Journal intermodal's Journal: anniversary and security 6
ok, so two things of note this weekend, first of which was my first anniversary on sunday the 6th.
Secondly, I have been asked by a church (no, i know better than to post the URL on slashdot) has asked me to try to break into their web server to try to find out what the pastor's son did to leave a note saying he broke in. I suspect he did it from inside the building, but my request was to see what I could do about busting in from outside. so far, all i've gathered (not including inside knowledge I already had) is that nmap is useless against it, there is a firewall in place, there is IIS 5.0 running on something NT based, and I have the IP address. I highly suspect either his dad left a password around, or that he physically accessed the server or other box behind the firewall. Any of you security experts out there have suggestions? I think they may be behind a hardware firewall, as I had to hit port 80 on telnet with a bad request to find out the IIS part.
Hmmmm (Score:1)
However it is most likely an inside job. You know, easily guessable passwords (a simple dictionary attack is often enough) or the famous 'post-it under keyboard'.
I just suggest to change the password to something more sensible like "H4cK7Hi5K1dd0" and dare the kid to do it over again. Of course, don't write it down, after all that one is easy to remember.
Happy anniversary by the way.
looking for a rootkit? (Score:2)
Re: (Score:1)
Firmware NAT (Score:2)
can't think of a title (Score:2)
Secondly, when physical access is a factor, I would strongly discount network intrusion unless the kid is computer inclined to begin with and probably a script kiddie. Even a kiddie probably wouldn't attack a site where he is closely associated with the people who run it, thus making it easier for real consequences to catch up with him. The kid was probably bored in Sunday school and snuck out and stumbled across the web server.
I would check the date on the index.h
Re:can't think of a title (Score:2)