Re: PLEASE HELP - USENET/Proxy Security Question
From: Leythos (void_at_nowhere.com)
Date: 05/19/03
- Next message: Neil Hindry: "Norton Vs AVG ?"
- Previous message: phn_at_icke-reklam.ipsec.nu: "Re: password issues"
- In reply to: Thunder$truck: "Re: PLEASE HELP - USENET/Proxy Security Question"
- Next in thread: nemo outis: "Re: PLEASE HELP - USENET/Proxy Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 19 May 2003 12:08:59 GMT
In article <3ec8be20$0$60674$45beb828@newscene.com>,
nealbailey@hotmail.com says...
> All,
>
> I am starting to regret ever bringing this discussion to this group. Since
> when did seeking legitimate info for technical assistance make me a "troll"?
You should regret asking about breaking into a network system (your
local computer) and abusing the network privileges you were provided TO
DO YOUR JOB ON COMPANY TIME. If you don't like being criticized for
performing actions against your company policy, then don't post here.
> For all
> you self-righteous administrators out there you can promptly exit this
> discussion for it was not intended for you. And those others whom feel
> compelled to inject your moral commentaries into this dialog, you can also
> exit promptly.
> This group is called alt.privacy and this is why I solicited it's members
> for this question.
Ah, but you posted to alt.computer.security also :)
You also posted to alt.privacy,alt.computer.security,alt.privacy.anon-
server,alt.privacy.anon.server,alt.privacy.spyware
> For those interested in providing assistance or interested in how this
> story plays out I will continue with the most recent events.
>
> On friday, I spent my lunch hour learning SMS and ether-peek with one of
> our system admins. I've discovered when it is used and how/why.
> And it appears, for the most part, that the MS Proxy is really the only
> barrier between me and the outside world. SMS is being utilized
> primarily to push packages the SMS server realizes a clients box does not
> have. The idea of connecting to a remote host via an encrypted SSH
> tunnel won't work for me because the proxy blocks VPN connections. The
> boundaries/sensors are no longer being monitored by the the
> network security folks anymore since they've all been transistioned to the
> new network.
>
> I needed to gain access to the administrator account on my box so I set the
> BIOS to boot from floppy and used LINUX boot disk to crack the SAM
> and "null" the admin passwd. Then I used the admin account to build a bogus
> local account (free from the domain). This local acount is the same account
> name as someone who works on the other side of the building. Logged onto
> this local account, I pointed everything to the proxy and it worked.
What you are doing it ILLEGAL and has nothing to do with Privacy. If you
don't like respectable people preaching to you then don't ask for help
in a public group - seek hackers through other means. If you get caught,
of if someone tells your company what you are doing you may very well
get fired.
> What is different (regarding proxy log reports) when reporting connections
> from a domain account and a local account? The other weak point I see
> is the switch, I'm sure the machine can be located based on the location on
> the switch facilitating the connection
>
> T/S
-- -- spamfree999@rrohio.com (Remove 999 to reply to me)
- Next message: Neil Hindry: "Norton Vs AVG ?"
- Previous message: phn_at_icke-reklam.ipsec.nu: "Re: password issues"
- In reply to: Thunder$truck: "Re: PLEASE HELP - USENET/Proxy Security Question"
- Next in thread: nemo outis: "Re: PLEASE HELP - USENET/Proxy Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
