At securityproof.net, you can do real hacking. They provide ‘theme hacking’ which provides people chances to exploit the server. For a few past months, windows hacking was going on. The most recent theme was to exploit Win2K+SP4 machine on which all hot fixes are applied except for the last one.
Last exploit includes three critical patches which includes MS05-051, MS05-049, and er- so-and-so. Anyway, one team has really made it. They could modify index.html, even though they didn’t have any local account. It was quite wonderful experience to see real attacks being done that I couldn’t do.
If it had been a remote hacking w/o accounts against linux/solaris, was it possible for me to exploit? It might be, and might not. The most difficult part in win32 hacking is to find return addresses, and to write shell codes. Having that said, well.. everything is difficult in windows. On the contrary to linux, windows provide no direct access points to system calls. Rather than doing so, they provides DLLs through which users can communicate with kernels. So, it is required to learn win32 apis as substrate. Moreover, the shell code must search for DLL entry point which always changes. Randomized stack/library in linux, of course, varies their address also, but they don’t change much. Most of time, you can guess it. But, such guessing is not possible in windows.
To become a more proficient hacker, I need to delve into x86 assemblies and windows internal structures.