Bugtraq mailing list archives
Re: Microsoft ask users to crack win2000 site
From: jhorn1 () DESPERATE CI TUCSON AZ US (John Horn)
Date: Thu, 5 Aug 1999 12:58:49 -0700
Aleph1, I don't know if this posting is really pertinent to the list but considering the potential for serious penalties, I thought it might be advisable to point this out. Hmmm, interesting. Nevertheless, such activity contravenes various federal statutes and/or possibly state statutes at either the point of origination and/or the destination (or both). I would suggest that anyone interested in accepting this offer consider the relevant legal issues before actually making a compromise attempt on the site. It should be noted that Microsoft does not have the authority to waive prosecution under at least one (or possibly more) federal statutes. It is quite possible to be prosecuted completely without Microsoft's consent. It is, in fact, even possible that an invitation to the public to contravene federal statutes may, in and of itself, violate other statutes. On Tue, 3 Aug 1999, Peter Lowe wrote:
[ executive summary: Microsoft are asking you to crack their machine running on win2k and iis. ] I haven't seen anything about this on bugtraq before, and I'm not entirely sure if it's appropriate, but this is from http://www.windows2000test.com/ground_rules.htm: Microsoft Internet Explorer Microsoft Windows 2000 Server with Internet Information Server. Ground Rules 1. Make it Interesting Good safe computing practices on the Internet involve placing critical systems behind firewall-type devices. For this testing, we are intentionally not putting these machines behind a firewall. This mean that you could slow these machines down by tossing millions of random packets at them if you have enough bandwidth on your end. If that happens, we will simply start filtering traffic. Instead, find the interesting "magic bullet" that will bring the machine down. 2. Compromise an account Windows 2000 computers can have multiple user accounts and groups. See if you can find a way to logon with one of these accounts. 3. Change something you shouldn't have access to See if you can change any files or content on the server. If you manage, no foul or rude statements please. 4. Get something you shouldn't have There are hidden messages sprinkled around the computer. See if you can find them. 5. Our goal is to configure the system to thwart your attempts The goal is to see how a properly secured machine will stand up to attack. These machines are configured to prevent known attacks. 6. This is a test site You are welcome to attempt to compromise this site, and this site only. This is your chance to do a practical test of Microsoft Windows 2000's security. 7. Tell us about your exploits If you find something, send us some email at > w2000its () microsoft com. © 1999 Microsoft Corporation. All rights reserved. Terms of Use. -- Peter Lowe -- System Administrator, Telenor Internet http://www.ti.cz/ -- pgl () ti cz Everything I know in life I learnt from .sigs.
Regards: John Horn City of Tucson, IT Dept. jhorn1 () desperate ci tucson az us
Current thread:
- chflags() [heads up] Adam Morrison (Aug 01)
- Re: chflags() [heads up] Eivind Eklund (Aug 03)
- Microsoft ask users to crack win2000 site Peter Lowe (Aug 03)
- vlock + magic SysRQ key Luis M. Cruz (Aug 04)
- Re: vlock + magic SysRQ key Pavel Machek (Dec 31)
- Paranoid? Running SSHD as normal users. Erik Parker (Aug 04)
- Re: Paranoid? Running SSHD as normal users. (rethink) Erik Parker (Aug 06)
- Administrivia Elias Levy (Aug 09)
- Re: Microsoft ask users to crack win2000 site j nazario (Aug 05)
- Re: Microsoft ask users to crack win2000 site John Horn (Aug 05)
- Re: Microsoft ask users to crack win2000 site Ray Barnes (Aug 06)
- vlock + magic SysRQ key Luis M. Cruz (Aug 04)