Hack IIS6 Contest - win an Xbox

Discussion in 'Windows Desktop Systems' started by NetRyder, May 7, 2005.

  1. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    http://www.hackiis6.com/default.htm

    Haha, let's see how this goes. :up:
     
  2. Kush

    Kush High On Life!

    Messages:
    4,590
    Location:
    Montreal, Quebec
    its down for me, would that mean someone is already going to win?:p
     
  3. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    No, it just means you have a terrible connection. Sorry. :p
     
  4. Eagle710

    Eagle710 OSNN Senior Addict

    Messages:
    312
    Location:
    Toronto, Ontario, Canada
    lol saudi.......looks interesting to bad i dont know the slighest thing about hacking maybe mafia or somone can hook me up with some info on doing so
     
  5. Kush

    Kush High On Life!

    Messages:
    4,590
    Location:
    Montreal, Quebec
    haha, not me, i stopped even trying to look down that path, two reasons, i suck, and theres always someone better than you, and i think that trojans/backdoor programs are pathetic, used it once thought it was cool, got over it!
     
  6. vern

    vern Dominus Political User Folding Team

    Messages:
    1,571
    Location:
    Minnesota, USA
    Hopefully all the mofos who have been bashing IIS all over the internet will come and show up and prove their rhetoric without due credence. I also hope that the people who are setting this up are geniunely curious and doing this objectively (hardening the box with reasonable security measures), instead of just conceding IIS is not secure.
     
    NetRyder likes this.
  7. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Exactly my thoughts. :)
     
  8. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    Interesting, the site was running Win2k and IIS 5.0 until a couple days ago, and now on 2k3 and IIS 6.0. Maybe they are afraid that IIS 5 and Win2k are insecure? BTW, this is run by Microsoft, do you really think they are going to admit it when their server gets compromised? I'll thow a Code Red/Nidma at it :p

    I portscanned the server, they only have port 80 open, now if they were running the remote web administration I think I'd atleast try it, since there are some XSS vulnerabilities in IIS 6.0 that have gone unpatched for almost two years ;)
     
    Last edited: May 8, 2005
  9. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    The contest is actually being organized by Windows IT Pro, a magazine that isn't affiliated with Microsoft.
    Less talk, more action. ;)
     
    Last edited: May 8, 2005
  10. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,332
    Location:
    new york
    /love the idea, but win an x box?

    they are going to get millions of dollars worth of r and d...anyone that will be able to crack this is site I don't think wants an x box...though they'll do it for the fame
     
  11. vern

    vern Dominus Political User Folding Team

    Messages:
    1,571
    Location:
    Minnesota, USA
    This is irrelevant to the goal of the project.

    Like Netryder has already said, the organizers are not affiliated with Microsoft. Just as there are *nix magazines, there are Windows magazines.

    I'm almost inclined to assume that that is conceding defeat. Must people wait until for someone else to publish an exploit before going forward?
     
  12. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    Well they restrict Microsoft employee's from participating, so I would assume that they are affiliated. I am not a hacker/cracker whatever, all I was saying is that if they had allowed the remote web administration open, there are some easy break in's, or is fundamental english not required with the microsoft fanboy newsletter?
     
  13. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,332
    Location:
    new york
    would this be true for any operating system?
     
  14. vern

    vern Dominus Political User Folding Team

    Messages:
    1,571
    Location:
    Minnesota, USA
    There is a difference between being a fanboy and giving credence to the operating systems without prior anti-MS fanboy membership. It almost seems like you are saying that ... yes Windows Server is an easy target, but only if they had this or this running ... but not when capable admins reasonably secure it.
     
  15. SPeedY_B

    SPeedY_B I may actually be insane.

    Messages:
    15,800
    Location:
    Midlands, England
    If the o/s is really insecure, then the server will be hacked. Unless someone steps up to put their money where their mouth is, any argument is pretty pointless :D
     
  16. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,332
    Location:
    new york
    I'm thinking the server would get hacked even if it has greater security then other os's...everything is relative to the effort invested

    the real test is to put all os's up to the same competition, and then the os to get hacked with the fewest resources, and fewest hours invested in the effort is the looser

    even that wouldn't be fair becuase more people would have allready invested more time hacking microsoft products and ms would start any competition like that a leg down

    still this would be accurate, since practically it would still be less secure regaredless of the reason that might be so
     
    Last edited: May 9, 2005
  17. Xie

    Xie - geek - Subscribed User Folding Team

    Messages:
    5,275
    Location:
    NY, USA
    The problem with this type of compitition is not that everyone has put more time into hacking MS products. The problem would be finding equal admins for each OS and being able to setup each with the same exact specs.

    Also in the "real world" it often matters what else is running on the server in addition to a web server. Also how the web server is configured (ie does it run php, asp, cgi, ect.).
     
  18. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    There is webmin for *nix servers, which is relatively secure, as in you can't really have a server be remotely administrated without any vulnerabilities. The problem with the remote web administration for IIS is that you can use session spoofing to gain administrative rights because of an exploit left in by Microsoft on purpose, in order to allow an administrator to reboot the machine remotely but still continue the remote administrative session without logging back in. It should also be noted that this server is not running anything, just IIS, not ASP, no database, email, ftp or anything, just IIS; also it is running behind a pretty powerful UNIX firewall ironically enough, as pointed out on /.

    As noted in many other discussions on this, the prize of an XBOX is basically nil, considering a true exploit found in a "secured" IIS server would be worth a hell of a alot more than a $150 XBOX.
     
  19. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,332
    Location:
    new york
    the prize should be a position in some security firm, with a generous salary guaranteed for a year and a bonus like half that salary

    that's when you'd find the real hackers crackers come out of the woodwork
     
  20. Xie

    Xie - geek - Subscribed User Folding Team

    Messages:
    5,275
    Location:
    NY, USA
    I think alot of the ones that actually have skill (ie not script kiddies) do it for the thrill/fun of it, not for $/reward.