Re:Hacking demo - most spectacular techniques

From: bluefur0r bluefur0r (bluefur0rat_private)
Date: Tue Oct 02 2001 - 08:53:50 PDT

Next message: Junginger, Jeremy: "Shell Shoveling?!?"

Previous message: Trey Mujakporue: "Blind penetration testing"
Maybe in reply to: Ilici Ramirez: "Hacking demo - most spectacular techniques"
Next in thread: Aleksander Czarnowski: "RE: Hacking demo - most spectacular techniques"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I was actually asked to do one of these before... Although you really do want to keep it simple (nothing worse than screwing up an exploit infront of so many people), but if you're feeling ballsy you could try to do a session hijack using ettercap (off a switched environment). But I wouldnt suggest that as much because who knows if it will work or not. Since you seem to be talking about mostly NT type attacks.... I won't bother with the Unix ones. Might want to show some local exploits (Any of the people in the room running a Virtual Web hosting service?). PipeUpAdmin.exe and the likes. Oh and don't forget mail relaying, that always scares the crap outta them when you mail from them to someone else in the corporation, just give an example of course. I'll keep thinking about it and respond to you as they come ;).
blue

>1. Remote VNC install - GUI session on target machine
>2. BO2K or Subseven 
>3. Port redirection with fpipe - a firewall is not
>always enough
>4. Remote shell with netcat
>5. Null session - information gathering with no right
>
>Ilici R
>
>__________________________________________________
>Do You Yahoo!?
>Listen to your Yahoo! Mail messages from any phone.
>http://phone.yahoo.com
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
>Service. For more information on SecurityFocus' SIA service which
>automatically alerts you to the latest security vulnerabilities please see:
>https://alerts.securityfocus.com/
>
>

=================================================================
Kies een origineel e-mailadres op www.emails.nl

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Junginger, Jeremy: "Shell Shoveling?!?"
Previous message: Trey Mujakporue: "Blind penetration testing"
Maybe in reply to: Ilici Ramirez: "Hacking demo - most spectacular techniques"
Next in thread: Aleksander Czarnowski: "RE: Hacking demo - most spectacular techniques"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 02 2001 - 11:56:06 PDT