Hacking Apache server [or any other]

[REsPaWn]

My friend asked me if i could hack his firm`s intraweb to check for security holes.

The server is running apache and is hosted by a third party. one.com.

Anyone had any luck with this? Or is it youst a waste of time trying to find a way in?

[Big-E]

Hacking apache? Considering it`s the most widely distributed web server on the internet, you will have a pretty hard time getting in - that is if they keep up on their security updates. So with that being said, your first task would be finding out what version they are running and then looking for an exploit for that version.

[Nerdz]

And have a signed paper stating that you are allowed to do it... by the BOSS

[zeus_zf]

Yeah last thing you want to be is the guy holding the evidence at the end of the day. I hope though it is a legitimate adventure. Otherwise it would be a interesting adventure.

As stated before, Apache is a pretty strong server software. In some cases it is as hard as a rock, in another as easy as clay. The more active the security admin the more slim the chances I would say.

And I am saying that because of the section of the forum this is posted at in the first place.

I guess a pat on the back, and a good luck statement would be descent at this point.

[bad_brain]

well, of course it depends on the version and the config...an up to date Apache with a good config is pretty unhackable (oook....DDoS, but for me that's not "hacking" anyway).

so start with gathering information, like the Apache version and the enabled modules....if the server admin is not a good one you can get a lot of info already by provoking a simple 403 error...

[Still_Learning]

How would you rate the security of SynchroNet compared to Apache?

[bad_brain]

How would you rate the security of SynchroNet compared to Apache?

can't be compared, Synchronet is running on simple telnet, but Apache is able to use lots of modules, like PHP, Perl, etc....

[Still_Learning]

How would you rate the security of SynchroNet compared to Apache?

can't be compared, Synchronet is running on simple telnet, but Apache is able to use lots of modules, like PHP, Perl, etc....

Synchronet also supports HTTP, FTP, and IRC. I have not tried running PHP and Perl scripts on it though just HTML pages I just got a book called the Apache Server 2 bible that comes with a CD, i will have to go threw it more..
is Apacher Server 2 out of date? is there a Apache 3 now or something? The book is kind of old i think, i got it for 5$

[bad_brain]

hm, ok, I just took a quick look into Synchronet because of a lack of time....but I have to admit it's interesting, kinda old school...^^

and your book for version 2 is still fine....the latest apache version is 2.2.10, the apache project is also really well documented:
http://httpd.apache.org/docs/

[Still_Learning]

Yeah I would advise looking more into Synchronet, its very interesting indeed. This is the best multi function server i've seen so far or tried, and i understand it better (because i am from the old school, PC wise) its the web 2.0 i dont understand fully yet. Hak5.org uses it for their Telnet BBS, im not sure if they use the same for the HTTP , FTP and other servers but i would think so.. it is a hard coded program, and have never seen any exploits on it in Milworm or anywhere else , google, yahoo search anywhere..

It even comes with a fake DOS telnet prompt, some dude in IRC swear'ed he hacked my server because he had the DOS prompt.. little did he know LOL.. i really like SynchroNet so far.. but have not tried Apache yet to compare the 2

[DNR]

Synchronet is a multiplatform BBS software package, with current ports for Microsoft Windows, Linux, and BSD variants.



http://www.synchro.net/

http://www.synchro.net/sbbslist.html

example:

The Computer Connection
Online since: 11/08/03
Operator: toolman
Web-site: www.tccbbs.net
Nodes: 10, Users: 264, Doors: 40
Download: 1103 files in 29 directories of 3693969817MB total space
Messages: 151932 messages in 300 sub-boards
Networks: Dove-net [tccnet], ILink [tccnet],
and USSN [tccnet]
Terminal: ansi,tty, ansi,tty, ansi,tty, and ansi,tty

telnet://tccbbsjyo.toolman.net Leesburg, Va
telnet://tccnet.synchro.net
telnet://bbs.toolman.net
telnet://bbs.tccnet.us
telnet://tccnet.bbs.us
telnet://tccbbs.net


Games: Trade Wars 2002, Lord I & II, UU, Usurper,
Plantes:TEOS with IGM, Ny2008 and many others.
Falcon Eye League 41
Falcon Eye League #716
League 716

Entry created on Tue Aug 12 2003 10:35 am by Toolman
Last updated on Tue Jul 04 2006 03:30 am by Toolman
Last verified on Sat Nov 22 2008 12:04 am by SBBS List Verifier

--

FTP root at vert.synchro.net

--------------------------------------------------------------------------------

Welcome!

Synchronet files are located in /Synchronet
Synchronet files are mirrored on ftp.synchro.net (faster).

To get listings with descriptions, use FTP Explorer (www.ftpx.com),
or better yet, open 00index.html in your favorite web browser!

Uploads are now allowed in most directories.
Upload to /incoming if you're unsure where a file should go.

If you have any problems, please e-mail the details to sysop@vert.synchro.net.
Guest logged in.
You have 24356194 download credits.


--------------------------------------------------------------------------------

11/22/2008 09:35PM 512 00index
11/22/2008 09:35PM 512 00index.html
10/18/2008 07:17PM 1,235,872 vert.qwk
11/22/2008 09:35PM Directory Synchronet
11/22/2008 09:35PM Directory Synchronet_Archive
09/11/2008 06:40PM 7,128,414 sbbs_win32.zip
11/22/2008 04:09AM 4,644,792 sbbs_src.tgz
11/22/2008 05:35AM 8,711,145 sbbs_src.zip
11/22/2008 12:33AM 2,682 sbbsimsg.lst
11/22/2008 12:33AM 9,314 syncterm.lst
11/22/2008 09:35PM Directory incoming
11/22/2008 09:35PM Directory main
11/22/2008 09:35PM Directory music
11/22/2008 09:35PM Directory modem.madness
11/22/2008 09:35PM Directory monster.media
11/22/2008 09:35PM Directory pier.shareware
11/22/2008 09:35PM Directory cica.windows.95
11/22/2008 09:35PM Directory cyber.xpo.95
11/22/2008 09:35PM Directory night.owl.13

--------------

yea sure looks interesting..

DNR

[rhysh]

i know of only one 0day for apache 2. sumthing rather,anyways i dunno if the guy is a scam,but then well,know one has sayed hes scammed em so far.lol

[bad_brain]

i know of only one 0day for apache 2. sumthing rather,anyways i dunno if the guy is a scam,but then well,know one has sayed hes scammed em so far.lol

well, of course it's possible, but the fact that a LOT of developers work on Apache (not just the Apache team itself, also every Linux team, there is even an own mailing list for Debian-Apache for example) decreases the danger of an exploit that is in the wild for long without being discovered and patched.
most apache exploits are based on a bad config and not on a program design flaw....the design flaws are usually found after just a few days by the developer community (most of the times even in the testing phase before the version is made public).

[DNR]

rhysh - you're really killin me today.

----

The TCP/IP protocol, by its very own design it has inherent flaws that allow for exploiting what happens on a network. The best configured OS is one that is set up to minimize threats by TCP/IP's flaws. When crackers attempt to exploit a OS or server, they have to see how the sysadmin set up the rules for handling network traffic, it doesn't have to be just the TCP/IP protocol, it can be other protocols.
When you scan a computer or network you want to find all the devices and protocols it uses.

"A protocol describes how a packet of information is organized and the rules it follows when traveling across the network." The cracker is exploiting the rules simply put.

Network and computer protocols can be grouped into three catagories: lower level protocols, upper level protocols and application protocols.

Lower level protocols are sometimes called hardware protocols or even physical level protocols and are generally related to a network device.
Examples of lower level protocols include Ethernet, IEEE 802.3, ATM, Token Ring, Frame Relay and even Wifi. A low level protocol attack could be on a network device's firmware, i.e. Phlashing.

The Upper level protocols should look familiar to you, if you ever took a basic IT/CIS class :*

Layer 1 Physical Layer
Layer 2 Data Link Layer
Layer 3 Network Layer
Layer 3 Network Layer management
Layer 4 Transport Layer
Layer 5 Session Layer
Layer 7 Application Layer

Explode the just the application layer of the Upper Level protocol and you see a lot of the common areas used for exploitation:

DHCP · DNS · FTP · GTP · HTTP · IMAP · IRC · NNTP · NTP · POP · RIP · RPC · RTCP · RTP · RTSP · SDP · SIP · SMTP · SNMP · SOAP · SSH · Telnet · TLS/SSL

I just picked the application layer as an example, each layer has its weaknesses. Link Layers, Transport layers, and Internet Layers have their various potential for exploitation and should be investigated.

With the many different types of protocols trying to work together, from so many different users, Service providers(ISP, Private networks), and then different countries, this can cause a lot of confusion and rules have to be bent in order to make the different systems to work together.

Application Level protocols are sometimes called software protocols, you consider the realm of software glitches and hardware incompatibility - holes can be found where the designer had to leave a hole in order to make their software cross platform or hardware compatible.

When you look at this big picture you can see how a good hacker views a computer, server, or network. When you scan a network or computer you look at all the devices and protocols running on it, the more you know how each device and protocol has to work, the easier it is to find holes in the system. Don't blame the OS, blame the sysadmin for not being so diligent on keeping a good network. A good sysadmin stays skilled by keeping informed whats on the internet, testing his network, and monitoring his network at every level possible.

One last note:

The server is running apache and is hosted by a third party. one.com

The server does not belong to your friend, or his company even - it is hosted by the third party - and they will not be happy to have their server pen-tested. The server could also be hosting other companies websites - you could cause a DoS to them as well. So DNR recommend you don't do this. Play on your own personal computer lab/network.

DNR

*This is the OSI model of the layers:
7 Application Layer
6 Presentation Layer
5 Session Layer
4 Transport Layer
3 Network Layer
2 Data Link Layer
LLC sublayer
MAC sublayer
1 Physical Layer