMD prompt.
if anyone would like to help me finish/fix it (I kept getting a syntax error or could not locate server[I had to use this because it would not let me type in a password when it prompted for me credentials])
net use xx.xxx.xx.x/user\administrator "THS"
THS being the password
should user be CET4, or is it supposed to just be user
-
Permalink Reply by JOE Zombie on -
You should use 2 different firewalls in case one fails...lol
Also try some social engineering.....its not hard too look at someones account/pass while in class...
or even your teachers and just get on the admin account....depending on what kind of network is setup you might beable to easily destroy the admin rules made up for you and just browse throught the whole system on your own.....its not hard but it takes time to find the key vulnerability too do it...
also if someone leaves their computer just get into the command prompt on it real quick and change their password...takes like 5 secs
-
Permalink Reply by ManFromDelMunky on -
I agree social engineering is the best way. Even if you only use it to gain physical access to the machine.
Also try a copy of Bart PE (Windows XP boot cd) boot from cd to a gui that understands NTFS, brows to the file an copy to a memory stick, job done. Of course this is only if they havent used drive encryption, then things get more comlicated.
-
Permalink Reply by shirty_dogg on -
commodo? don't do this. it's buggy. I know exactly what I told because I tested this shit when i dhad work experience in security company. I expected good software but after testing I can tell you stay away from that shit ;) for Windows you need boy something rather I mean Kaspersky or any... free of charge application for Windows sucks... good ideas but don't evaluate because of MONEY ;)
to break AV or similar > piece of cake
if you need very high security you have to use any unix platform with poperly setted firewall or small unix serwer as hardware firewall (http://www.tech-faq.com/download-free-firewall.shtml)
btw I haven'y any firewall when I'm using windows but I spend many hours to remove or block any unsecure or unwanted service or file or anything from microshit ;)
-
Permalink Reply by lonestarr13 on -
Is this a Windows XP OS or Vista? I have a suggestion if it's XP (I don't think this works on Vista because I think auto-run is disabled). It is common knowledge to run firewall software or even XP built in firewall so why not try another attack vector. Social engineering is always available, but may be already anticipated since it's a project. How about the Hak5 USB Switchblade http://wiki.hak5.org/wiki/USB_Switchblade ? If U have a USB key that is U3 capable, just install there software and plug your key into the victims PC during class and let it get the LMHASH file, take your key back to your machine and run a rainbow table cracker on the file to get the users Username/password. I would also recommend you protect yourself against this type of attack and disable ALL FIREWIRE/USB ports and turn off Auto-run in windows... also if you have not done so, turn off XP's LMHASH - http://support.microsoft.com/kb/299656. Your teacher sounds awesome, Good Luck!
*Didn't realize your project was over, but I'll leave my post up anyway*
-
Permalink Reply by crispy bits on -
metasploit3
© 2009 Created by pdp on Ning. Create a Ning Network!
