.

You'll find this funny but I'm pretty serious. Need my own servers "hacked"

<<

TheUsD

Newbie
Newbie

Posts: 3

Joined: Sun May 05, 2013 8:21 pm

Post Sun May 05, 2013 9:02 pm

You'll find this funny but I'm pretty serious. Need my own servers "hacked"

Topic pretty much says it all but there is more too it.

I've setup a file hosting server for my friends, family, and my small business and I would like to see how vulnerable it is to the outside world. I'm also wanting to see if any of the users would be able to "hack" their way into another users files on the server.

I'm using win7 ult 64-bit the software running the FTP server is Wing FTP enterprise edition. The software supports FTP, FTPS(FTP with SSL), HTTP, HTTPS, and SFTP(FTP with SSH) and allows me to create user accounts which I can control their folders, directories, disk quota, bandwidth and etc..
Since I cannot find a suitable program that will auto-backup files (you can add a suggestion for a good client here, lol) I've been having them create a connection via "add a network connection" in computer, have them put in the server/user info.

Since I'm a noob with software on that level (I'm a computer repair tech and have a small background in networking) I'm not even sure how my clients are even connecting, I suppose its just a standard FTP?

Last concern:
I know this site is for EH and everyone here is a "good guy" but I'm a realist and realize that I can't just ask anyone to "hack" or attempt to "hack" my server so since I just can't allow anyone here, how would I go about finding someone to be able to see if they can hack the FTP server and gain access to anyone's files?

Even if you cannot help me, thanks for your time.
<<

TheUsD

Newbie
Newbie

Posts: 3

Joined: Sun May 05, 2013 8:21 pm

Post Mon May 06, 2013 12:39 pm

Re: You'll find this funny but I'm pretty serious. Need my own servers "hacked"

I know double posting is a big turn off to getting your question answered, but is what I asked wrong for me to ask or should be put into another location?

I was clueless where to start looking and this seemed to be a good idea at the time.
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Mon May 06, 2013 12:51 pm

Re: You'll find this funny but I'm pretty serious. Need my own servers "hacked"

What you're asking for is called a penetration test. There are lots of people on this forum (myself included) that are professional penetration testers and get paid to do exactly what you're asking for.

If you're interested in having a quality penetration test done, it won't come free. I would suggest doing a little research on Google to find a reputable consulting firm to contact about your needs. Call around to a few of them to get an idea of what services they provide and an idea of what the price would be. The numbers and services will vary greatly depending on the firm you contact, so shop around and find the best fit for your needs.

Good luck!
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

TheUsD

Newbie
Newbie

Posts: 3

Joined: Sun May 05, 2013 8:21 pm

Post Mon May 06, 2013 2:24 pm

Re: You'll find this funny but I'm pretty serious. Need my own servers "hacked"

Thanks for the advise, I'll do some research and see what it brings me. And since I have your slight attention, can you PM me with your company info in case I do not find something that fits my needs?
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Mon May 06, 2013 5:52 pm

Re: You'll find this funny but I'm pretty serious. Need my own servers "hacked"

Moving thread.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Xtophertaito

Post Tue May 07, 2013 7:48 am

Re: You'll find this funny but I'm pretty serious. Need my own servers "hacked"

"Thanks for the advise, I'll do some research and see what it brings me. And since I have your slight attention, can you PM me with your company info in case I do not find something that fits my needs? "

why not you do it? Google and see what it will take you to carry on the task.It is part of learning.
Good luck!
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue May 07, 2013 7:56 pm

Re: You'll find this funny but I'm pretty serious. Need my own servers "hacked"

First question, have you hardened your server to the best of your abilities/knowledge?  Have you covered the Security 101 basics?
renamed default admins?
disabled guest?
use complex passwords?
disable unneeded services?
installed AV and configured it?
enabled the client based firewall and configured it?
Fully patched on both the Operating System and applications?
Ensure any local service/user accounts are running with least privilege access?

If you have done all of that, then you might be ready for a pen test.  And like Xtophertaito suggested, give it a go yourself, you will learn a lot.  Also another good idea is to grab something like OpenVAS or Nessus Community edition and run some vuln scans against your system.  Google on the critical/high findings to learn how to fix them.  Good luck!
Certs: GCWN
(@)Dewser

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software