Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 04-29-2006, 08:02 AM   #1
Daemon Poster
 
uid=[0]'s Avatar
 
Join Date: Apr 2006
Posts: 906
Send a message via Yahoo to uid=[0]
Default Security Demo

The following video, is from me doing a pen-test on my server, and then succesfully getting root access on it. this demo is not for any purpose other than to show those out there who arent very "security minded" just how easy it can be to take controll of a vulnerable computer. this particular exploit used, is an older exploit that has been patched, and with the proper update will not work, but for awareness of how easy it can be i used it. now yes these are under "controlled environments" that i know exactly what the vulnerabilities are, however, a hacker will look for a vulnerability such as the one used in the video, that will be easily exploited. once again this is just to shed some light on the security concerns of today, and show how easy it is to breach a system. no skillsets are shown here such as the exploit itself etc.. nothing that can be used to do future harm, and does not promote hacking of any sort.

in the video, you will see a command prompt on the right with an ip highlighted, that is the "localhost" computer.

Video is HERE

if any of the mods have a problem with this, please just edit out the post. dont ban me, because im just trying to show those who are not aware how quickly their computers could be damaged if not properly maintained.

Also... those who watch this video, do not email/message/pm etc.. me asking how it was done because i will not release any information, other than the vulnerability that was exploited.

localhost computer Windows XP SP2
remote computer Windows Server 2003
vulnerability ms rpc MS-03-026
http://www.microsoft.com/technet/sec.../MS03-026.mspx

* these computers are computers that i OWN and are on MY private network.
__________________

__________________
"Security is nothing more than a thought that makes you sleep well at night." - Me
MCSE/MCSA
Security+/Network+
Wireless Network Security Spec.
uid=[0] is offline   Reply With Quote
Old 04-29-2006, 08:41 AM   #2
BSOD
 
localhost's Avatar
 
Join Date: Apr 2006
Posts: 72
Send a message via MSN to localhost
Default Re: Security Demo

Haha, that didn't take too long. Although all it really does is allow the person to get the IP?
__________________

localhost is offline   Reply With Quote
Old 04-29-2006, 08:55 AM   #3
Daemon Poster
 
uid=[0]'s Avatar
 
Join Date: Apr 2006
Posts: 906
Send a message via Yahoo to uid=[0]
Default Re: Security Demo

No, the one i used there, spawned a reverse shell back to me, basicly put, gave me a command prompt from a remote location... like me pulling up a command prompt here, and running commands on your computer.
__________________
"Security is nothing more than a thought that makes you sleep well at night." - Me
MCSE/MCSA
Security+/Network+
Wireless Network Security Spec.
uid=[0] is offline   Reply With Quote
Old 04-30-2006, 10:51 AM   #4
BSOD
 
Join Date: Feb 2006
Posts: 7,539
Send a message via AIM to Trivium Nate
Default Re: Security Demo

nice
Trivium Nate is offline   Reply With Quote
Old 04-30-2006, 04:41 PM   #5
Daemon Poster
 
uid=[0]'s Avatar
 
Join Date: Apr 2006
Posts: 906
Send a message via Yahoo to uid=[0]
Default Re: Security Demo

LOL thanks
__________________
"Security is nothing more than a thought that makes you sleep well at night." - Me
MCSE/MCSA
Security+/Network+
Wireless Network Security Spec.
uid=[0] is offline   Reply With Quote
Old 04-30-2006, 06:04 PM   #6
Golden Master
 
DJ-CHRIS's Avatar
 
Join Date: Apr 2006
Posts: 5,203
Send a message via AIM to DJ-CHRIS Send a message via MSN to DJ-CHRIS Send a message via Yahoo to DJ-CHRIS
Default Re: Security Demo

Awsome

This wouldnt work on a patched 2000 server would it?
DJ-CHRIS is offline   Reply With Quote
Old 05-01-2006, 01:29 AM   #7
Daemon Poster
 
uid=[0]'s Avatar
 
Join Date: Apr 2006
Posts: 906
Send a message via Yahoo to uid=[0]
Default Re: Security Demo

no, that it wouldnt.
__________________
"Security is nothing more than a thought that makes you sleep well at night." - Me
MCSE/MCSA
Security+/Network+
Wireless Network Security Spec.
uid=[0] is offline   Reply With Quote
Old 05-01-2006, 05:17 PM   #8
Golden Master
 
borat_sagdiyev's Avatar
 
Join Date: Feb 2006
Posts: 8,986
Send a message via AIM to borat_sagdiyev Send a message via MSN to borat_sagdiyev
Default Re: Security Demo

im on a mac right now, do you mind converting it to a mac friendly file format?
__________________
Core 2 Duo e4500 2.2ghz @ 2.8ghz
evga 650i ultra
2gb 400mhz ram OC'ed to 450
evga geforce 7600GT overclocked
borat_sagdiyev is offline   Reply With Quote
Old 05-01-2006, 11:13 PM   #9
Golden Master
 
ArrizX's Avatar
 
Join Date: Apr 2005
Posts: 16,073
Send a message via MSN to ArrizX
Default Re: Security Demo

Quote:
if any of the mods have a problem with this, please just edit out the post. dont ban me, because im just trying to show those who are not aware how quickly their computers could be damaged if not properly maintained.
Banned!

But, actually dude that was interesting.

Although, I gotta ask. And, I wont do it here so look for a PM. And no, im not asking how to do it.
__________________
. ()()()()
./l ,[_\_\ ],
l---L ()lllllll()-
()_) ()_)--o-)_)
ArrizX is offline   Reply With Quote
Old 05-02-2006, 07:47 AM   #10
Daemon Poster
 
uid=[0]'s Avatar
 
Join Date: Apr 2006
Posts: 906
Send a message via Yahoo to uid=[0]
Default Re: Security Demo

LOL ArrizX check your pm's
__________________

__________________
"Security is nothing more than a thought that makes you sleep well at night." - Me
MCSE/MCSA
Security+/Network+
Wireless Network Security Spec.
uid=[0] is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 07:49 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0