VB Script and mapping network drives

[imported_kiloraw]

Hey is any way to play with VB script on Backtrack or on any Linux distro? I mean I heard about Mono....but really not that familiar in it. Then I read post that it is a bad idea....which sucks for me because I spent so much time trying to tweak Windows machines so that way they could operate as good as......well Linux.
First let me explain how I got to this point, I work at non-profit organization , we have a little network 100 workstations, different locations, one box(server) that runs everything....I know, I know, not fault tolerant...but like I said its non-profit....hence us not paying for a lot of training, equipment, software,etc. That's why I am on Backtrack not solar winds or something like that....plus I like Linux now- very customizable. Oh ya I have to start doing security audits the beginning of next month.....that's why I have been slamming this backtrack in the brain. So my boss has given me permission to hack, crack, the network. He basically sets me a file on one of the networking drives that is protected your usual network authentication(server 2003), and my task is to grab that....So I have been following some guides Hacking Exposed, Hacking for Dummies, etc

So I have cracked one wireless AP on our network with the tutorial of aircrack but here's a little funnier part I couldn't do it with spoonWPA..don't ask I ll figure that out later. So after i got the PSK I was able to access the AP....now I don't know what to do next (how to access a networked mapped drive with authentication). Which tool is best suited for this in Backtrack? Please know smart remarks, I'm looking for hand up, not a hand out.

FACTS
I already have permission
windows server 2003 network
Have access to the network already through aircrack
Need to map a drive or hack into a drive thats has been networked
not sure what tool to use

Besides forums and google is their a backtrack book? That I can buy froma bookstore....its is mentioned in alot of books

[Thorn]

To answer your last question first, the book you want it "Penetration Tester's Open Source Toolkit, Vol 2.", ISBN-10: 1597492132. It covers a lot of the tools in B|T and has a chapter devoted specifically to B|T. That chapter was written by a Moderator on these forums, theprez98.

As to the rest, considering your experience, you're playing with fire, and the boss should be smacked upside the head. You should NEVER learn this stuff on a production network. If you do something bad, like say DoS the server, or accidentally delete work files, you and the boss could be in deep trouble with the non-profit's board.

Having said that, if you insist on going ahead, the protocol that you need to understand is called Small Messaging Block (SMB) which is used for "mapping drives" under MS Networking. The applications for doing this under Linux are known collectively as "Samba". www.samba.org

Good luck with this, although I would again STRONGLY urge you to confine further learning attempts to a lab, before you damage something and end up in trouble.

[imported_kiloraw]

Thanks Thorn,
Hey I am little scared too. But if it matters I am a rookie in the security field, I am on Bach's, but if you been to school you know they really only teach you how to be a Net admin. But thank you very much, i will be taking plenty of precautions. And thank you, thank you, for the book I will be picking this up at lunch. But the VB on Linux is way to risky for what I am about to do and being a novice at Linux don't help the case. I will keep you posted on this thread of what happened, but it will take me a while to do this since i am new (fairly) to this. What about a Linux book? I got a command phrase book...it works well. Plus _how to forge_ is an awesome site for someone knew to Linux. No offense to any penguins but they really dumb down Linux. I remember you had to go to the books just for your peripherals. Now they have complete tutorails that basically tells you all the shell commands without even looking up what they mean(commands). But I look them up in my little phrase book.
Oh ya, the security audit will be done while on the network, not from the outside. ANd Thron I won't be doing any denial of service attacks on the server----hell no, thats the only one we have- LOL! Plus we have to do this, because of HIPPA. Plus has for deleting files, we will have a complete backup or snapshot before I even try this.....plus all workers will be gone...great way to spend a SaturdaY. tHANKS again Thron

[Thorn]

Thanks Thorn,

You're welcome

Hey I am little scared too. But if it matters I am a rookie in the security field, I am on Bach's, but if you been to school you know they really only teach you how to be a Net admin. But thank you very much, i will be taking plenty of precautions.

Those are exactly the reasons that you should be learning this stuff outside of the production network and contained in a lab environment. Even with "precautions", you're playing with fire, since you're learning this as you go. One slip-up could spell disaster.

And thank you, thank you, for the book I will be picking this up at lunch.

Again, you're welcome.

But the VB on Linux is way to risky for what I am about to do and being a novice at Linux don't help the case. I will keep you posted on this thread of what happened, but it will take me a while to do this since i am new (fairly) to this. What about a Linux book? I got a command phrase book...it works well. Plus _how to forge_ is an awesome site for someone knew to Linux. No offense to any penguins but they really dumb down Linux. I remember you had to go to the books just for your peripherals. Now they have complete tutorails that basically tells you all the shell commands without even looking up what they mean(commands). But I look them up in my little phrase book.

See, this is part of the problem. You may be familiar with the Win2003 environment as an admin, but you're approaching it from a completely different direction and a completely new OS. The fact that you need a "dumbed down" instruction set for Linux indicates a lack of knowledge that's pretty severe for the job you are about to undertake.

Oh ya, the security audit will be done while on the network, not from the outside. ANd Thron I won't be doing any denial of service attacks on the server----hell no, thats the only one we have- LOL! Plus we have to do this, because of HIPPA. Plus has for deleting files, we will have a complete backup or snapshot before I even try this.....plus all workers will be gone...great way to spend a SaturdaY. tHANKS again Thron

This, to me, is the really scary part. You may not intent to DoS the server, but with the fact that you are that new to both Linux and pen testing you could do it unintentionally. Again, all the more reason to be learning this away from the production network.

That goes double if you are doing this for HIPAA compliance. You really should have someone that is experienced doing this. At a minimum at least get someone experienced on site who can help guide you through the process.

A snapshot goes without saying.

"A Saturday"? I'd think for the environment you initially described that 40 hours would be more appropriate for full compliance testing.

Again, good luck.

[imported_kiloraw]

WOW 40hours...really? I mean I believe you, I never would have thought that it took that long...well my boss isn't here today so I'm not messing with anything right now, except I am setting up a "dummy" wireless AP to pracitce with aircrack. Since sometimes I crack ours (AP) and sometimes I can't....I will take heed to what you said(that's why I setup the wireless with no Ip's(connection) to network) and bring it up to my boss the consequences if I mess up. Going to pick up the book now. One more thing, is their cheap training for pentesting? Because we(I) need it...and I know the (non-profit) can't afford it and me just reading books and forums won't suffice. I looked at back track training and its like 5,000.00- that is to much for us.....do you know if they have non-profit pricing? I looked and did not see anything.

[Thorn]

WOW 40hours...really? I mean I believe you, I never would have thought that it took that long...well my boss isn't here today so I'm not messing with anything right now, except I am setting up a "dummy" wireless AP to pracitce with aircrack. Since sometimes I crack ours (AP) and sometimes I can't....I will take heed to what you said(that's why I setup the wireless with no Ip's(connection) to network) and bring it up to my boss the consequences if I mess up. Going to pick up the book now. One more thing, is their cheap training for pentesting? Because we(I) need it...and I know the (non-profit) can't afford it and me just reading books and forums won't suffice. I looked at back track training and its like 5,000.00- that is to much for us.....do you know if they have non-profit pricing? I looked and did not see anything.

It depends on what exactly you're doing. If you're just doing security compliance tests on the server for things like minimum length passwords, properly set up security groups, etc., then maybe you could do it in a day, although it still seems short. If you're actually pen testing on the server only, then a couple of days would be much more appropriate. But if your going to be doing even light test of the workstations, then 40 hours would be a minimum and two or three work weeks might be more reasonable.

Plus with HIPAA, there's a whole physical security issue which also needs to be addressed for compliance.

Knowing the reputations of the people at Remote-Exploit, I'm sure they are good, but not having taken the courses, I can't in good conscience recommend them. I have no idea if R-E offers non-profit discounts.

I've taken (and highly recommend) the online Heorot Pen Test courses. Their on-line course are $395 for the Introductory course, and $595 for the Intermediate course. They also have on-site courses in the $5k range.

[imported_kiloraw]

Very good book, chapter 5 is helping me out right now on the dummy AP. I am trying to get this training site approved for next years budget...we shall see. As for HIPPA on the physical side.....we reside in a Hosiptal so the physical security is ok...under contract with them on the physical security side. Thron you have been a wonderful help today and really opened my eyes to the damage I could have done. Thanks again.

[streaker69]

Very good book, chapter 5 is helping me out right now on the dummy AP. I am trying to get this training site approved for next years budget...we shall see. As for HIPPA on the physical side.....we reside in a Hosiptal so the physical security is ok...under contract with them on the physical security side. Thron you have been a wonderful help today and really opened my eyes to the damage I could have done. Thanks again.

Don't be so confident in that respect. Let me tell what I just saw in a similar office to yours.

Where you go to "checkout" from the Dr's office was a server sitting with the server was a cheap router, and two cheap dumb switches. The equipment was completely exposed and could have easily been plugged into quickly and easily without anyone's knowledge. Judging from the number of ports that were populated, I would guess that every single port in the Dr's office was plugged in. Seeing as how they were dumb switches, they wouldn't have been disabled and someone in an empty examination room could probably plug right in and have full access to their network.

You'd hope that things are secure in hospitals, but they rarely are.

[Thorn]

You're welcome, and again, good luck with it.

Regarding the physical security, just make sure that someone double checks what applies to your non-profit. While the hospital may cover most of it, there are certain HIPAA compliance issues that may still fall on your organization.(e.g. file cabinets that have any identifiable patient data must lock and have to be contained within locked and secured offices; behind the receptionist's open counter doesn't cut it.)

[streaker69]

You're welcome, and again, good luck with it.

Regarding the physical security, just make sure that someone double checks what applies to your non-profit. While the hospital may cover most of it, there are certain HIPAA compliance issues that may still fall on your organization.(e.g. file cabinets that have any identifiable patient data must lock and have to be contained within locked and secured offices; behind the receptionist's open counter doesn't cut it.)

Which is exactly where I saw the situation in my previous post. I was sitting there with much confidential patient data.