yeoo_andy_ni Posted June 10, 2015 Share Posted June 10, 2015 Hi folks! Bit of input needed here. I've got a wee job in work to build a hackable Windows Server 2012 for a project. Where the hell do I start?! I'm not involved in any Info Sec stuff in work, so I'm totally flying blind here. I've had a few ideas though: Rename local admin account and create a new admin account with a more generic password and prevent certain users from being able to change certain account passwords Don't fully patch - in other words, keep a couple of months of patches off the server and maybe remove a critical one here and there Modify the file shares and create newer ones that are slightly less secure Modify the account lockout policy Modify the RDP settings Modify services such as Remote Registry to disabled Don't update the AV/firewall client to the latest definitions Turn UAC off, or at the very least relax it The end game is to have a treasure hunt on the box to have 4 or 5 folders available, with each acting as a clue to the next folder (and file inside) location. I'm just confused as to how I should go about implementing this to be both fun and a bit of a challenge. Oh, and done right, lol. Cheers! Andy Link to comment Share on other sites More sharing options...
fusi0n Posted June 10, 2015 Share Posted June 10, 2015 I'd start with a simple google search on Windows Server 2012 Metasploit. You're Welcome. Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted June 10, 2015 MVC Share Posted June 10, 2015 Directly connect it to the internet, I.E NAT it with a public IP see how long it lasts. Bryan R. 1 Share Link to comment Share on other sites More sharing options...
BinaryData Posted June 10, 2015 Share Posted June 10, 2015 Hi folks! Bit of input needed here. I've got a wee job in work to build a hackable Windows Server 2012 for a project. Where the hell do I start?! I'm not involved in any Info Sec stuff in work, so I'm totally flying blind here. I've had a few ideas though: Rename local admin account and create a new admin account with a more generic password and prevent certain users from being able to change certain account passwords Don't fully patch - in other words, keep a couple of months of patches off the server and maybe remove a critical one here and there Modify the file shares and create newer ones that are slightly less secure Modify the account lockout policy Modify the RDP settings Modify services such as Remote Registry to disabled Don't update the AV/firewall client to the latest definitions Turn UAC off, or at the very least relax it The end game is to have a treasure hunt on the box to have 4 or 5 folders available, with each acting as a clue to the next folder (and file inside) location. I'm just confused as to how I should go about implementing this to be both fun and a bit of a challenge. Oh, and done right, lol. Cheers! Andy The title and the information provided are a bit different, haha. Though I'm not sure this is an appropriate topic to be discussed here. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 10, 2015 MVC Share Posted June 10, 2015 if its suppose to be a challenge why should you make anything easier - patch it to the hilt, follow the hardening guide.. Lock that bad boy down as much as you can lock it down with 2k12 then that would be a somewhat of challenge. I would atleast run through https://technet.microsoft.com/en-us/library/cc754997.aspx and make it decent lock down. Link to comment Share on other sites More sharing options...
Intersect Posted June 10, 2015 Share Posted June 10, 2015 if you want to make things intresting, as part of the treasure hunt you could have a .PCAP (packet capture file) stored in the documents folder that they need to work with inorder to find out what is in the captured packets. an example of this would be to create a few documents in word add some text to one of them and change the font colour to white or hide the text behind an image, add those filed to a .zip file with a password and send it in an email to some one on your network while you capture the packets. once this is done you will have a .PCAP file to work with Link to comment Share on other sites More sharing options...
n_K Posted June 10, 2015 Share Posted June 10, 2015 Not windows specific, in fact more geared to linux, but have a looksie at http://www.dvwa.co.uk/ Link to comment Share on other sites More sharing options...
fusi0n Posted June 10, 2015 Share Posted June 10, 2015 there a ton of exploits in sploitDB that are to easy too run in Metasploit.. Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted June 11, 2015 MVC Share Posted June 11, 2015 Does it have to be a Windows box? There are specific Linux Distros for this exact thing, So if you are teaching a class for example its ideal. Its called Damn Insecure Linux or something like that where they purposely build the Distro with known affected plugins, Programs or Modules. Link to comment Share on other sites More sharing options...
BinaryData Posted June 12, 2015 Share Posted June 12, 2015 Does it have to be a Windows box? There are specific Linux Distros for this exact thing, So if you are teaching a class for example its ideal. Its called Damn Insecure Linux or something like that where they purposely build the Distro with known affected plugins, Programs or Modules. I was thinking of Kali Linux, haha. KL is fun, but make sure you don't accidentally flood the wrong network. Oops... Link to comment Share on other sites More sharing options...
binaryzero Posted June 13, 2015 Share Posted June 13, 2015 The types of "projects" some users get on this board are quite interesting... Link to comment Share on other sites More sharing options...
Alwaysonacoffebreak Posted June 13, 2015 Share Posted June 13, 2015 I was thinking of Kali Linux, haha. KL is fun, but make sure you don't accidentally flood the wrong network. Oops... Kali is the way opposite of what he was describing tho Kali is FOR "hacking" (god I hate that word) and the one he was talking about is just unsecure as heck. But yeah, Kali is a lot of fun if you know what you're doing. Link to comment Share on other sites More sharing options...
Recommended Posts