Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: If I had been given a chance to respond.....

  1. #1
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    20

    Default If I had been given a chance to respond.....

    With reference to my previous post about vunerabilities and how to proceed:

    I knew I would get crap back and that people wouldn't believe what I was saying... I am not accessing a government network, I am accessing a wireless network in a home based scenario.

    A civil servant is anyone employed to do work for the government, if you worked for example as a prison officer you would be considered a government worker. Now for example if said prison officer was writing reports about their prison for their bosses etc, this would be considered government work and hence their home security would need to be good. How is this checked?? well let me tell you, if the civil servant had permission to do work from home, they would have to sign a document which described their personal home security (encryption used, backups used, number of backups etc etc). Essentially it is the government covering their asses by saying that the person had signed off that their security was good enough.

    So back to the original post. Yes I do have access to a wireless network (WEP), for a self employed person who does contracts for the government. And yes I have been asked by them to check how good their security is because they have to tell their superiors that it is up to scratch.

    I honestly want to know (not for any malicious purposes) what I can do on this system, and how vunerable they are if I already have access to their network via WEP.

    Now obviously I cannot prove I have permission, how am I going to prove that! So starting in the place where I cracked the WEP (BT3) what would be best to run next?

  2. #2
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    I think this is not the best way to get more help, you will just make matters worse.

    You seem to not want to put any effort in researching on how to go from where you are.
    You've been given some hints but it seems that it is also too much effort to pursuit these.

    All these points make it appear that you are not legit but want a quick and easy solution spoonfed to you.

    If you have no further clue tell your buddy that the WEP encryption isn't the best one to use and that you can't check any further before learning a lot more.
    Tiocfaidh ár lá

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    42

    Default

    Sorry, but i really do not see any single reason to do further checks.
    Is his network vulnerable? Yes, because he uses WEP instead ov WPA-PSK2 with a strong pwd.
    Is his system vulnerable? Yes, because you've gained R/W access to his HDD on system folders, therefore being able to start any kind of process on the system.
    What else do you need?
    Honestly, if you were a pentester, then you'll not ask "what can i do to mess up everything?".
    It's easy: you open in explorer his C: drive, then you open cmd on your system and type:
    Code:
    c:\>echo y|format c:

  4. #4
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Quote Originally Posted by ee0u30eb View Post
    And yes I have been asked by them to check how good their security is because they have to tell their superiors that it is up to scratch.
    I wonder why they ask/hire somebody who apparently has no idea of pentesting and hence has no references??
    Don't eat yellow snow :rolleyes:

  5. #5
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    20

    Default

    KMDave, thankyou for your post, I understand where you are coming from. I shall go away and look further into it myself. Yes I agree that I am looking to be spoonfed some information to a degree because I don;t even know what I should be looking into to get more info on. If someone says try using program X to go further, then I will look at it and learn how to use it.

    My original point is that when I told them they had poor WEP security they were not all that interested unless that means I can access anything worse than their internet connection.

    They have 5 machines at home... 2 used as media centers, 1 in an external building for other personal use, and two in their office, one personal and one business. I know for a fact that they do not wish to go around changing everything to WPA unlesss it is really necessary. They live in a sleepy town where I doubt anyone would go looking for vunerable networks, so the question becomes.... how simple would it be for joe bloggs down the road to access their info??

    I do not wish to destroy their systems or read their data, I merely wish to prove to them that they are not secure as they are. I cannot access their my documents at present, I only have root access because for some reason they have set a share up.

    If I was a wannabe hacker, then surely yes I would know a bit more about all this stuff, but on the contrary, I am not and that is why I am here asking, because I am interested in doing this for them and not going around trying to hack stuff.

  6. #6
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    20

    Default

    Quote Originally Posted by hawaii67 View Post
    I wonder why they ask/hire somebody who apparently has no idea of pentesting and hence has no references??
    I am a family friend who knows far more about IT than they do.... ok clearly not enough to do more than I have but they do not wish to hire anyone official as this is more an exercise to make them feel at least a tiny bit comfortable in their current setup without changing anything.

  7. #7
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by ee0u30eb View Post
    With reference to my previous post about vunerabilities and how to proceed:

    I knew I would get crap back and that people wouldn't believe what I was saying... I am not accessing a government network, I am accessing a wireless network in a home based scenario.
    I think I understand now a bit better, correct me if I am wrong here.
    You are testing your friends home computer so he can report this to his superiors who happen to be "the government"?

    If that is the case then, as with the other advice previously given you might wanna tell him/them that there is no possible way that this "home based" computer or network is really secure.
    Not only does one have to worry about vulnerabilities but also physical security.
    Remember how "the Government" a.k.a. the U.S. Veterans Administration data was breached by the theft of a laptop from the home of an employee.

    Now sure your case is/can be different in many ways but the point is the physical security or the lack-thereof, is also a weakness.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  8. #8
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Quote Originally Posted by ee0u30eb View Post
    Ok fine. I shall go away and look further into it myself.

    My original point is that when I told them they had poor WEP security they were not all that interested unless that means I can access anything worse than their internet connection.

    They have 5 machines at home... 2 used as media centers, 1 in an external building for other personal use, and two in their office, one personal and one business. I know for a fact that they do not wish to go around changing everything to WPA unlesss it is really necessary. They live in a sleepy town where I doubt anyone would go looking for vunerable networks, so the question becomes.... how simple would it be for joe bloggs down the road to access their info??

    I do not wish to destroy their systems or read their data, I merely wish to prove to them that they are not secure as they are. I cannot access their my documents at present, I only have root access because for some reason they have set a share up.

    If I was a wannabe hacker, then surely yes I would know a bit more about all this stuff, but on the contrary, I am not and that is why I am here asking, because I am interested in doing this for them and not going around trying to hack stuff.
    Your whole post reads like a big contradiction. You say you want to check their security but don't want to behave like a hacker?
    Where is the point of it? And where is the problem of changing a whole lot of 5 machines from WEP to WPA. Takes 10-15 minutes tops for all of em.

    But yeah, the fact that it is a sleepy town is the best protection offered to them.
    Tiocfaidh ár lá

  9. #9
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by KMDave View Post
    But yeah, the fact that it is a sleepy town is the best protection offered to them.
    Security through obscurity
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  10. #10
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Quote Originally Posted by archangel.amael View Post
    Security through obscurity
    There we are again at a point where it is not even a misconfiguration issue but an issue of human "logic"
    Tiocfaidh ár lá

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •