RE: Hacking to Xp box

From: Jayson Anderson (sonick_at_sonick.com)
Date: 09/02/05

  • Next message: Vic N: "RE: Business justification for pentesting"
    To: pen-test@securityfocus.com, phugo@highspeedweb.net
    Date: Thu, 01 Sep 2005 19:37:37 -0700
    
    

    Agreed. If I may amplify on that...

    Juan, in order to make your case, you're going to need to broaden your
    scope in order to even resemble a grasp on security measures worth
    granting even the slightest tacit approval. The CEO may not know that
    now, but he will deduce it somewhere along the path if you move forward
    with a single-host-centric approach to making your root case for change.
    Abandon the lone host approach right now or don't even move forward if
    that's the only metric you're allowed by the CEO. Shift to CYA mode and
    forget about it for awhile....

    OR, if you were able to get approval to enumerate and illustrate a
    broader scope of technologies, would you be focusing more on network
    security, host security or data security heavily or are you referring to
    general lack of / poor policies ? Perhaps you want to focus on the whole
    gamut of sub-categories, but it's not apparent in your first
    communication.

    I would suggest you modify and tailor a pre-existing security engagement
    methodology document so that it mostly matches the big picture of your
    current environment, then present that to your CEO with the intent to
    request broad-based enumeration access to the existing infrastructure
    and follow-up presentation regarding your findings. Of course alluding
    to the following suggested implementations, integration, change
    management and follow-up verification and testing methods would be
    helpful as well.

    Sorry to explode your request into something as broad as it could
    possibly be, but given your approach of discussing directly with the CEO
    suggests you are to be the POC for any changes. You are not going to be
    able to wow him with one host, PERIOD; let alone a mostly-patched XPSP2
    workstation. I'd hope not anyway.

    Sorry to confound your original question but I'm making suggestions I
    feel would be far more helpful both to your enterprise security AND your
    career in both the short and long term. Showing your CEO a cumulative
    report with lots of pies, graphs, metrics, specifics and follow-up
    suggestions to choose from will be far more impressive than you hitting
    carriage return on your laptop and a spooky monotonic midi playing on
    his workstation (sorry, my own visual) during a 5-minute unofficial
    pow-wow prior to lunch break.

    Feel free to contact me offline if you need methodology ideas or rough
    templates....

    Best Regards,
    Jayson

    On Fri, 2005-09-02 at 00:06 +0100, phugo@highspeedweb.net wrote:
    > Hi,
    > Shouldn't you try to penetrate something more important than the CEO box ?
    > Aren't there any more important servers than CEO box ?
    > In what aspect do you need better security ? Having a "good" antivirus
    > protection, all patches, and firewalls enabled at desktops, doesn't look
    > that bad security.
    > Regards,
    > Pedro
    >
    > -----Original Message-----
    > From: Juan B [mailto:juanbabi@yahoo.com]
    > Sent: quinta-feira, 1 de Setembro de 2005 6:46
    > To: pen-test@securityfocus.com
    > Subject: Hacking to Xp box
    >
    > Hi Guys
    >
    > Please give me a hend here.
    >
    > Im trying to penetrate the CEO box to show him why we need better security
    > in our company, he told me to show me how it can be done. he has xp pro sp 2
    > with all the pathches installed and FW enbled but I cant ! I tried to use
    > metasploit with the ms rpc dcom exploit but it didnt worked. nessus found
    > port 135 139 2000 and ntp are opened and also he can read some smb shares
    > and also outputed that this host doesnt disgard SYN packets that have the
    > FIN flag set. and port 2000 (callback is open).
    > what I can try more to break this box? any ideas? I know I allways can try
    > to arp poison his arp table and pass all the machines traffic throw my
    > laptop to capture some passwords but this is enough. or send him a
    > trojan but we have a good anti virus protection .
    >
    >
    > Does some of you have Ideas ?
    >
    > Thanks a lot !
    >
    > Juan
    >
    >
    >
    > __________________________________________________
    > Do You Yahoo!?
    > Tired of spam? Yahoo! Mail has the best spam protection around
    > http://mail.yahoo.com
    >
    > ----------------------------------------------------------------------------
    > --
    > Audit your website security with Acunetix Web Vulnerability Scanner:
    >
    > Hackers are concentrating their efforts on attacking applications on your
    > website. Up to 75% of cyber attacks are launched on shopping carts, forms,
    > login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
    > futile against web application hacking. Check your website for
    > vulnerabilities to SQL injection, Cross site scripting and other web attacks
    > before hackers do!
    > Download Trial at:
    >
    > http://www.securityfocus.com/sponsor/pen-test_050831
    > ----------------------------------------------------------------------------
    > ---
    >
    >
    >
    > ------------------------------------------------------------------------------
    > Audit your website security with Acunetix Web Vulnerability Scanner:
    >
    > Hackers are concentrating their efforts on attacking applications on your
    > website. Up to 75% of cyber attacks are launched on shopping carts, forms,
    > login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
    > futile against web application hacking. Check your website for vulnerabilities
    > to SQL injection, Cross site scripting and other web attacks before hackers do!
    > Download Trial at:
    >
    > http://www.securityfocus.com/sponsor/pen-test_050831
    > -------------------------------------------------------------------------------

    ------------------------------------------------------------------------------
    Audit your website security with Acunetix Web Vulnerability Scanner:

    Hackers are concentrating their efforts on attacking applications on your
    website. Up to 75% of cyber attacks are launched on shopping carts, forms,
    login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
    futile against web application hacking. Check your website for vulnerabilities
    to SQL injection, Cross site scripting and other web attacks before hackers do!
    Download Trial at:

    http://www.securityfocus.com/sponsor/pen-test_050831
    -------------------------------------------------------------------------------


  • Next message: Vic N: "RE: Business justification for pentesting"

    Relevant Pages

    • Re: Hacking to Xp box
      ... > it is because you're the internal security expert AND hacker. ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... > Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping ...
      (Pen-Test)
    • RE: DCOM Security.
      ... Subject: DCOM Security. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
      (Pen-Test)
    • Re: Deep Freeze
      ... I have broken the security of older versions of Deep Freeze. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • RE: 3rd party vuln assesment firms
      ... with large network organizations you may want to check out Olosec Security ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... > Hackers are concentrating their efforts on attacking ... Up to 75% of cyber attacks are ...
      (Pen-Test)
    • RE: 3rd party vuln assesment firms
      ... > "We use the same tools hackers bring to bear against your systems. ... >> I'm looking for a firm to conduct annual 3rd party vulnerability ... Up to 75% of cyber attacks are launched on shopping ... >> your website for vulnerabilities to SQL injection, ...
      (Pen-Test)