Re: Hacking demo - most spectacular techniques

From: quentynat_private
Date: Tue Oct 02 2001 - 07:51:56 PDT

Next message: Steve Maks: "RE: Hacking demo - most spectacular techniques"

Previous message: Jeremiah Jacks: "RE: Clearing IIS logs"
In reply to: Ilici Ramirez: "Hacking demo - most spectacular techniques"
Next in thread: Steve Maks: "RE: Hacking demo - most spectacular techniques"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ilici Ramirez wrote:
> 
> Hi all,
> 
> We intend to make a short demonstration of hacking as
> part of a longer seminar with more than 100 IT
> managers, vice-presindents, and other high-level
> morons. The goal is to explain how easy is to hack an
> unsecured system or network.
> 
> For them to understand and to realize how just only an
> unsecured computer could lead to compromise of an
> entire business we need to show some hacking examples
> real spectacular.
> 
> So I need your help to make a top short list. I will
> insert here my humble opinion, but I expect more from
> all of you experienced pen-testers.
> 
> 1. Remote VNC install - GUI session on target machine
> 2. BO2K or Subseven
> 3. Port redirection with fpipe - a firewall is not
> always enough
> 4. Remote shell with netcat
> 5. Null session - information gathering with no right
> 
> Ilici R
/

what is the target OS? or OSes?

from point 2 it looks like you want to hit M$ boxes but you could do a
linux box 

ie do a bind or lpd for example exploit then insert a module like

http://packetstormsecurity.org/linux/modules/krnhide.c  (not tried but
there are a few that are similar)

I seem to remember a module done by some one called optyx (I think.... I
can't find a reference for that name on packetstorm) from wired news
that emulated (I think) subseven or similar.

you could so a compare and contrast for the ease of hacking default
install win 2k and a default install linux box.

or do a default install OpenBSD box and a default install Win2k box ;o)

BTW I hope that none of the "other high-level morons" read or monitor
this list, remember it is archived in loads of places





-- 
#####################
Quentyn Taylor
Sysadmin - Fotango
#####################

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Steve Maks: "RE: Hacking demo - most spectacular techniques"
Previous message: Jeremiah Jacks: "RE: Clearing IIS logs"
In reply to: Ilici Ramirez: "Hacking demo - most spectacular techniques"
Next in thread: Steve Maks: "RE: Hacking demo - most spectacular techniques"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 02 2001 - 11:40:49 PDT