Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Hacking demo - most spectacular techniques

From: Joshua Wright <Joshua.Wright () jwu edu>
Date: Tue, 2 Oct 2001 14:38:44 -0400 
An eye-opener for many is webspy from the dsniff package.  Point your web
browser to your favorite bank for emphasis.

-Joshua Wright
Team Leader, Networks and Systems
Johnson & Wales University
Joshua.Wright () jwu edu 

pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73



-----Original Message-----
From: Martin Jr., Wally G. [mailto:WALLY.G.MARTIN.JR () saic com]
Sent: Tuesday, October 02, 2001 9:06 AM
To: pen-test () securityfocus com
Cc: 'Ilici Ramirez'
Subject: RE: Hacking demo - most spectacular techniques


You may wish to include SNIFFing (e.g., dsniff or sniffit) as an area of
interest. This may help highlight the types of sensitive information that is
floating around the clients network, unencrypted, and that this information
can be obtained unknowingly (i.e., no IDS).

-Wally

-----Original Message-----
From: Ilici Ramirez [mailto:ilici_ramirez () YAHOO COM]
Sent: Monday, October 01, 2001 3:53 AM
To: pen-test () securityfocus com
Subject: Hacking demo - most spectacular techniques


Hi all,

We intend to make a short demonstration of hacking as
part of a longer seminar with more than 100 IT
managers, vice-presindents, and other high-level
morons. The goal is to explain how easy is to hack an
unsecured system or network.

For them to understand and to realize how just only an
unsecured computer could lead to compromise of an
entire business we need to show some hacking examples
real spectacular.

So I need your help to make a top short list. I will
insert here my humble opinion, but I expect more from
all of you experienced pen-testers.

1. Remote VNC install - GUI session on target machine
2. BO2K or Subseven 
3. Port redirection with fpipe - a firewall is not
always enough
4. Remote shell with netcat
5. Null session - information gathering with no right

Ilici R

__________________________________________________
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: