Re: PLEASE HELP - USENET/Proxy Security Question

From: nemo outis (outis_at_erewhon.com)
Date: 05/21/03


Date: Tue, 20 May 2003 22:20:59 GMT

In article <3eca4963$0$5737$45beb828@newscene.com>, "Thunder$truck" <nealbailey@hotmail.com> wrote:
>> You have much of the underlying mechanics right for bypassing
>> corporate security, but you've given yourself very little
>> "cover."
>>
>> For instance, you gave yourself local admin rights by cracking
>> the SAM (I use Winternals for the same purpose, but the
>> princilple is the same). However, did you remember to first take
>> a copy of the unaltered SAM before cracking it? That way, you
>> can restore the original password when you need to. And did you
>> do whatever other "housekeeping" is necessary on the cracked
>> machine such as messing with the event log? The devil is in the
>> details. If you must use a cracked machine I recommend you take a
>> ghost of it immediately, perhaps using an external USB hard drive
>> - that way you have much less to do when later restoring the
>> machine to the untampered state.)
>
>-------------
> I hadn't considered that (keeping an unaltered SAM). I was keeping a clean
>imaged copy of the drive, and swapping
>them out when I leave my office (doesn't help me much if someone comes
>storming in).
>-------------
>>
>> My preference is not to mess with the original machine at all
>> (although I have done so) - I prefer to use a laptop and connect
>> to the network with it instead of the company machine by using
>> MAC spoofing. The laptop then masquerades as the legit
>> corporate desktop on the network. The laptop, of course, is
>> firewalled, etc. and is probe-proof. (In fancier cases you can
>> put VMWARE on the laptop and create a dummy desktop environment
>> which will stand up to all but the most serious probing.)
>
>-----------------
>That's certainly the objective. How do I go about MAC spoofing the original
>NIC MAC Address? If the decoy laptop masquarades as a legit
>machine, it's still connected to the same CAT5 and switch, revealing my
>location...this must be where encryption comes in..
>-----------------

The easiest way of MAC spoofing is with a router since these can
be set to "echo" the MAC of the machine behind them (e.g., for
connection to a cable ISP). However, you can change the MAC on
most NICs - see the following site and get the SMAC tool while
you're there:

http://www.klcconsulting.net/Change_MAC_w2k.htm

Regards,