Results 1 to 8 of 8

Thread: Internet Attacks

  1. #1
    Junior Member kdiggity317's Avatar
    Join Date
    Aug 2008
    Posts
    70

    Cool Internet Attacks

    Now I know from everything that I have found on BT3 that you need to be connected to the network in order for anything to really take affect. Is that anything in BT3 that will do an attack over the internet? This question was possed to me by a customer at work I didnt know the answer. As for more explanation I would put it like this lets say the company i work for we will call it A1 Company. A1 Company has a network setup just like you would have in your house. A basic wireless linksys router with lets say a switch running off that to send cables out to only a handful of machines maybe 12 at the most plus sending out a wireless signal with a WPA key. Would someone be able to get into that router or any of the machines using BT3 via the internet?

  2. #2
    Member
    Join Date
    Jan 2008
    Posts
    194

    Default

    Sure.

    Just don't ask how or you'll be headed to the ftard bin for sure.

  3. #3
    Junior Member
    Join Date
    Oct 2008
    Posts
    37

    Default

    Do you mean like over a WAN get into your network, or just hack into it?

  4. #4
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by kdiggity317 View Post
    Would someone be able to get into that router or any of the machines using BT3 via the internet?
    Of course. But, you won't necessarily need BT3. Depending on the router make/model, a browser might be enough.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #5
    Senior Member Shatter's Avatar
    Join Date
    Jan 2010
    Posts
    192

    Default

    It's always a good idea to use strong passwords and be sure to stay away from default settings. If the router isn't properly configured, an attacker may be able to access it and/or bypass certain security measures. Connecting from internet (or from within your network) to the router's admin page with a browser is an example.

    Cracking a WPA key is harder than cracking WEP, but still not impossible. Suppose you use a word from a dictionary as the password. An attacker could easily mount a dictionary attack and break into your network via wireless. You should use a combination of uppercase letters, lowercase letters and numbers for your passwords. Possibly some special characters as well. Password length is at least as important.

    I'm not sure where I've seen/read this wonderful piece of advice, but it goes something like this:
    "A security expert doesn't choose a password, he chooses a password length and a string of random characters."

  6. #6
    Junior Member kdiggity317's Avatar
    Join Date
    Aug 2008
    Posts
    70

    Cool

    Well yeah I wouldnt ask how that would be done if i want to test my house I would hit the net and be looking up stuff there before asking anything like that. Like I said it was a just a question brought to me at work the other day. I figured it was possible to do internet attacks but didnt know for sure so i thought i would ask. Thanks everyone.

  7. #7
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by kdiggity317 View Post
    Well yeah I wouldnt ask how that would be done if i want to test my house I would hit the net and be looking up stuff there before asking anything like that. Like I said it was a just a question brought to me at work the other day. I figured it was possible to do internet attacks but didnt know for sure so i thought i would ask. Thanks everyone.
    On other point about this: From an attacker's point of view, most of the time this probably isn't worth doing. Based on current trends, what is more fruitful is to have the user execute a Trojan. As long as the user takes the normal precautions of changing the default passwords, then they are probably at much greater risk of getting attacked by that "e-greeting card program" that a "friend" has sent them, or downloading an "update" from an unauthorized site.
    Thorn
    Stop the TSA now! Boycott the airlines.

  8. #8
    Member
    Join Date
    Sep 2008
    Posts
    146

    Default

    BT3 has a bunch of utilities for attacking over the internet. NMAP, Java and SQL injection scanners, Hydra, Metasploit, etc. BT3s progs are mostly configured for network penitration but with a little reconfiguration there are many potent tools for getting through web app security. From there it is possible to get into a network and to individual systems, it just adds a lot more steps/complexity.

    For more information on over the net attacks and web security in general id advise you to go check out the OWASP project http://www.owasp.org/index.php/Main_Page

    I think they even have a modified linux distro in Alpha release. Think BackTrack just configured against web apps (gross oversimplification) but its not nearly as far along as BT is and just getting it to boot is a b**ch and a half.
    Morpheus: "You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit-hole goes."

    Neo: "What if I take both?"

    Morpheus: "Don't do that! You end up like Nick Nolte!"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •