Re: Hacking demo - most spectacular techniques

From: H Carvey (
Date: 10/02/01

Date: 2 Oct 2001 10:10:11 -0000
Message-ID: <20011002101011.2288.qmail@www2a>
From: H Carvey <>
Subject: Re: Hacking demo - most spectacular  techniques

>1. Remote VNC install - GUI session on target machine

This is always good.

>2. BO2K or Subseven

Good way to go.
>3. Port redirection with fpipe - a firewall is
not always enough

May be too technical.

>4. Remote shell with netcat

Not a bad way to work, though far too many VPs,
and a lot of admins, aren't overly impressed when
you go to "the dark place" (ie, the command prompt).

>5. Null session - information gathering with no right

This one is my favorite, especially if it can be
used to then break into the system. My ""
script pulls enough information from a system to
make any admin or technically-savvy VP sit up and
take notice.

Try this...null session enumeration, then brute
force one of the user accounts to gain access.
Or, get in at a lower privilege level via some
other means...IIS, for example. Once you're in,
copy over your sure to include the
appropriate tools for privilege escalation.
Rename nc.exe to inetinfo.exe, and bind it to port
80 (if something isn't already bound there). Put
your GUI tools in place and go about establishing
a variety of footholds and backdoors.

If you work it out ahead of time and script it,
it'll be even more impressive.


This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see: