Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: If I had been given a chance to respond.....

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    20

    Default If I had been given a chance to respond.....

    With reference to my previous post about vunerabilities and how to proceed:

    I knew I would get crap back and that people wouldn't believe what I was saying... I am not accessing a government network, I am accessing a wireless network in a home based scenario.

    A civil servant is anyone employed to do work for the government, if you worked for example as a prison officer you would be considered a government worker. Now for example if said prison officer was writing reports about their prison for their bosses etc, this would be considered government work and hence their home security would need to be good. How is this checked?? well let me tell you, if the civil servant had permission to do work from home, they would have to sign a document which described their personal home security (encryption used, backups used, number of backups etc etc). Essentially it is the government covering their asses by saying that the person had signed off that their security was good enough.

    So back to the original post. Yes I do have access to a wireless network (WEP), for a self employed person who does contracts for the government. And yes I have been asked by them to check how good their security is because they have to tell their superiors that it is up to scratch.

    I honestly want to know (not for any malicious purposes) what I can do on this system, and how vunerable they are if I already have access to their network via WEP.

    Now obviously I cannot prove I have permission, how am I going to prove that! So starting in the place where I cracked the WEP (BT3) what would be best to run next?

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    I think this is not the best way to get more help, you will just make matters worse.

    You seem to not want to put any effort in researching on how to go from where you are.
    You've been given some hints but it seems that it is also too much effort to pursuit these.

    All these points make it appear that you are not legit but want a quick and easy solution spoonfed to you.

    If you have no further clue tell your buddy that the WEP encryption isn't the best one to use and that you can't check any further before learning a lot more.
    Tiocfaidh ár lá

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default

    Sorry, but i really do not see any single reason to do further checks.
    Is his network vulnerable? Yes, because he uses WEP instead ov WPA-PSK2 with a strong pwd.
    Is his system vulnerable? Yes, because you've gained R/W access to his HDD on system folders, therefore being able to start any kind of process on the system.
    What else do you need?
    Honestly, if you were a pentester, then you'll not ask "what can i do to mess up everything?".
    It's easy: you open in explorer his C: drive, then you open cmd on your system and type:
    Code:
    c:\>echo y|format c:

  4. #4
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    20

    Default

    KMDave, thankyou for your post, I understand where you are coming from. I shall go away and look further into it myself. Yes I agree that I am looking to be spoonfed some information to a degree because I don;t even know what I should be looking into to get more info on. If someone says try using program X to go further, then I will look at it and learn how to use it.

    My original point is that when I told them they had poor WEP security they were not all that interested unless that means I can access anything worse than their internet connection.

    They have 5 machines at home... 2 used as media centers, 1 in an external building for other personal use, and two in their office, one personal and one business. I know for a fact that they do not wish to go around changing everything to WPA unlesss it is really necessary. They live in a sleepy town where I doubt anyone would go looking for vunerable networks, so the question becomes.... how simple would it be for joe bloggs down the road to access their info??

    I do not wish to destroy their systems or read their data, I merely wish to prove to them that they are not secure as they are. I cannot access their my documents at present, I only have root access because for some reason they have set a share up.

    If I was a wannabe hacker, then surely yes I would know a bit more about all this stuff, but on the contrary, I am not and that is why I am here asking, because I am interested in doing this for them and not going around trying to hack stuff.

  5. #5
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Quote Originally Posted by ee0u30eb View Post
    Ok fine. I shall go away and look further into it myself.

    My original point is that when I told them they had poor WEP security they were not all that interested unless that means I can access anything worse than their internet connection.

    They have 5 machines at home... 2 used as media centers, 1 in an external building for other personal use, and two in their office, one personal and one business. I know for a fact that they do not wish to go around changing everything to WPA unlesss it is really necessary. They live in a sleepy town where I doubt anyone would go looking for vunerable networks, so the question becomes.... how simple would it be for joe bloggs down the road to access their info??

    I do not wish to destroy their systems or read their data, I merely wish to prove to them that they are not secure as they are. I cannot access their my documents at present, I only have root access because for some reason they have set a share up.

    If I was a wannabe hacker, then surely yes I would know a bit more about all this stuff, but on the contrary, I am not and that is why I am here asking, because I am interested in doing this for them and not going around trying to hack stuff.
    Your whole post reads like a big contradiction. You say you want to check their security but don't want to behave like a hacker?
    Where is the point of it? And where is the problem of changing a whole lot of 5 machines from WEP to WPA. Takes 10-15 minutes tops for all of em.

    But yeah, the fact that it is a sleepy town is the best protection offered to them.
    Tiocfaidh ár lá

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by KMDave View Post
    But yeah, the fact that it is a sleepy town is the best protection offered to them.
    Security through obscurity
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Quote Originally Posted by archangel.amael View Post
    Security through obscurity
    There we are again at a point where it is not even a misconfiguration issue but an issue of human "logic"
    Tiocfaidh ár lá

  8. #8
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    20

    Red face

    Quote Originally Posted by KMDave View Post
    Your whole post reads like a big contradiction. You say you want to check their security but don't want to behave like a hacker?
    Where is the point of it? And where is the problem of changing a whole lot of 5 machines from WEP to WPA. Takes 10-15 minutes tops for all of em.

    But yeah, the fact that it is a sleepy town is the best protection offered to them.
    Two of their machines are connected as media PCs in the sense that they have not got a monitor or keyboard attached, just speakers and VNC client installed. So to change them they would have to move the machine to another one, connect it up and then change it. OK granted that would still all take less than 30minutes, but still a pain in the ass.

    Yes I agree their security is heavily undermined by the simple fact that their PCs are relying on basic windows user account security to keep their data safe. If someone stole it they could ophcrack it in seconds and have it all. I think I shall just tell them that they NEED to use WPA and that be the end of it.... I don't really want to sit here looking like a fool any longer than I must just to prove something for them, but I do maintain that this is a legitimate post about legititimate security concerns.

    Thanks anyway guys, keep up the good work.

  9. #9
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Stick around, and read the tutorials there is lots of good information in there.
    The General IT Section also contains a lot of good practical info.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  10. #10
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by ee0u30eb View Post
    Thanks anyway guys, keep up the good work.
    Where do we send the invoice?
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •