Results 1 to 4 of 4

Thread: Having some problems, need some advice

  1. #1
    Just burned his ISO
    Join Date
    Dec 2009

    Angry Having some problems, need some advice

    hey guys...

    I have a problem, This isn't quite BT related but in a way it is...

    I have a dual boot system and a network of computers, most of the computers run XP with SP2 or SP3.

    Only my system has BT4 installed.

    The last few days have been hell, some moron hacked several of my sites by infecting one of the XP boxes on the network. I'm guessing the guy is just using metasploit/SET to do a reverse TCP connection.
    He managed to connect to one of those machines and has taken the admin passwords from that machine for one of the site, and used that same machine to connect to the site so nothing would look irregular.

    I'm looking to put an end to this menace. How can I find the payload, and how can I patch it?

    This has been going for several days now. I've detected several trojans on that machine and I have managed to delete them. However on every scan I do after the successful deletion I keep finding that same trojan again.

    The last time one of our websites have been attacked the attack came from Saudi Arabia and the hacker was spreading Islam messages.

    Frankly I don't have anything against Islam but there are other ways to spread such messages, then this. This way they only provoke anger. Aside from the annoying music which was also implemented in the defacement of the site the whole thing was cleaned up quickly.

    However, after patching the site and increasing the security measures on it our systems still remain the weakest link in the security chain.

    I hope someone can help me with this nuisance. If this is posted in the wrong section please move it.

    Thank you in advance.
    Nusku Lu

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Behind the screen.

    Default Re: Having some problems, need some advice

    There are some things you can do like:

    1. Never use the same password for all things
    2. System Up do Date
    3. Up to Date software (web server, database, etc.)
    4. Good AV's

    I suggest you take down every web site for now and to a fresh reinstall to make sure you get rid of all the malware.
    Also, I noticed you said most computers are running XP SP2-3, do you run your web servers on XP ?
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010

    Default Re: Having some problems, need some advice

    This is not really BackTrack related, you should be asking this in a forum focused on responding to computer security incidents - you will get more relevant help.

    How you should best respond to this is going to be dependent on how defensible your network is right now. If you have all your machines unpatched, have performed no hardening, perform no network filtering, malware/intrusion scanning and don't perform proper logging you need to set all of that up before you have a hope in hell of efficiently responding to an incident. Implement a perimeter firewall that filters both incoming and outgoing traffic based on the principle of least privilege, proxy and perform application level filtering on all potentially dangerous outbound protocols (e.g. http/s), rebuild all compromised machines (offline), harden, patch and install AV and local firewalls before putting said machines back online, change all passwords and then implement a proper logging and monitoring process. Then work out a process for responding to security incidents....

    If your network is reasonably defensible, you need to perform an investigation to determine how the intrusion occurred - without knowing this you wont know where the security holes are that allowed the attacker access. Unfortunately, I can't just tell you how to do this in a single forum post, because the process involves knowing common attack techniques, understanding where the entry points to your network are and knowing where to look for signs of an intrusion. A defensible network minimises the attack techniques that will work and provides an ability to easily identify how, when and where the attack occurred. Judging from your past history of pwnage, I doubt you actually have a defensible network yet, but its something to aim for...
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #4
    Junior Member laptopz's Avatar
    Join Date
    Dec 2010

    Default Re: Having some problems, need some advice

    At this point best help you will probably get is an advice to clean install; if you go the other way there is a big chance you`ll miss something........whats more interesting is why on earth you have BT and you didn`t even bothered pentesting yourself.
    If anything can go wrong, it will....

Similar Threads

  1. A Little Help-Advice Please
    By Stan464 in forum OLD Newbie Area
    Replies: 5
    Last Post: 07-21-2009, 02:23 PM
  2. need some advice
    By wesmagyar in forum OLD Programming
    Replies: 14
    Last Post: 05-22-2009, 01:58 PM
  3. I need an advice
    By Ordismlialm in forum OLD General IT Discussion
    Replies: 8
    Last Post: 04-03-2009, 05:10 PM
  4. I need advice plz
    By crack my back in forum OLD Newbie Area
    Replies: 2
    Last Post: 01-02-2009, 08:36 AM
  5. Advice please.....
    By shopowner in forum OLD Newbie Area
    Replies: 19
    Last Post: 09-21-2007, 06:48 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts