Need Help with upcoming class assignment
Okay, before I go and inivertly raise red flags, allow me to explain that this is a legit request for help. Also, I apologize for this long entry, but I need to be very detailed with this request.
Currently I am learning RH8 in my operating System class, here at New Hampshire Technical Inst. As we are starting to learn using Linux as a server. To make a point about security, Our instructor, who is also a white hat hacker, as decided that our weekly test will be to take down other peoples Apache servers. To me a few other people I talk to in class it's obvious that he wants to see if we've been paying attention. During the last class we did fresh reinstalls of RH8. From the beginging of this course we have all used the same p/w for root, however, he also had us setup accounts with unique user anmes, but the same p/w. Also, during the reinstall, he had us select "no firewall" during setup.
His plan is to disconnect us fromt he rest of the schools network, write everyone IP on the board and see if we've takent he proper security measures, and can keep our servers going.
Now I myself do have a plan in place which looks like this (coming into the next class we'll have 30 mins to get our servers ready):
During the prep time I'm going to:
-turn on the firewall to highest settings, leaving only port 80 open for Apache which must remain active for this exercise.
-change all passwords (Like I said the two account that are ont here now, all have the same p/w as everyone else)
-Not vist other students websites *
-As I believe about 1/2 to 2/3 of the class will forgot to activate the firewall, and change their p/ws, I'm planning on using SSH to login to there systems, change their p/w's then execute 'init 0'. As we have not talked about SSH in class yet (or telnet) most students don't know about it).
*The problem come from the instroctor himself. During lab time last week, we used to time to prepare for this upcoming class. (only a few of us stayed). To give an idea of what we can do, he wrote samll web page, whose code (I forgot to save to disk and bring back with me) called on VIM editor and nothing else. Although he didn't do it to me (so I didn't get to see what happens), but after ot students went to this page (which had no viewable content) the instructor went back to his comp and did something that definatly got a reaction out of the students who had gone to his page.
Obviously, I want to know what it was he did, and how he did it.
Also, can I put command scripts in a webpage? I'm hoping I can so I can write a script that executes inti 0 when persons go to my server (This will be very effective on those who did remember to activate fireall and change p/w.
And if yourwondering, what we get for doing this? That last student standing with his server still running will get 20 bonus points on the final (If that isn't motivation I don't know what is). ALSO, the instructor WILL be joing us in this exercise, so we have to go against HIM TOO (remember he's a white hat hacker!). Any and all help with this will be very appreciative.