RE: Hacking Demo and Test Lab

From: Ben Nagy (ben@iagu.net)
Date: Mon Jun 14 2004 - 11:35:34 EDT

• Next message: James Davis: "Re: Nmap results in spreadsheet format"
• Previous message: Meidinger Chris: "RE: Hacking Demo and Test Lab"
• In reply to: Cure, Samuel J: "RE: Hacking Demo and Test Lab"
• Next in thread: Meidinger Chris: "RE: Hacking Demo and Test Lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Although I would consider this to be a 'management' hacking demo rather than
'advanced' hacking, I have done pretty much exactly the same demo. :)

Couple of other ideas - I have used TightVNC, which you can configure not to
display a toolbar icon.

To demo stepping-stone attacks you can compromise a webserver or whatever
behind a firewall, then compromise a second machine from the webserver,
install VNC on #2 and bounce there using fport or something on #1 - even if
outside communication to the second machine is denied by the firewall.

Another nice one is to install a keylogger and collect a CC number from
inside HTTPS sessions or maybe a PGP passphrase - seems to be the FBI
favourite ;)

This is all very lame, obviously, but it's just for demos, right?

ben

> -----Original Message-----
> From: Cure, Samuel J [mailto:scure@kpmg.com]
> Sent: Friday, June 11, 2004 10:21 PM
> To: 'Victor Chapela'; 'raza sharif'; pen-test@securityfocus.com
> Subject: RE: Hacking Demo and Test Lab
>
> Or have the remote system running VNC anyway. Then connect to
> the remote registry with credentials and decrypt the VNC
> password using Cain, then connect.
[...]
> -----Original Message-----
> From: Victor Chapela [mailto:victor@sm4rt.com]
[...]
> I am not sure about VMWare, I also had some problems running
> demos consistently and decided to use a separate machine.
>
> I usually do my demos with a similar configuration XP -> 2000.
>
> A good 5 min sketch is:
> - get a remote shell using Jill, iis5hack or dcomexploit
> - You end up as NT Authority/SYSTEM in all cases, therefore
> you can add yourself as an administrator
> - connect to the admin$ share using your new credentials
> - dump the SAM file with pwdump3
> - crack some hashes using john
> - copy winvnc to system32
> - add your vnc password to the remote registry
> - install and start winvnc remotely
> - start a VNC session
[...]
> -----Original Message-----
> From: raza sharif [mailto:raza@raza.demon.co.uk]
> Sent: Friday, June 11, 2004 6:42 AM
> To: pen-test@securityfocus.com
> Subject: Hacking Demo and Test Lab
>
>
>
> Hi Folks ,
>
>
>
> Im doing some advanced Hacking Demos for management and also
> Corporates etc.

• Next message: James Davis: "Re: Nmap results in spreadsheet format"
• Previous message: Meidinger Chris: "RE: Hacking Demo and Test Lab"
• In reply to: Cure, Samuel J: "RE: Hacking Demo and Test Lab"
• Next in thread: Meidinger Chris: "RE: Hacking Demo and Test Lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:56 EDT