Page 1 of 2 12 LastLast
Results 1 to 15 of 26

Thread: Bening Hacker Project

  1. #1
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,406

    Bening Hacker Project

    Hello
    I was taking with a friend. He has no clue about computers, and he lives quite far away, so I cannot go to his house. Anyhow, he doesn't use firewall, and has broad band. Good thing he doesn't live the computer on all the time, but I was telling him about how hackers or worms could get to his PC, and he said, well then you could get into my PC too, right? And I answered yes, but I realize I really don't know how. So, we decided to set up a project. I simulate that I am a hacker, and I have to "Hack" his PC (without compromising it) and savbe reports, so we can compare with the afterwards of securing the PC.
    He will run the Online security Scanners from Sygate, but beyond that I don' know what else we could test. Is there a software that I could use?
    This also gets my curiosity depending on our results to do something similar at work. Security Audit would be the name, right? But we also wanted to see if beside detecting a vulnerability we could experiment with it

  2. #2
    Titanium Member efc's Avatar
    Join Date
    Sep 2002
    Location
    North Central Arkansas
    Posts
    2,329
    I have used this one and it worked fine. BB and I tried to make it work when I was on satellite internet. We failed then. I don't think you will have a problem. All of the tutorials and the download is at this site.

    Link
    Linux Mint Debian Edition

  3. #3
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,406
    ehh
    EFC, that is VNC. We are trying to make a security audit/hacking style. That would just give me a remote desktop (and create another security hole)
    I personally prefer tightVNC, I think it is faster, but realVNC works better crossplataform. With Windows XP remote desktop, thought I preffer to use it instead of VNC whenever I can

  4. #4
    Titanium Member efc's Avatar
    Join Date
    Sep 2002
    Location
    North Central Arkansas
    Posts
    2,329
    OK, I didn't understand what you were trying to do. I am not knowledgable in that area so you are on your own.
    Linux Mint Debian Edition

  5. #5
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    basicly you want to scann all 65,000 ports with a port scanner and if you find open ones you try to connect to the port and execute a trojan.

    the rest is gravy.

    other ways are social engineering and this can be anything from gaining trust from your friend to sending him a link so that you can infect his computer using the numerous exploits of internet explorer
    ------------------------------------------------------------



  6. #6
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,406
    I had trouble understanding you egg I am not that verse yet.
    LK, that is OK, what are we here for?? to learn. It is my first hacking project.
    I don't want to infect my friend with anything. He would probably take a plane and beat me up
    The idea we had was just to prove, like I don't know......lets see...maybe change something in the PC to prove passing, or something visible but not bad.
    Port scanner. That is easy. A program like port7. I just don't remember where I have it. used it ages ago. What would you recomend egg?
    I don't know, port scan is good when you are completely unprotected. It won't do anything to systems like mine for example, or yours egg. I supouse you have more than one layer of security, right? Beside that, we want to go beyond that.
    I know..we are a little ambitious He just has been months completely naked on the net and wanted to experiment a bit, and from there I wanted to see if I could do more of a serious audit of my work's network. I had been wanting to run an internat/external audit for months, but I don't want to stress down the systems too much. So, I had been postponing eternally (and some soft are too complicated too)

  7. #7
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    If you want to hack your mate you are in for a long job. If it was that easy we would all be doing it right! Do you have a Linux machine that you could run Nessus on? Nessus will identify vulnerabilities on a remote machine, once you have a vulnerability identified then you can search for an exploit to attack that vulnerability with. Exploits can be found on the net but they are usually in a crippled form, you will need to be able to program in C/C++ to be able to read the code and put it straight then compile the program. Some exploits will need whole lumps changed so instead of returning a 'yes it is vulnerable' answer it returns a reverse shell which you can use to manipulate the remote machine - download wget, download vnc or trojan and install and run them to make you 0wn the machine. There are some commercial security suites out there which have all this stuff built in (including reverse shell exploits in some cases) but they generally cost a fortune and will not be viable. Port scanners are evrywhere Nmap is probably the most famous but on windows you will like Angry IP scanner or Superscan4 much better. Open ports don't mean you can get in though - just you might be able to, a vulnerability scanner is what you really need and Nessus is the Daddy. You are not going to hack your mate anytime soon unless someone hands you a precompiled exploit with pnc functionality. Your best chance is to social engineer him into turning on remote desktop support, telling you his IP address and admin password. The other common way of getting remote control is to precompile a Trojan server and attach it to a legitimate program (winamp, winzip, Nero Burning rom etc... smaller is better) using a trojan binder program (seemlessly adds the two - built in to SubSeven, theBeast etc..) and email to your tango with the suggestion that it is actually just the desirable program. When he runs it the trojan is invisibly also installed and you can connect to it using the client and password - some severs will email you to tell you they are working.

    Good luck.

  8. #8
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,941
    The simplest way I can think of:

    Password Guessing Tools for RDP

    There are several tools that can be used for cracking into RDP systems. TSGrinder, and TSCrack are famous ones. These tools can be readily used to find the password for "Administrator".

    By the way, when was the last time you typed Administrator's password on your Windows XP Professional? Oh, you don't have "Administrator" account on your Windows? You should have it unless you already renamed it. Windows XP just hides it not to confuse end users, but WITHOUT DISABLING IT. And because it has administrative privilege, "Administrator" can log in via Remote Desktop by default. "Administrator" is also immune to account lockout that results from excessive login attempts.
    Once you crack his password on the admin account, it's all gravy. You should have complete access to his machine.

  9. #9
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899
    When u try a rdp session a popup comes on-screen asking the user if they will allow it - even if rdp has been enabled it's not really a great way in to a user desktop machine. If they are not even using XP/2000 it is no way in. BoxCracking is not easy but when an exploit is found everyone is vulnerable until it's patched that's why the IE exploits that spyware programs use are so effective. The time between the discovery of the exploit and the patch being available means they have a period when they can do what they like to you through IE - or whatever other attack vector is being used. 99% of box cracking is done by either a virus or a malware exploit. If you want to prove to him that his box is vulnerable the best way is to get him to visit known dodgy sites - unfortunately the result could be a wrecked windoze. Have a look here - https://netfiles.uiuc.edu/ehowes/www/dbd-anatomy.htm - if you want to know where to look.

  10. #10
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,406
    U seem to know a lot about the subjetc Curio
    I think it is far too complicated for my level.
    We used Nexus at my work. Never really had the enought time to get a feel of it thought. I am not very good with Linux. We don't want to wreck the PC. I might not care about wrecking a PC at work, since I will have to fix it anyways
    I was thinking it might be a bit easier like DoS it, or make it crash (once) or just change something easy and silly to prove the point. I don't really mean prove it can be hacked, we are just doing this as a fun project, and then try to repeat it after we finished closing it.
    I think I might just conform with running a port scan. I just thought there is something beyond that I could do, without causing too much trouble. Since there are so many hacking around I expected to be much more easier

  11. #11
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,852
    It depends how old his OS is, like win95/NT, also, is he going to tell you his IP? and will the comp be connected a lot of time?

    You could do port scan, find that Netbios over TCP is running, then use a LMHASH program to get in (but I think this is for very old, and poorly configured os)

    --- 0wN3D by 3gG ---

  12. #12
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,406
    His OS is Windows XP, not sure if he has SP2, but I will ask him.
    He already gave me the IP, thought probably it changed again, but yes, he will give me the IP.
    The reason this project came out was that he was telling me his computer gets slow only 2 months after format, so I told him he probably gets too much Spyware, then I asked him if he had a firewall to check for the Internet Activity, and he said no, so I proceded explaning to him that a hacker could get in and do whatever they wanted to do with the computer. Instead of freaking out, he thought he would like to see it, and asked me if I could hack in his computer. I said, well I am not a hacker, but I could see, and then we started thinking about the project. He put it a firewall (Sygate), but the idea is that when I am ready to "hack him" he will turn it off to simulate the PC before the Firewall was installed.
    We don't really want to do anything bad to the PC since he doesn't know how to format the PC and re-install the OS, so he takes it to the IT guy shop. Great guy if he didn't tell him about Spyware and firewalls. That way he keeps coming every 2 months. My friend is not very savy, and it takes me forever to explain him how to do this and that....
    ...which, my friends also take me to the point.
    How can I remotely control a PC over the Internet, but securely. I use Remote Desktop and VNC inside the LAN, but I have my serious doubt on the Internet. My big problem is that my friend is in Argentina, and I am here in USA. Also, I do a lot of support for my cousin, which made me think (I whish I could use remote desktop, and get her PC working remotely)
    It takes me hours to explain something that I could do in minutes)

  13. #13
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    899

    Remote Control

    Get your friend to turn on remote desktop support
    System Control Panel-->Remote tab-->Remote Desktop - check allow users to connect to this computer. Now he can tell you his admin password and you can connect to him over the internet. Or he can create a user for you to use as remote repair man. It is important to remember that your only protection on this system is the length and complexity of the password so make it good and long with some odd characters in it. For instance you can use a phrase like 'aDmiN!cOnNecTs' depending on what the password limit is. A password like this will take so long to brute force that it is impractical to do it. He can leave the firewall on as long as he allows incoming port 3389 tcp through it. You will need to use the RDP client built into XP - or one of the others you can find - just point it at his IP, it's just like sitting there yourself but you need real long arms to put a CD in!

  14. #14
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,406
    I need long arms to put CDs in my PC now with the weird desk that I have
    Is it posible to change the default port? 3389 is too obvious, and at least I would like to add a little more protection not making it so obvious.

  15. #15
    Precision Processor Super Moderator egghead's Avatar
    Join Date
    May 2002
    Location
    In Your Monitor
    Posts
    3,546
    Quote Originally Posted by Curio
    There are some commercial security suites out there which have all this stuff built in (including reverse shell exploits in some cases) but they generally cost a fortune and will not be viable. .
    do you have links? or program names?
    ------------------------------------------------------------



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •