Penetration Testing mailing list archives

Re:Hacking demo - most spectacular techniques

From: "bluefur0r bluefur0r" <bluefur0r () drea ms>
Date: 2 Oct 2001 15:53:50 -0000

I was actually asked to do one of these before... Although you really do want to keep it simple (nothing worse than 
screwing up an exploit infront of so many people), but if you're feeling ballsy you could try to do a session hijack 
using ettercap (off a switched environment). But I wouldnt suggest that as much because who knows if it will work or 
not. Since you seem to be talking about mostly NT type attacks.... I won't bother with the Unix ones. Might want to 
show some local exploits (Any of the people in the room running a Virtual Web hosting service?). PipeUpAdmin.exe and 
the likes. Oh and don't forget mail relaying, that always scares the crap outta them when you mail from them to someone 
else in the corporation, just give an example of course. I'll keep thinking about it and respond to you as they come ;).
blue

1. Remote VNC install - GUI session on target machine
2. BO2K or Subseven 
3. Port redirection with fpipe - a firewall is not
always enough
4. Remote shell with netcat
5. Null session - information gathering with no right

Ilici R

__________________________________________________
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


=================================================================
Kies een origineel e-mailadres op www.emails.nl

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Hacking demo - most spectacular techniques Ilici Ramirez (Oct 01)
- RE: Hacking demo - most spectacular techniques Greg (Oct 02)
- Re: Hacking demo - most spectacular techniques H Carvey (Oct 02)
- RE: Hacking demo - most spectacular techniques George Milliken (Oct 02)
- Re: Hacking demo - most spectacular techniques quentyn (Oct 02)
- Re: Hacking demo - most spectacular techniques Bill Pennington (Oct 02)
- Re: Hacking demo - most spectacular techniques Nexus (Oct 04)
- Re: Hacking demo - most spectacular techniques talisker (Oct 04)
- <Possible follow-ups>
- RE: Hacking demo - most spectacular techniques Martin Jr., Wally G. (Oct 02)
- RE: Hacking demo - most spectacular techniques Steve Maks (Oct 02)
- Re:Hacking demo - most spectacular techniques bluefur0r bluefur0r (Oct 02)
- RE: Hacking demo - most spectacular techniques Aleksander Czarnowski (Oct 02)
  - Re: Hacking demo - most spectacular techniques Kingbiscuit (Oct 04)
- RE: Hacking demo - most spectacular techniques Joshua Wright (Oct 04)
  - RE: Hacking demo - most spectacular techniques Jose Nazario (Oct 04)
- RE: Hacking demo - most spectacular techniques Joerg Over (Oct 04)
  - Re: Hacking demo - most spectacular techniques Gary Flynn (Oct 04)
- RE: Hacking demo - most spectacular techniques Frank Knobbe (Oct 04)
- Hacking demo - most spectacular techniques Mike Ahern (Oct 04)