Penetration Testing mailing list archives
RE: Hacking demo - most spectacular techniques
From: Frank Knobbe <FKnobbe () KnobbeITS com>
Date: Wed, 3 Oct 2001 01:26:45 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-----Original Message----- From: Bill Pennington [mailto:billp () boarder org] Sent: Tuesday, October 02, 2001 9:55 AM I try to keep it simple. I setup an IIS 5 box and a firewall. configure the firewall to allow only port 80 in but everything out. Then just use the null.printer overflow. Simple effective and short. No need to drive the GUI or anything most people just get it. [...]
And also very effective is this: Once in, upload shutdown.exe from the RK, and shut the web server off remotely. Once people see that an attacker on the web can actually 'turn your lights off', a light bulb above their head goes on. (This is for those who are not impressed when you demonstrate how you can plunder the corporate database server remotely.) Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME (X.509) encrypted email preferred. iQA/AwUBO7qvpZytSsEygtEFEQI5JwCfc6xV5SA7ls2Ae7sVx+7nFfxv5uQAoIPF fXrJZB9l9vIqSlEh6+Wjre5O =hd2s -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Hacking demo - most spectacular techniques, (continued)
- Re: Hacking demo - most spectacular techniques talisker (Oct 04)
- RE: Hacking demo - most spectacular techniques Martin Jr., Wally G. (Oct 02)
- RE: Hacking demo - most spectacular techniques Steve Maks (Oct 02)
- Re:Hacking demo - most spectacular techniques bluefur0r bluefur0r (Oct 02)
- RE: Hacking demo - most spectacular techniques Aleksander Czarnowski (Oct 02)
- Re: Hacking demo - most spectacular techniques Kingbiscuit (Oct 04)
- RE: Hacking demo - most spectacular techniques Joshua Wright (Oct 04)
- RE: Hacking demo - most spectacular techniques Jose Nazario (Oct 04)
- RE: Hacking demo - most spectacular techniques Joerg Over (Oct 04)
- Re: Hacking demo - most spectacular techniques Gary Flynn (Oct 04)
- RE: Hacking demo - most spectacular techniques Frank Knobbe (Oct 04)
- Hacking demo - most spectacular techniques Mike Ahern (Oct 04)