----- Original Message ----- From: "Ilici Ramirez" <ilici_ramirezat_private> To: <pen-testat_private> Sent: Monday, October 01, 2001 8:53 AM Subject: Hacking demo - most spectacular techniques [snip] > managers, vice-presindents, and other high-level > morons. The goal is to explain how easy is to hack an The ones that you hope will pay you for your consultancy ? ;-) > 1. Remote VNC install - GUI session on target machine > 2. BO2K or Subseven > 3. Port redirection with fpipe - a firewall is not > always enough > 4. Remote shell with netcat > 5. Null session - information gathering with no right SQL injection - show them a hardened web server (prove it with popular automated scanners) but one that doesn't do user input validation to the database, stored procedures running in the SYSTEM context, sa:blank et al. All you need is a browser.... Cheers. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 10:45:42 PDT