RE: Hacking demo - most spectacular techniques

From: Steve Maks (smaksat_private)
Date: Tue Oct 02 2001 - 08:45:52 PDT

Next message: Bill Pennington: "Re: Hacking demo - most spectacular techniques"

Previous message: quentynat_private: "Re: Hacking demo - most spectacular techniques"
Maybe in reply to: Ilici Ramirez: "Hacking demo - most spectacular techniques"
Next in thread: Bill Pennington: "Re: Hacking demo - most spectacular techniques"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ilici,

One other item you might want to stress is the importance of securing an OS
install, such as shutting off unnecessary services and applying the latest
patches/SPs.  Setup a default Windows NT 4.0 install with IIS running and
another default RedHat 6.x install and you have a good demonstration of that
concept right there.  That would segway nicely into some of the items you
had bulleted below.

Steve

-----Original Message-----
From: Ilici Ramirez [mailto:ilici_ramirezat_private]
Sent: Monday, October 01, 2001 2:53 AM
To: pen-testat_private
Subject: Hacking demo - most spectacular techniques


Hi all,

We intend to make a short demonstration of hacking as
part of a longer seminar with more than 100 IT
managers, vice-presindents, and other high-level
morons. The goal is to explain how easy is to hack an
unsecured system or network.

For them to understand and to realize how just only an
unsecured computer could lead to compromise of an
entire business we need to show some hacking examples
real spectacular.

So I need your help to make a top short list. I will
insert here my humble opinion, but I expect more from
all of you experienced pen-testers.

1. Remote VNC install - GUI session on target machine
2. BO2K or Subseven 
3. Port redirection with fpipe - a firewall is not
always enough
4. Remote shell with netcat
5. Null session - information gathering with no right

Ilici R

__________________________________________________
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Bill Pennington: "Re: Hacking demo - most spectacular techniques"
Previous message: quentynat_private: "Re: Hacking demo - most spectacular techniques"
Maybe in reply to: Ilici Ramirez: "Hacking demo - most spectacular techniques"
Next in thread: Bill Pennington: "Re: Hacking demo - most spectacular techniques"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 02 2001 - 11:42:29 PDT