Home page logo

pen-test logo Penetration Testing mailing list archives

RE: Hacking demo - most spectacular techniques
From: "Greg" <greg () hoobie net>
Date: Tue, 2 Oct 2001 12:29:36 +0100

From: Ilici Ramirez [mailto:ilici_ramirez () yahoo com]

We intend to make a short demonstration of hacking as
part of a longer seminar with more than 100 IT
managers, vice-presindents, and other high-level

Don't tell them that to their faces for starters.

1. Remote VNC install - GUI session on target machine
2. BO2K or Subseven
3. Port redirection with fpipe - a firewall is not
always enough
4. Remote shell with netcat
5. Null session - information gathering with no right

You should include an example of subversion of an HTTP server entirely
through a web browser. This could be something like using the Unicode or
maybe even the CGI-double decode problems in MS IIS. Execute some commands,
copy some files from the HTTP server filesystem to the webroot and download
them etc. It is important to demonstrate that in some cases you don't need
any 'hacking' tools at all and not that much expertise. That can have a
great deal of impact.



This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]