Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hacking demo - most spectacular techniques

From: "Nexus" <nexus () patrol i-way co uk>
Date: Tue, 2 Oct 2001 19:37:21 +0100
----- Original Message -----
From: "Ilici Ramirez" <ilici_ramirez () yahoo com>
To: <pen-test () securityfocus com>
Sent: Monday, October 01, 2001 8:53 AM
Subject: Hacking demo - most spectacular techniques
[snip]

managers, vice-presindents, and other high-level
morons. The goal is to explain how easy is to hack an


The ones that you hope will pay you for your consultancy ? ;-)


1. Remote VNC install - GUI session on target machine
2. BO2K or Subseven
3. Port redirection with fpipe - a firewall is not
always enough
4. Remote shell with netcat
5. Null session - information gathering with no right


SQL injection - show them a hardened web server (prove it with popular
automated scanners) but one that doesn't do user input validation to the
database, stored procedures running in the SYSTEM context, sa:blank et al.
All you need is a browser....

Cheers.




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: