Diaries Of A Hacker

[tansqrx 0]

There’s not many times or places in this world where you and your good friends can come together and hack into a network and not get into trouble and at the end of the day be considered somewhat heroes. I had an excellent opportunity this past week to do just that.Once a year there is a software engineering conference that comes to my town. I have participated for the past few years and the absolute highlight is an event call the Digital Combat Exercise (actually if it weren’t for this, I most likely would not even go at all). The Digital Combat Exercise is basically a hacking competition to show all of the conference attendees how important computer and software security is and ultimately what happens if security is not implemented. The exercise consists of two teams, blue and red. The blue team is the defenders and comprised of conference organizers. The red team consists of conference attendees such as myself. The red team “hackers” are placed on a row of tables with nothing but a switch in front of them. Directly behind us is a curtain and behind that curtain is the network to be hacked. The last time I had the honor of participating, my team came in first place so I had every intention of retaining that rank.What follows are my preparations. Of course I am not advocating anything illegal and this does not mean you should go out and do something stupid. Just as the Digital Combat Exercises for the conference is meant to educate the attendees, this is meant to be an education for you. This is very real and this should be a wake up if you have not secured your machine and taken the appropriate precautions. Consider this a favor, and you don’t even have to pay the $500 for the conference.My preparation actually started about a month ago. I had a rough idea what to expect so I turned my computer into a mini attack/defend platform. I broke down and bought a copy of VMWare Workstation (http://www.vmware.com/). I tried to use Microsoft’s free Virtual PC but the features were severally lacking and I never could get half OSs to install. After installing VMWare, I created several virtual machines; Windows 98, Windows 2000 unpatched, Windows 2000 fully patched, Windows 2000 Server, Windows XP, Windows XP SP1, Windows XP SP2, Windows XP fully patched, Window 2003 Server unpatched, and Windows 2003 Server fully patched. Additionally I also created a Red Hat Fedora Core 5 attack machine and Red Hat 7.0 and 8.0 machines.VMWare provides all the necessary features to create your own virtual network. By configuring the virtual network adaptors I was able to make a DMZ and several subnets. When finished I had the following in the DMZ: Windows 2000 Server unpatched running IIS 5.0 with a webpage, Windows 2003 Server unpatched running IIS 6.0 with a webpage, and Red Hat 8.0 running Apache with a webpage. The front facing network had an address in the 10.1.1.x range. The rest of the machines were in the 192.168.1.x range. I could not run all of the virtual machines at one time so I swapped them in and out according to my purpose. After many hours of preparation I had a fairly decent network together and I was ready to start hacking.Later this week I will start to describe how I started the attack…

[toby 0]

How much RAM/Space do you need to have that many Os's... Intresting work.

[HellFire121 0]

I'd say that hackthissite.org is an online version of what you're describing, though hackthissite deals with webpage security. You can see how easy it is to gain access if you leave one tiny flaw in your coding. This is especially important if you are coding a major website or an important one such as your company's site. It is that easy for a hacker to gain access as you can see at hackthissite. If you take the time to code properly then you won't have trouble.This is similar to what you are doing, if you don't setup a network correctly you can practically say goodbye to your files and personal data as well as secret organization data.-HellFire

[tansqrx 0]

I have found that VMWare and Virtual PC works differently when running. Virtual PC will directly allocate the RAM when the machine runs. If you set the machine to take 500MB of RAM then you will see a 500MB RAM spike in Task Manager when the machine starts. I haven’t quite figured out VMWare’s memory model but you will see only marginal increases in Task Manager. They may be allocating the memory on a hardware level that Windows never sees.I have 4GB of RAM on a AMD 5000+ dual core machine. I’m not a gamer but this type of application will suck your resources dry in a hurry and that is why I bought fairly high end hardware. Depending on if the virtual machines are idle, I can usually comfortably run around 5 machines at the same time and still use the host OS. You can run many more than this but the guests start getting sluggish.