Full Disclosure mailing list archives
Re: Unusual request
From: Henrik Lund Kramshøj <hlk () kramse dk>
Date: Sun, 16 Feb 2003 01:11:26 +0100
On torsdag, feb 13, 2003, at 00:26 Europe/Copenhagen, Paul Schmehl wrote:
even though unicode is old I think it is still very nice, as the discussionI need this for a "security roadshow" that we're putting together, so I can demonstrate how easy it is to break in to an unpatched box. Can anybody point me in the right direction? I don't want exploit code. This is just a simple string that you enter into the URL box in a browser. It's at least two or three years old, I know.
about "hackertools" and making these illegal are very stupid and this is the example that takes this to the limit - since other people consider Internet Exploder a browser - wonder why? :) that said I have had much benefit of using the latest SQL worm as a demonstration for people, thanks to digitaloffense for providing the worm.pl program and descriptions Using two laptops with a cross-over cable you can simulate the Internet, and using an ordinary laptop I can start the worm using a single UDP 376 bytes and then receives a flood of 25000 packets a second (10.0.0.1 is sending using worm.pl, 10.0.0.2 is setup to use 10.0.0.1 as default gw - even though it doesnt try to forward the packets) some words of advise/ideas: make sure you use two machines go through the setup of those - important to spend enough time on that make an example website on the IIS, enough to let the audience understand that this could be their own website then use a few 'dir c:' and other "read information" from the IIS and THEN baaam smack them with a defacement or similar I have done that several times and it works great - feel free to contact me if you want more info Best regards -- Henrik Lund Kramshøj, hlk () kramse dk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Unusual request Paul Schmehl (Feb 12)
- Re: Unusual request Ivan Susanin (Feb 13)
- Re: Unusual request Laurent LEVIER (Feb 13)
- Re: Unusual request Berend-Jan Wever (Feb 13)
- Re: Unusual request Day Jay (Feb 13)
- Re: Unusual request Henrik Lund Kramshøj (Feb 15)
- <Possible follow-ups>
- RE: Unusual request Sung J. Choe (Feb 12)
- Re: Unusual request yossarian (Feb 12)
- Re: Unusual request Nexus (Feb 12)
- Re: Unusual request yossarian (Feb 12)
- Re: Unusual request aeonflux (Feb 12)
- Re: Unusual request yossarian (Feb 12)
- RE: Unusual request Steve Wray (Feb 12)