Penetration Testing mailing list archives

Re: Hacking demo - most spectacular techniques

From: quentyn () fotango com
Date: Tue, 02 Oct 2001 15:51:56 +0100

Ilici Ramirez wrote:


Hi all,

We intend to make a short demonstration of hacking as
part of a longer seminar with more than 100 IT
managers, vice-presindents, and other high-level
morons. The goal is to explain how easy is to hack an
unsecured system or network.

For them to understand and to realize how just only an
unsecured computer could lead to compromise of an
entire business we need to show some hacking examples
real spectacular.

So I need your help to make a top short list. I will
insert here my humble opinion, but I expect more from
all of you experienced pen-testers.

1. Remote VNC install - GUI session on target machine
2. BO2K or Subseven
3. Port redirection with fpipe - a firewall is not
always enough
4. Remote shell with netcat
5. Null session - information gathering with no right

Ilici R

/

what is the target OS? or OSes?

from point 2 it looks like you want to hit M$ boxes but you could do a
linux box 

ie do a bind or lpd for example exploit then insert a module like

http://packetstormsecurity.org/linux/modules/krnhide.c  (not tried but
there are a few that are similar)

I seem to remember a module done by some one called optyx (I think.... I
can't find a reference for that name on packetstorm) from wired news
that emulated (I think) subseven or similar.

you could so a compare and contrast for the ease of hacking default
install win 2k and a default install linux box.

or do a default install OpenBSD box and a default install Win2k box ;o)

BTW I hope that none of the "other high-level morons" read or monitor
this list, remember it is archived in loads of places





-- 
#####################
Quentyn Taylor
Sysadmin - Fotango
#####################

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Hacking demo - most spectacular techniques Ilici Ramirez (Oct 01)
- RE: Hacking demo - most spectacular techniques Greg (Oct 02)
- Re: Hacking demo - most spectacular techniques H Carvey (Oct 02)
- RE: Hacking demo - most spectacular techniques George Milliken (Oct 02)
- Re: Hacking demo - most spectacular techniques quentyn (Oct 02)
- Re: Hacking demo - most spectacular techniques Bill Pennington (Oct 02)
- Re: Hacking demo - most spectacular techniques Nexus (Oct 04)
- Re: Hacking demo - most spectacular techniques talisker (Oct 04)
- <Possible follow-ups>
- RE: Hacking demo - most spectacular techniques Martin Jr., Wally G. (Oct 02)
- RE: Hacking demo - most spectacular techniques Steve Maks (Oct 02)
- Re:Hacking demo - most spectacular techniques bluefur0r bluefur0r (Oct 02)
- RE: Hacking demo - most spectacular techniques Aleksander Czarnowski (Oct 02)
  - Re: Hacking demo - most spectacular techniques Kingbiscuit (Oct 04)
- RE: Hacking demo - most spectacular techniques Joshua Wright (Oct 04)
  - RE: Hacking demo - most spectacular techniques Jose Nazario (Oct 04)

(Thread continues...)