3.

Post #43,500 by deSitter 6/26/02 10:47:20 AM Reply	3. I figured out how to bypass the proxy server and get a direct Internet connection. I set up an X server and VNC on my workstation and hacked a system to circumvent the corporate firewall, so I can gain access to critical company data from home just like I was at work. I ran nmap against all our servers and found holes to exploit. I cracked our NT passwords because our admins are idiots and haven't applied the appropriate patches or thought much about NetBIOS security (I don't think they even understand NetBIOS. One of them told me NetBIOS doesn't run on token-ring). In short, my motivation is such that I have totally compromised the security of our company without even being suspected or leaving much of a trace, at least, not one that can be followed by the ninnies we hired. PS - thanks for the free unlimited Internet access I get with my direct RAS connection to my work machine. I love Windows! -desitter
Post #43,518 by imric 6/26/02 2:02:16 PM 6/26/02 2:02:43 PM Reply	Great answer! That answer will get you put in charge of setting up connections (and generally bypassing security measures) for mid-to-upper level COs. You wouldn't be allowed to improve security of the system, mind you... Imric's Tips for Living Paranoia Is a Survival Trait Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised... Even though everyone is out to get you, it doesn't matter unless you let them win. Edited by imric June 26, 2002, 02:02:43 PM EDT Expand All History
Post #43,520 by orion 6/26/02 2:13:47 PM Reply	Welcome back! Good answer! *I am free now, to choose my own destiny.*
Post #43,527 by pwhysall 6/26/02 3:45:24 PM Reply	On passwords Any system can be compromised via passwords if you do not have good passwords. My favoured route is to enforce longer passwords, but reduce the frequency of changing. This way, it's easier to sell the idea that a good password matters to the users. Short or non-complex passwords, frequently changed, are often very weak. How did you go around the firewall? In my company, it's the only way in or out. I imagine that it's like that in lots of other places. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #43,536 by orion 6/26/02 4:44:53 PM Reply	Passwords Make sure that it also remembers the last six passwords or more so they don't just repeat the same passwords over and over again. Most common passwords at the lawfirm I worked at were: password passme passment Those were the passwords they used to reset the passwords for those who forgot their passwords, then they forgot how to change the password. If forced to change their password, they'd forget it and call the help desk anyway the next logon. *I am free now, to choose my own destiny.*
Post #43,571 by broomberg 6/26/02 10:22:09 PM Reply	We have another way of forcing new people to change their passwords, before those loverly tools did it. Just change the password to something like 'barry_is_my_god'. After typing this once or twice, they get pissed of and change it.
Post #43,586 by static 6/27/02 12:35:42 AM Reply	I like! I remember a net admin who once changed a password for an obnoxious user in his own section: he chose 'pteradactyl' :-). Some years later when someone else bought us, I was amused to learn their helpdesk generally set password changes to 'changeme'. Wade. "Ah. One of the difficult questions."
Post #43,588 by orion 6/27/02 12:40:38 AM Reply	Nick Burns your company's computer guy Ultimate revenge and a good way to get fired, one DSL helpdesk person set someone's User ID to "ILIKEMEN@********.NET" when walking the person through the pick your own username and password screen. Needless to say that person was fired soon after. I guess they got tired of doing registrations and installs over the helpdesk? As far as we knew, the customer who got assigned the name was not gay. I'd imagine they weren't too happy with the name they got assigned either? I am free now, to choose my own destiny.**
Post #43,631 by deSitter 6/27/02 11:17:03 AM Reply	Easy From the "Dynamic IP Hacks" howto: It would be nice to be able to get access to my work machine (Sun) from home, and vice versa, yet telnet is firewalled at work. Here's a way around it. For purposes of this explanation I'll give the method for gaining access to my work machine from my home Linux machine, with a dial-up PPP connection to my ISP and dynamic IP assignment. From home, when I want access to my work machine, I dial-in and fire up X, set "xhost +", determine my dynamic IP, and email my dynamic IP to my work machine in a mail message with a particular format. On my work machine I have a procmail recipe/script setup that parses the body of a message whose subject matches a target, say "X-W". If the body of that message meets certain requirements then it extracts the IP from the message and spawns an xterm with the display directed to my home dynamic IP like this: xterm -display my.ip.i.sent:0.0 -e login Voila! In about 30 secs to a minute, an xterm login shell appears on my home machine! I haven't tried going the other direction yet because my home machine isn't on full time, but using the other methods of determining the dynamic IP from a remote machine it should work the same way. Now assuming you can sneak in a few VNC servers (corporate security is so braindead that this should be easy) you are on Windows and the games can begin. You could slip in a UNIX box with a direct crossover connection and the appropriate routing to your Windows work box without anyone suspecting much. Just "accidentally" leave your laptop at work. -desitter
Post #43,650 by pwhysall 6/27/02 1:09:46 PM Reply	Blimey. Your company leaves port 6000 open? Wonders will never cease. Peter [link\|http://www.debian.org\|Shill For Hire] [link\|http://www.kuro5hin.org\|There is no K5 Cabal] [link\|http://guildenstern.dyndns.org\|Blog]
Post #43,673 by deSitter 6/27/02 3:10:24 PM Reply	Not Mine! But you'd be surprised how porous corporate nets are. -desitter
Post #43,708 by orion 6/27/02 9:24:14 PM Reply	Depends on the people running them if they are just learning how to run a network or are former PHBs turned Network Administrators, then the security will be weak. Like the lawfirm I used to work for, someone ran a password cracker, and I noticed the database on a shared drive full of passwords, and apparently nobody seemed to care that it existed or that someone has a list of password from most of the user accounts, including administrators. They also didn't seem concerned with applying the latest patches and kept SP4 on the NT 4.0 Servers when SP6.1 was out. They used a Linux server for a firewall, but I think someone else set it up for them. I'd give out their address and domain name, but I don't want someone to hack them and then point a finger back at my post listing the address to go at. *I am free now, to choose my own destiny.*
Post #43,730 by ben_tilly 6/28/02 1:38:03 AM Reply	Well if they don't... It is amazing how many will instead leave outbound on 80 open. Given the knowledge at home of how to create a tunnel (not hard - just look in ssh's documentation) it is trivial to hijack that to send your X display home. Cheers, Ben "... I couldn't see how anyone could be educated by this self-propagating system in which people pass exams, teach others to pass exams, but nobody knows anything." --Richard Feynman
Post #43,555 by slugbug 6/26/02 8:21:46 PM Reply	Good to see you here... How's things?

Welcome to IWETHEY!