Hacker Challenge
Test your skills!
Well, since it’s hacking IIS 6, I’m not sure how much of a “challenge” it will be, but, still, the “Hack IIS 6 Contest” sounds like a bit of fun. The goal, obviously, is to crack a publicly available Internet Information Server 6 that the contest organizers have setup. They claim to have set it up as they would expect the “average” Windows Admin would have configured it. The goal is a simple defacement or the reading of a “hidden” document. The prize is an XBOX.
If I had more time, it might be fun. Of course, I’m not really a hacker, nor have I ever claimed to be a hacker. My “skillz” are so out of date that the last time I did any “security testing” was back in the days of the BBS. Remember those? Ah, the good old days… And, to be honest, even then I was little more than a clever script-kiddie. (On the other hand, there have been those who accused Kevin Mitnic of being little more than a well-connected, persistent, script-kiddie, too, so I guess I’m in good company!) But, for you young’uns that might be a little bit more spry than Old Man River, it could be a fun challenge.
The contest runs through June 8, 2005.
What a riot!! Those guys make me laugh…more especially, since I used to work for them. The “average” windows admin is an administrative assistant with the admin pass, since the old admin left. That would mean…default permissions…and to solve those pesky IIS permissions issues, just drop IUSR_whatever into the admins group…that oughta fix it. Don’t forget to turn on directory browsing so I we don’t have to mess with default documents. And let’s just put it outside the firewall, that way I don’t have to read the manual and understand “reverse proxy” or “virtual servers.”
Comment by Pol — 5/9/2005 @ 8:13 am
Yeah, that was sort of my thought, too. M$ makes things nice and user friendly for happy idiots who couldn’t administer their way out of a paper bag, but that makes for really sad security sometimes. People get fooled with the nice point-and-click interface, thinking that they don’t need to really understand what’s happening underneath it all. Thank all that is holy and unholy, it looks like we’ll be moving off to Linux in one form or another!
Comment by the Network Geek — 5/10/2005 @ 12:33 pm
I AGREE
MAY I GIVE THE SITE WHICH YOU SHOULD HACK
Comment by KHALEDINHO — 7/3/2005 @ 5:02 pm
No.
I don’t do that sort of thing anymore. And, in fact, I haven’t since BBS’ were the only way to talk to other people. Do you know what the penalties are for unlawful data access? Steep. It’s not worth it.
Comment by the Network Geek — 7/3/2005 @ 9:41 pm