Penetration Testing mailing list archives
Re: Hacking demo - most spectacular techniques
From: Kingbiscuit <kingbiscuit () videotron ca>
Date: Tue, 2 Oct 2001 15:40:04 -0400
Establishing a null session and pulling info from there is one of win2k notorious flaw.Cracking $hare password using automated tool such as NAT and others should be impressive enough as they see all the attemps going on the screen...any IIS exploit (unicode,cgi,isapi and others) in order to upload some basic tool.i would also read some of their personal mail and grab grab a copy of Outlook .WAB file and prove how you could mail any of their buisness relation with the comtent and file of your choice... ,you might want to consider throwing in the demonstration a few DOS attack just to prove how vulnerable they are...maybe kill their FTPD or install any denial of services program in order to show how easy it would be to attack their partners/customers... I would set up a server and a few workstation for the demo.Compromising the workstation first and going for the server from there should give them a good understanding of the interdependance of their network,once again proving that your security is as good as the weakest link.... On Tuesday 02 October 2001 12:24 pm, Aleksander Czarnowski wrote:
5. Null session - information gathering with no rightIf you want to show some Win32 examples than use IIS. Just read MS00-078 and find corresponding securityfocus advisory. By sending URL to web server you can easily gain administrator privileges. But this has nothing to do with hacking or pen-testing - it's just a script kiddie attempt. Anyway it should work. Cheers, Aleksander Czarnowski --------------------------------------------------------------------------- - This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Hacking demo - most spectacular techniques, (continued)
- Re: Hacking demo - most spectacular techniques H Carvey (Oct 02)
- RE: Hacking demo - most spectacular techniques George Milliken (Oct 02)
- Re: Hacking demo - most spectacular techniques quentyn (Oct 02)
- Re: Hacking demo - most spectacular techniques Bill Pennington (Oct 02)
- Re: Hacking demo - most spectacular techniques Nexus (Oct 04)
- Re: Hacking demo - most spectacular techniques talisker (Oct 04)
- RE: Hacking demo - most spectacular techniques Martin Jr., Wally G. (Oct 02)
- RE: Hacking demo - most spectacular techniques Steve Maks (Oct 02)
- Re:Hacking demo - most spectacular techniques bluefur0r bluefur0r (Oct 02)
- RE: Hacking demo - most spectacular techniques Aleksander Czarnowski (Oct 02)
- Re: Hacking demo - most spectacular techniques Kingbiscuit (Oct 04)
- RE: Hacking demo - most spectacular techniques Joshua Wright (Oct 04)
- RE: Hacking demo - most spectacular techniques Jose Nazario (Oct 04)
- RE: Hacking demo - most spectacular techniques Joerg Over (Oct 04)
- Re: Hacking demo - most spectacular techniques Gary Flynn (Oct 04)
- RE: Hacking demo - most spectacular techniques Frank Knobbe (Oct 04)
- Hacking demo - most spectacular techniques Mike Ahern (Oct 04)