RE: XP backdoors

jamesworld_at_intelligencia.com
Date: 01/06/04

  • Next message: Adams, Tom: "RE: XP backdoors" 
    Date: Tue, 06 Jan 2004 14:39:45 -0600
To: "J. Yoon" <supercool9000@hotmail.com>

    Sure!

    Have an improperly configure firewall
    Have someone send an email or put a link on a web page that has you machine
    try to connect to a netbios connection on the Internet
    You machine by default will send a LM hash of you password - this get's
    stored/captured by Joe's server
    Joe takes up to a few days to crack the hash
    \
    and he's got it

    There are other vectors. I might not even need your password if I can
    buffer overflow your box and create my own admin acct :-)

    At 13:11 01/06/2004, J. Yoon wrote:
    >Lets say I now have an extremely good password that would take NSA 200
    >years to crack.
    >
    >Assuming that my XP box is physically safe from others accessing it,
    >is there a way for Joe-cr/hacker to quickly obtain my password without
    >having to run a crackware?
    >
    >Backdoors that exploit software bugs need only install the proper patches
    >but are there any exploits that take advantage of the nature of
    >hardware/protocol/architecture
    >itself?
    >
    >_________________________________________________________________

    ---------------------------------------------------------------------------
    Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
    course! All of our class sizes are guaranteed to be 10 students or less.
    We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
    and many other technical hands on courses.
    Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
    any course!
    ----------------------------------------------------------------------------

  • Next message: Adams, Tom: "RE: XP backdoors"

    Relevant Pages

    • RE: Outpost firewall Pro 2.0.238.3121(290) has Back Orifice troja n program
      ... and identify it as Back Orifice. ... Try a UDP NMAP scan of the ... firewall and see if it returns the same result. ... We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, ...
      (Security-Basics)
    • Re: Legal? Road Runner proactive scanning.
      ... relay checking. ... I think it's time to block 'em at the firewall, ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • Re: Novice asks "OpenBSD best firewall?"
      ... Is there any purchaseable firewall software that I can buy that works ... > OpenBSD. ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ...
      (Security-Basics)
    • Re: [fw-wiz] Off-Topic: Memo of Understanding for Using an Ethical Hacker
      ... I've had experience in both sides of Ethical Hacking (I prefer the term ... mode - isolating the firewall, tracing packets, notifying upstream ISPs, ... Information Systems Security Consultant ...
      (Firewall-Wizards)
    • Re: firewall setup
      ... If you're using a Linux firewall I suggest leaving the ... > Ethical Hacking at the InfoSec Institute. ... > pen testing experience in our state of the art hacking lab. ... to facilitate one-on-one interaction with one of our expert instructors. ...
      (Security-Basics)