Establishing a null session and pulling info from there is one of win2k notorious flaw.Cracking $hare password using automated tool such as NAT and others should be impressive enough as they see all the attemps going on the screen...any IIS exploit (unicode,cgi,isapi and others) in order to upload some basic tool.i would also read some of their personal mail and grab grab a copy of Outlook .WAB file and prove how you could mail any of their buisness relation with the comtent and file of your choice... ,you might want to consider throwing in the demonstration a few DOS attack just to prove how vulnerable they are...maybe kill their FTPD or install any denial of services program in order to show how easy it would be to attack their partners/customers... I would set up a server and a few workstation for the demo.Compromising the workstation first and going for the server from there should give them a good understanding of the interdependance of their network,once again proving that your security is as good as the weakest link.... On Tuesday 02 October 2001 12:24 pm, Aleksander Czarnowski wrote: > > 5. Null session - information gathering with no right > > If you want to show some Win32 examples than use IIS. Just read MS00-078 > and find corresponding securityfocus advisory. By sending URL to web server > you can easily gain administrator privileges. But this has nothing to do > with hacking or pen-testing - it's just a script kiddie attempt. Anyway it > should work. > Cheers, > Aleksander Czarnowski > > --------------------------------------------------------------------------- >- This list is provided by the SecurityFocus Security Intelligence Alert > (SIA) Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 10:48:52 PDT