Penetration Testing mailing list archives

RE: Hacking Demo and Test Lab

From: "Ben Nagy" <ben () iagu net>
Date: Mon, 14 Jun 2004 17:35:34 +0200

Although I would consider this to be a 'management' hacking demo rather than
'advanced' hacking, I have done pretty much exactly the same demo. :)

Couple of other ideas - I have used TightVNC, which you can configure not to
display a toolbar icon.

To demo stepping-stone attacks you can compromise a webserver or whatever
behind a firewall, then compromise a second machine from the webserver,
install VNC on #2 and bounce there using fport or something on #1 - even if
outside communication to the second machine is denied by the firewall.

Another nice one is to install a keylogger and collect a CC number from
inside HTTPS sessions or maybe a PGP passphrase - seems to be the FBI
favourite ;)

This is all very lame, obviously, but it's just for demos, right?

ben

-----Original Message-----
From: Cure, Samuel J [mailto:scure () kpmg com] 
Sent: Friday, June 11, 2004 10:21 PM
To: 'Victor Chapela'; 'raza sharif'; pen-test () securityfocus com
Subject: RE: Hacking Demo and Test Lab

Or have the remote system running VNC anyway. Then connect to 
the remote registry with credentials and decrypt the VNC 
password using Cain, then connect.

[...]

-----Original Message-----
From: Victor Chapela [mailto:victor () sm4rt com]

[...]

I am not sure about VMWare, I also had some problems running 
demos consistently and decided to use a separate machine.

I usually do my demos with a similar configuration XP -> 2000. 

A good 5 min sketch is:
- get a remote shell using Jill, iis5hack or dcomexploit
- You end up as NT Authority/SYSTEM in all cases, therefore 
you can add yourself as an administrator
- connect to the admin$ share using your new credentials
- dump the SAM file with pwdump3
- crack some hashes using john
- copy winvnc to system32
- add your vnc password to the remote registry
- install and start winvnc remotely
- start a VNC session

[...]

-----Original Message-----
From: raza sharif [mailto:raza () raza demon co uk]
Sent: Friday, June 11, 2004 6:42 AM
To: pen-test () securityfocus com
Subject: Hacking Demo and Test Lab



Hi Folks , 



Im doing some advanced Hacking Demos for management and also 
Corporates etc.

Current thread:

Re: Nmap results in spreadsheet format, (continued)
- - - Re: Nmap results in spreadsheet format Eric Paynter (Jun 17)
    - Re: Nmap results in spreadsheet format Bill Z. (Jun 19)
- Re: Hacking Demo and Test Lab Pablo Sisca (Jun 14)
  - Re: Hacking Demo and Test Lab s b (Jun 15)
- Re: Hacking Demo and Test Lab Alberto Gonzalez (Jun 28)
- RE: Hacking Demo and Test Lab Grissett, Chris CONT Ciber (Jun 11)
- RE: Hacking Demo and Test Lab Grissett, Chris CONT Ciber (Jun 11)
- Re: Hacking Demo and Test Lab Martin Wasson (Jun 11)
  - Re: Hacking Demo and Test Lab Mr Harry! (Jun 14)
- RE: Hacking Demo and Test Lab Cure, Samuel J (Jun 14)
  - RE: Hacking Demo and Test Lab Ben Nagy (Jun 14)
- RE: Hacking Demo and Test Lab Meidinger Chris (Jun 14)
- Re: Hacking Demo and Test Lab Martin Wasson (Jun 16)