Penetration Testing mailing list archives
Re: Hacking demo - most spectacular techniques
From: H Carvey <keydet89 () yahoo com>
Date: 2 Oct 2001 10:10:11 -0000
1. Remote VNC install - GUI session on target machine
This is always good.
2. BO2K or Subseven
Good way to go.
3. Port redirection with fpipe - a firewall is
not always enough May be too technical.
4. Remote shell with netcat
Not a bad way to work, though far too many VPs, and a lot of admins, aren't overly impressed when you go to "the dark place" (ie, the command prompt).
5. Null session - information gathering with no right
This one is my favorite, especially if it can be used to then break into the system. My "null.pl" script pulls enough information from a system to make any admin or technically-savvy VP sit up and take notice. Try this...null session enumeration, then brute force one of the user accounts to gain access. Or, get in at a lower privilege level via some other means...IIS, for example. Once you're in, copy over your kit...be sure to include the appropriate tools for privilege escalation. Rename nc.exe to inetinfo.exe, and bind it to port 80 (if something isn't already bound there). Put your GUI tools in place and go about establishing a variety of footholds and backdoors. If you work it out ahead of time and script it, it'll be even more impressive. Carv ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Hacking demo - most spectacular techniques Ilici Ramirez (Oct 01)
- RE: Hacking demo - most spectacular techniques Greg (Oct 02)
- Re: Hacking demo - most spectacular techniques H Carvey (Oct 02)
- RE: Hacking demo - most spectacular techniques George Milliken (Oct 02)
- Re: Hacking demo - most spectacular techniques quentyn (Oct 02)
- Re: Hacking demo - most spectacular techniques Bill Pennington (Oct 02)
- Re: Hacking demo - most spectacular techniques Nexus (Oct 04)
- Re: Hacking demo - most spectacular techniques talisker (Oct 04)
- <Possible follow-ups>
- RE: Hacking demo - most spectacular techniques Martin Jr., Wally G. (Oct 02)
- RE: Hacking demo - most spectacular techniques Steve Maks (Oct 02)
- Re:Hacking demo - most spectacular techniques bluefur0r bluefur0r (Oct 02)
- RE: Hacking demo - most spectacular techniques Aleksander Czarnowski (Oct 02)
- Re: Hacking demo - most spectacular techniques Kingbiscuit (Oct 04)
(Thread continues...)