Re: Hacking demo - most spectacular techniques

From: H Carvey (keydet89@yahoo.com)
Date: 10/02/01


Date: 2 Oct 2001 10:10:11 -0000
Message-ID: <20011002101011.2288.qmail@www2a>
From: H Carvey <keydet89@yahoo.com>
To: pen-test@securityfocus.com
Subject: Re: Hacking demo - most spectacular  techniques



>1. Remote VNC install - GUI session on target machine

This is always good.

>2. BO2K or Subseven

Good way to go.
 
>3. Port redirection with fpipe - a firewall is
not always enough

May be too technical.

>4. Remote shell with netcat

Not a bad way to work, though far too many VPs,
and a lot of admins, aren't overly impressed when
you go to "the dark place" (ie, the command prompt).

>5. Null session - information gathering with no right

This one is my favorite, especially if it can be
used to then break into the system. My "null.pl"
script pulls enough information from a system to
make any admin or technically-savvy VP sit up and
take notice.

Try this...null session enumeration, then brute
force one of the user accounts to gain access.
Or, get in at a lower privilege level via some
other means...IIS, for example. Once you're in,
copy over your kit...be sure to include the
appropriate tools for privilege escalation.
Rename nc.exe to inetinfo.exe, and bind it to port
80 (if something isn't already bound there). Put
your GUI tools in place and go about establishing
a variety of footholds and backdoors.

If you work it out ahead of time and script it,
it'll be even more impressive.


Carv

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • Hacking demo - most spectacular techniques
    ... I think one of the more fun & spectacular techniques ... is to show them session hijacking of a telnet session ... passwords in a couple days, ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: Firewall-fooling techniques
    ... I've read some posts at SecurityFocus (I've been trying to dig for a ... reference, but I've can't seem to find it again) regarding the different ... techniques stated in the urls and whitepapers that some of you supplied. ... >>Find out quickly and easily by testing it with real-world attacks from ...
    (Focus-IDS)
  • RE: Hacking demo - most spectacular techniques
    ... Hacking demo - most spectacular techniques ... Instead of netcat try the crypto version called 'cryptcat'. ... twofish to make the netcat session unreadable with a sniffer. ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: list of papers on room eq
    ... >This is right where the "how many session under your belt" inquiry ... >becomes pertinent. ... A few hundred sessions under your belt would ... There are so many capture techniques from which to choose, ...
    (rec.audio.pro)
  • Re: ATG Dynamo issues?
    ... Not a mind blowing issue but I have seen simular products that reuse session ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)