anyone tired of trying to hack my server yet? not wanting to play with asp, etc?? well, thats disheartening, but..!
hack my other server!
as of this point, I would also like to open up http://63.82.76.99 for scrutiny
my only request is that the same guidelines listed above for getting into .100 be your guiding cricket
btw.. for the asp code, see attached for your reading pleasure
the ASPTear component can be downloaded at http://www.alphasierrapapa.com/iisde...nents/asptear/
-
i can think of a couple weaknesses in the site that are *possibly* expoitable...
give it a try and give me a shout if you want the source to work off of too... I know, I know... that would be cheating; but actually, if my code or one of the components I'm using is going to kill me, then I'd rather find out nowLeave a comment:
-
well
I already got some dll library to spit some errors.
That's why I said IIS cross scripting vulnerability.
Can't get it to do what I want though. Never been into this part of the exploiting world before anyway :D
DAmn where is George Guninski when you need him. heh
later allLeave a comment:
-
There are two ways that I think can lead to owning... Exploiting the asp code or some crazy packet analysis stuff that I couldn't tell you about (cause I dont know)...
I've already gotten the asp code to spit out some runtime errors...
whats everyone else gotten so far?Leave a comment:
-
ble
IIS 5.0 cross scripting vulnerability.
just a guess :)
mmmmmm
maybe not.Leave a comment:
-
once you try it, can you tell me how you found it and what it is, etc?
--red0xLeave a comment:
-
i have an idea on how to get in...
can i get an email verifying it is ok for me to own your box?
simon@willhaven.org
thanks...Leave a comment:
-
dont worry
I take any opurtunity I can to learn, both linux and win2k. I am trying a few things. ;)
--red0xLeave a comment:
-
Yes
Yes you have it dead on. Our school is very stupid. Everyone here is M$ Freaks, that do not understand linux, so it is "evil" in there eyes. We have had one known break in on a linux box, and oh probably hundres on windoze boxes. Go figure.
Anyways don't blow this off as an easy challenge because it is a M$ box. It is rather secure. Hey, that's the point of a challenge aint it?Leave a comment:
-
lol, no way
lemme get this straight (btw, this isn't a flame):
your school wont *let* you set up a linux box?!?
what are they, insane? or just stupid?
hey, are you invis?
--red0xLeave a comment:
-
Here's your chance to try it out on my server without getting in trouble (provided you adhere to the specifications I mentioned in the above posts..)
Yeah, it is a 2000 Server. The College I work for is all Windows and I'm not allowed to set up linux, even as simple bind servers, etc... So.. should be even easier right?
Read up on my rules, then go for it :)Leave a comment:
Leave a comment: