Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: If I had been given a chance to respond.....

  1. #11
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by KMDave View Post
    There we are again at a point where it is not even a misconfiguration issue but an issue of human "logic"
    Yeah cuz nothing ever happens in sleepy hollow.

    Humans will always be the weak point I guess.
    cheers
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  2. #12
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    20

    Red face

    Quote Originally Posted by KMDave View Post
    Your whole post reads like a big contradiction. You say you want to check their security but don't want to behave like a hacker?
    Where is the point of it? And where is the problem of changing a whole lot of 5 machines from WEP to WPA. Takes 10-15 minutes tops for all of em.

    But yeah, the fact that it is a sleepy town is the best protection offered to them.
    Two of their machines are connected as media PCs in the sense that they have not got a monitor or keyboard attached, just speakers and VNC client installed. So to change them they would have to move the machine to another one, connect it up and then change it. OK granted that would still all take less than 30minutes, but still a pain in the ass.

    Yes I agree their security is heavily undermined by the simple fact that their PCs are relying on basic windows user account security to keep their data safe. If someone stole it they could ophcrack it in seconds and have it all. I think I shall just tell them that they NEED to use WPA and that be the end of it.... I don't really want to sit here looking like a fool any longer than I must just to prove something for them, but I do maintain that this is a legitimate post about legititimate security concerns.

    Thanks anyway guys, keep up the good work.

  3. #13
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Stick around, and read the tutorials there is lots of good information in there.
    The General IT Section also contains a lot of good practical info.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #14
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by ee0u30eb View Post
    Thanks anyway guys, keep up the good work.
    Where do we send the invoice?
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  5. #15
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Quote Originally Posted by ee0u30eb View Post
    Two of their machines are connected as media PCs in the sense that they have not got a monitor or keyboard attached, just speakers and VNC client installed. So to change them they would have to move the machine to another one, connect it up and then change it. OK granted that would still all take less than 30minutes, but still a pain in the ass.

    Yes I agree their security is heavily undermined by the simple fact that their PCs are relying on basic windows user account security to keep their data safe. If someone stole it they could ophcrack it in seconds and have it all. I think I shall just tell them that they NEED to use WPA and that be the end of it.... I don't really want to sit here looking like a fool any longer than I must just to prove something for them, but I do maintain that this is a legitimate post about legititimate security concerns.

    Thanks anyway guys, keep up the good work.
    It is not like we have any personal issues with you, it is just so easy and you should look through the idiot's corner to give you an impression on what's going on and why it sounds so hostile around here and why newcomers are given a hard time, especially if it comes down to topics like that.

    As archangel.amael pointed out, stick around and start reading. Maybe you read some other interesting stuff you want to try out. Go ahead and build a lab for you at home. Either with VirtualBox or VMWare.

    Get more experience on how stuff works, ask questions about particular things if you don't understand it fully. So much more interesting stuff than playing around with some automated tools.
    Tiocfaidh ár lá

  6. #16
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by ee0u30eb View Post
    With reference to my previous post about vunerabilities and how to proceed:

    I knew I would get crap back and that people wouldn't believe what I was saying... I am not accessing a government network, I am accessing a wireless network in a home based scenario.
    Interesting that you say it's "a" network not your own. Go go theft of services.

    A civil servant is anyone employed to do work for the government, if you worked for example as a prison officer you would be considered a government worker. Now for example if said prison officer was writing reports about their prison for their bosses etc, this would be considered government work and hence their home security would need to be good.
    Said worker should not be conducting Government business on a network which is not under Gov't control.
    How is this checked?? well let me tell you, if the civil servant had permission to do work from home, they would have to sign a document which described their personal home security (encryption used, backups used, number of backups etc etc).
    I would be very surprised if this is the case, why would the Gov't trust it's data etc to your word that you have xyz security in place without any method to verify such safeguards?
    Essentially it is the government covering their asses by saying that the person had signed off that their security was good enough.
    They haven't covered anything....

    So back to the original post. Yes I do have access to a wireless network (WEP),
    Again "a" network, go go service theft.
    for a self employed person who does contracts for the government. And yes I have been asked by them to check how good their security is because they have to tell their superiors that it is up to scratch.
    There is nothing to check, if they're using WEP they haven't even followed industry best practices. Do not pass go, do not collect $200, tell them they fail.

    I honestly want to know (not for any malicious purposes) what I can do on this system, and how vunerable they are if I already have access to their network via WEP.
    Congrats.

    Now obviously I cannot prove I have permission, how am I going to prove that! So starting in the place where I cracked the WEP (BT3) what would be best to run next?
    There is no need to proceed further. Inform the individual that they need to follow industry best practices in configuring their network devices.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  7. #17
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Well this thread is like flogging a dead horse. The OP has his answers and so I see no reason to let this continue.

    Just a side note: If any one person thinks they are going to come to a forum full of some of the top computer hackers, network admins, security professionals and other computer enthusiasts and extract info in order to conduct a illegal activity then they should most definitely look into a new avenue of crime because this one is not going to work.

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •