Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Hacking demo - most spectacular techniques

From: Frank Knobbe <FKnobbe () KnobbeITS com>
Date: Wed, 3 Oct 2001 01:26:45 -0500 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


-----Original Message-----
From: Bill Pennington [mailto:billp () boarder org]
Sent: Tuesday, October 02, 2001 9:55 AM

I try to keep it simple. I setup an IIS 5 box and a firewall. 
configure
the firewall to allow only port 80 in but everything out. 
Then just use
the null.printer overflow. Simple effective and short. No 
need to drive
the GUI or anything most people just get it.  [...]


And also very effective is this: Once in, upload shutdown.exe from
the RK, and shut the web server off remotely. Once people see that an
attacker on the web can actually 'turn your lights off', a light bulb
above their head goes on.

(This is for those who are not impressed when you demonstrate how you
can plunder the corporate database server remotely.)

Regards,
Frank


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.

iQA/AwUBO7qvpZytSsEygtEFEQI5JwCfc6xV5SA7ls2Ae7sVx+7nFfxv5uQAoIPF
fXrJZB9l9vIqSlEh6+Wjre5O
=hd2s
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: