Hack my box!

Hello fellow members, I've decided to open my system up for security pen-testing! I'm running several servers/web apps.

I will post the info most likely Saturday or Sunday. I will also offer proof that it is my box so you know I'm not asking you all to try and hack someone else's system.

There's only a few rules I will be very strict on! Please respect them:

1. NO DDoS attacks! PERIOD. I, as well as my roomates will be very pissed if you try to take down my network.
2. If any sploits/security flaws are found. Please report honestly.
3. Any attempts to damage my system/corrupt data/remove files … anything malicious, period; will NOT go unnoticed and ignored.

THIS WILL BE OPEN TO EVERYONE

Here's some quick info provided free:

[Footprinting] OS: Windows Server 2003 Enterprise R2 x64 HTTP: IIS 6.0 - Pooled PHP/MySQL/Coldfusion

[Services] HTTP FTP SMTP/POP3

The next couple days I'll try to install some more web apps; some of my own. I'll install MS SQL Server as well.

This will be used for learning purposes on real apps/servers. Anything goes, except for DOS attacks.

If you'd like to contribute or have any good ideas for this, feel free to post here.

Woot! Count me in :p

Also, I think it's a good initiative. It's a great opportunity for those who have never tried this kind of stuff 'for real' before.

count me in as well install every sever you can think off this will be mad I wont abuse it I promise.

i'm in :happy:

count me in too

ill give it a shot….havent done any thing of this nature for a while.

ok im not great at things like this but im learning so i think this will be a great learning oppertunity to learn more, you must be quite a trusting person to allow ths or confident that if anyone did abuse it you cud get them back!!

Never done a hack on a host server, only online exploits or vulnerabilities, so I am REALLY looking forward to trying this. In otherwards, count me in, man.

All I have to say is this is a great idea give chance to test things learned on this site in real action.

awesome idea, and i think that whoever successfully rooted it should post an article or sumthin about how they did it so that other people can learn more about rooting

I'm quite a bit drunkk. .right now .. so lets postepone this till tomtroeow. :))))

YeAH!!!!!!!!!!

Cool to give such an opportunity. I'm in. :)

Hey everyone Im kinda new to hacking in general and just joined site but can I take place in this challenge as well? Cause I just got my new pc for hacking and havent used it as of yet. Anyways how are we suppose to get the IP for ur pc???

Count me in, Ill add you to msn.

Just a quick update on this project: I will release the server info most likely tomorrow morning. I will be installing a couple more services and apps before this goes live.

-Sent

Hello all. Sorry for the wait guys… my friend had some car trouble so I was out all day today.

I can release my server info now if you'd all like, but as of now this is what is running:

HTTP Server - php/sql/cold fusion FTP Server SMTP/POP3 MySQL

» CMS System » TorrentBits Source Torrent Tracker

I was going to hold off until some other apps/services were in place.

1. SSH Server
2. Proxy Server
3. MS SQL Server
4. Web site based on coldfusion

I also have available if you'd all like: MS Exchange Server MS Project Server MS Forms Server MS SharePoint Server MS Commerce Server Merak Mail Server Apache Web Server Intrusion Detection Systems Firewalls Web Site (ASP-based) and more…

LET ME KNOW WHAT YOU THINK. I'm doing this for you all as a learning experience. Please understand:

If there are any malicious attacks attempted on my system, I'll close down everything at once and you better hope to god you're behind several tunnels. I have no problem with involving the authories, especially when I have several connections.

Things I consider malicious: » Rootkits uploaded, that you keep hidden and not reported to me. » Destruction of system files OR personal files. » Viruses/Worms » Web Defacement without backing up original files. Feel free to deface my site if you like, but do NOT over write my files without making them backups (IE: "index.bak"). » Try to get r00t. That is encouraged, but report it to me right away. » Anything destructive that I would not like!!!

I'll take a consensus here first then decide accordingly. Please post whether you'd like to start now while I install more services or wait until it's all up and running.

Hold off until you getthem running, it will be more fun :)

il give it a shot…. i probably wont get far but whats the harm in trying huh :D

I also can try that. It looks like fun. B)