[plug] Microsoft ask users to crack win2000 site (fwd)

Matt Kemner zombie at networx.net.au
Fri Aug 6 09:17:45 WST 1999 

Thought this was interesting... Not that it's an original idea or anything

 - Matt

The day Microsoft makes something that doesn't suck,
is probably the day they start making vacuum cleaners.

---------- Forwarded message ----------
Date: Tue, 3 Aug 1999 19:05:33 +0200
From: Peter Lowe <pgl at TI.CZ>
To: BUGTRAQ at SECURITYFOCUS.COM
Subject: Microsoft ask users to crack win2000 site

[ executive summary: Microsoft are asking you to crack their
  machine running on win2k and iis. ]

I haven't seen anything about this on bugtraq before, and I'm not
entirely sure if it's appropriate, but this is from
http://www.windows2000test.com/ground_rules.htm:


                    Microsoft Internet Explorer
   Microsoft Windows 2000 Server with Internet Information Server.

Ground Rules

   1. Make it Interesting

   Good safe computing practices on the Internet involve placing
   critical systems behind firewall-type devices. For this
   testing, we are intentionally not putting these machines behind
   a firewall. This mean that you could slow these machines down
   by tossing millions of random packets at them if you have
   enough bandwidth on your end. If that happens, we will simply
   start filtering traffic. Instead, find the interesting "magic
   bullet" that will bring the machine down.

   2. Compromise an account

   Windows 2000 computers can have multiple user accounts and
   groups. See if you can find a way to logon with one of these
   accounts.

   3. Change something you shouldn't have access to

   See if you can change any files or content on the server. If
   you manage, no foul or rude statements please.

   4. Get something you shouldn't have

   There are hidden messages sprinkled around the computer. See if
   you can find them.

   5. Our goal is to configure the system to thwart your attempts

   The goal is to see how a properly secured machine will stand up
   to attack. These machines are configured to prevent known
   attacks.

   6. This is a test site

   You are welcome to attempt to compromise this site, and this
   site only. This is your chance to do a practical test of
   Microsoft Windows 2000's security.

   7. Tell us about your exploits

   If you find something, send us some email at
   w2000its at microsoft.com.
   © 1999 Microsoft Corporation. All rights reserved. Terms of
   Use.



--
Peter Lowe -- System Administrator, Telenor Internet
http://www.ti.cz/ -- pgl at ti.cz

Everything I know in life I learnt from .sigs.

More information about the plug mailing list