May 6, 2013 at 2:02 am #8428
Topic pretty much says it all but there is more too it.
I’ve setup a file hosting server for my friends, family, and my small business and I would like to see how vulnerable it is to the outside world. I’m also wanting to see if any of the users would be able to “hack” their way into another users files on the server.
I’m using win7 ult 64-bit the software running the FTP server is Wing FTP enterprise edition. The software supports FTP, FTPS(FTP with SSL), HTTP, HTTPS, and SFTP(FTP with SSH) and allows me to create user accounts which I can control their folders, directories, disk quota, bandwidth and etc..
Since I cannot find a suitable program that will auto-backup files (you can add a suggestion for a good client here, lol) I’ve been having them create a connection via “add a network connection” in computer, have them put in the server/user info.
Since I’m a noob with software on that level (I’m a computer repair tech and have a small background in networking) I’m not even sure how my clients are even connecting, I suppose its just a standard FTP?
I know this site is for EH and everyone here is a “good guy” but I’m a realist and realize that I can’t just ask anyone to “hack” or attempt to “hack” my server so since I just can’t allow anyone here, how would I go about finding someone to be able to see if they can hack the FTP server and gain access to anyone’s files?
Even if you cannot help me, thanks for your time.
May 6, 2013 at 5:39 pm #52905
I know double posting is a big turn off to getting your question answered, but is what I asked wrong for me to ask or should be put into another location?
I was clueless where to start looking and this seemed to be a good idea at the time.
May 6, 2013 at 5:51 pm #52906ziggy_567Participant
What you’re asking for is called a penetration test. There are lots of people on this forum (myself included) that are professional penetration testers and get paid to do exactly what you’re asking for.
If you’re interested in having a quality penetration test done, it won’t come free. I would suggest doing a little research on Google to find a reputable consulting firm to contact about your needs. Call around to a few of them to get an idea of what services they provide and an idea of what the price would be. The numbers and services will vary greatly depending on the firm you contact, so shop around and find the best fit for your needs.
May 6, 2013 at 7:24 pm #52907
Thanks for the advise, I’ll do some research and see what it brings me. And since I have your slight attention, can you PM me with your company info in case I do not find something that fits my needs?
May 6, 2013 at 10:52 pm #52908Don DonzalKeymaster
May 7, 2013 at 12:48 pm #52909AnonymousParticipant
“Thanks for the advise, I’ll do some research and see what it brings me. And since I have your slight attention, can you PM me with your company info in case I do not find something that fits my needs? “
why not you do it? Google and see what it will take you to carry on the task.It is part of learning.
May 8, 2013 at 12:56 am #52910TribanParticipant
First question, have you hardened your server to the best of your abilities/knowledge? Have you covered the Security 101 basics?
renamed default admins?
use complex passwords?
disable unneeded services?
installed AV and configured it?
enabled the client based firewall and configured it?
Fully patched on both the Operating System and applications?
Ensure any local service/user accounts are running with least privilege access?
If you have done all of that, then you might be ready for a pen test. And like Xtophertaito suggested, give it a go yourself, you will learn a lot. Also another good idea is to grab something like OpenVAS or Nessus Community edition and run some vuln scans against your system. Google on the critical/high findings to learn how to fix them. Good luck!
You must be logged in to reply to this topic.