Hacking Windows 2008 Server

[ViperGTI]

This might be a stupid question, but does anybody know how hard it is to hack / take control of a Windows 2008 R2 server?

We basically have one hosted on the web. Our SQL Server instances doesn't allow remote connections, we only have a couple of administrator accounts on the server (to manage databases / install applications) and we have a couple of FTP accounts for certain clients. Passwords are complex, but we are only sitting behind a Windows Firewall.

At the moment our server only runs applications and web applications so the search engines aren't picking our server up, but we just got a new server and I'm thinking of moving our website (currently hosted at a 3rd party) to the new server. This will however require that I install MySQL and PHP on the server.

I'd just like to get an idea of how high our risk is.

[werny]

I have a very very smart lecturer at collage, he is brilliant with any microsoft server and also a master when it comes to linux (unix).

So basically one day I messed around with the server I had installed on my computer in class and then deleted my own profile or something like that and then I couldn't log in cause there were no account, he then booted into command prompt and did weird stuff in it out of his head and when it restarted I could log in again, he said that he hacked the server core and created another account, I would really now how he did it.

Just shows you how easy you can get access to a server anywhere if you know how.

But unfortunately I have now clue how to hack into Server 2008 R2, sorry.

[biometrics]

Having local access makes a difference.

[koeksGHT]

Take a look at kon boot. With local access it is easy to take control of the kernel and be able to do lots. However on a network with a firewall you need some kind of loophole .

[ghoti]

https://www.google.co.za/webhp?sourc...w=1360&bih=667

[shakebake]

I have about 17 Windows 2008 R2 servers. All of them have latest updates installed, all have passwords with a gazillion weird characters in, and they all run SQL Server 2008 R2. They are all used for web hosting and they are publicly accessible on port 80. I've had them for about 3 years and they've never been hacked. I do know of other companies on the same network as me, with similar setups that have been hacked.

I've had another Win 2008 R2 server, same as above, on another network, and one day when I logged into it through remote desktop, I saw that some irritating hacker had installed 3 different programs on it - they were still open, and he was using the software to hack further into other PCs on that network. I have no idea how he got in - I basically caught him red-handed and went into task manager and right clicked on his user that he created and force logged him off. I uninstalled all his programs, changed passwords and set up triggers on event viewer to email me the moment a successful authentication is made on that server, so that I would know immediate if he came back to finish his dirty work, but he never did.

I also had someone hacking a Windows Server 2003 of mine about 6 years back - again, same story, installed a lot of programs - it's almost as it they use one server, to get into another etc etc.

My recommendation is that you should not have highly sensitive data on a publicly accessible server.

[Faultyboy]

If you can get physical access to the box it would be easy to bypass any security and install a connect back server.. If you don't have physical access, start with a port scan to see what ports are open. Check to see if any services are running on the ports. You mentioned you where running SQL/WebServer with some web apps, this is probably the weakest point of entry if not secured properly, search for exploits relating to the servers running services. Once you have a few exploits that might work the hard part is using them. You could use something like Metasploit to scan for exploits and vulnerabilities but this is commercial now and most of the exploits released by the community will be patches quite quickly. Real "hacking" does not happen by running a few programs you found on the internet, 99% of real hacking is based on Programming knowledge! If the person can't code there own hacking tools they can't hack. If you find a cool "Tool" online it's because the person who made it overused it and it probably doesn't work anymore, so they dumped it online for the S/kiddies. A serious hacker can take weeks to gather information on his target to eventually get in. Your best bet is to try a SQL/WEBServer exploit or injection technique, upload a PHP backdoor shell and you are in.. You might have to escalate your privileges once in, depending on where you land. Upload a Ring-0 R00tK1t if you have one or just a hidden server for you to connect back to later.. once your are in a box don't do anything unnecessary or harmful because it will quickly get you spotted and locked out. If you are deploying a Trojan or ConnectBack then make sure its connection to the box is invisible for example use Port 80 to monitor on as it's normally already open and the traffic can be disguised as HTTP traffic, Or listen on a closed port so your commands hit the port and get dropped by the OS but seen by you hovering over the port.. No packets or connections will be logged this way on the PC.. Any other PCs/Routers/Proxies you go through before hitting the closed port will still log.. Bottom line is you are not going to hack anything until you learn to code and your servers are most likely safe unless you have been targeted by a pro..

[Kosmik]

My recommendation is that you should not have highly sensitive data on a publicly accessible server.

Best. Safest server is one off the network. Impratical I know but thats the old axiom. I like to seperate public and internal servers and have strict control over what traffic flows between them so even if the public one is hacked, it cannot penetrate the internal network and data.

[<?php?>]

I played with Metasploit a bit, and was really sastounded to find how easy it is to circumvent security on a poorly setup system.

My advise is to always ensure that the system is up to date with the latest security patches installed and to only open bare minimum ports on the firewall. Regular review of the system logs, will help, however no system is un-hackable.

[<?php?>]

I played with Metasploit a bit, and was really sastounded to find how easy it is to circumvent security on a poorly setup system.

My advise is to always ensure that the system is up to date with the latest security patches installed and to only open bare minimum ports on the firewall. Regular review of the system logs, will help, however no system is un-hackable.

The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy