October 13th, 2001, 10:34 PM
My School's Admin recently came to me and asked me to test the school's security. He promised me no actions would be taken for my exploits as long as I should him how I did them. This has become an awesome experience for me, I have learned so much and have also gotten a chance to teach him.
After finding a whole with file permission on the Local terminal's I went to him to talk about it. I assured me that he knew about this and it didn't bother him because if something went wrong he could always ghost the machines.
Any user on the network can delete any file that is not required by the system. (NT 5)
Well I'm working on showing him the value of Terminals. I planned on Stealing the Sam file from the local machine and brute forcing it.... But I need to think of a clever way to steal it.
I can use a boot disk, and get it from the server. But that is rather boring... So I sat down in vb and wrote a little program with one button that when pressed, it would copy the file. This got me thinking... writing a vbscript that when run it would check your username and compare it to a list of admin. If user was an admin, the script would send the file to a remote folder on a terminal. If the user was not an admin, it would use the outlook to spread to every user. To prevent it from spread out in the open, I would have it check ip address if the ip addres didn't match up, I would have it kill itself.
Well I guess I'm just looking for everyone's opinion. Or suggestions for creative ways to show the value of Terminals.
October 13th, 2001, 11:17 PM
Ok..Just to make sure..I'm clear:
When you say "Terminal" you mean --> "Node" or "Workstation" right? (In the networking enviroments I have been exposed to, most of the people called them "Nodes" or "Workstations")
Just wanted to make sure we are on the same page. So our terminologies don't confuse each others.
Ok..As for your program.. the concept sound neats.. One thing though:
Are you trying to do this without the user knowing what is happening?
... So I sat down in vb and wrote a little program with one button that when pressed, it would copy the file
If so...I suggest you place all your executable code in "form_load()" and make the form invisible and hidden in the taskbar.
Is the list that your checking usernames against available on the server?... or are you going to write it yourself? Because either way the above quote suggests that their is a file that contains the list of admin users.. If this is so.. then why would you need spreading capabilities:
This got me thinking... writing a vbscript that when run it would check your username and compare it to a list of admin
( Clarification is needed on this)
If user was an admin, the script would send the file to a remote folder on a terminal. If the user was not an admin, it would use the outlook to spread to every user.
Overall...as I said above the concept is neat.. but the program sounds very "wormlike" in nature. And I think that it is fair to warn you that if your "program" spreads outside the "jurisidiction" of your system administrator then you could be looking at criminal charges. I would take great caution in how you code and test this one.
Is it not an option to help your system administrator patch the hole.
\"Your work is to discover your world and then with all your heart give yourself to it. \"
October 14th, 2001, 12:45 AM
Yeah by terminals I mean nodes or workstations....
As far as protection so it doesn't leak outside the network, I planned on includeding a small section of code that would compare ip's... if the ips didn't match a list of ip's then it would delete itself.
also... as far as list of admins. I would supply the list... there are only two admins so The list would be fairly short.
This "Worm"or 'Script" will not be compiled or even written down. Just a creative way to get the Sam file.
October 14th, 2001, 01:40 AM
I wish my school admin would let me test our security.
October 14th, 2001, 05:46 AM
Heh... The Sysadmin at my high school is a pretty cool guy, I had a class that he taught last year on the A+ exam... Last-minute-School-Scheduling-botch-up mishap, so I totally missed the networking (Network+), and found myself in the hardware semester, but it was okay. The problem is, I seal off opportinities to get farther into the system by helping out in the immediate. Also, this is a Novell Netware network, which I am less-than-knowledgable about... Although I did give him Chknull at the beginning of the year, before I had the class, for finding null-passworded accounts, and at the time there were some teacher-group accounts that were lying around vulnerable...
At any rate, most of the Roving Nomad stuff didn't work, that was patched, and I've made a sort of covenant with myself that I must try to chip away at it without using keyloggers or anything like that. In a way, it seems worse to have a COMPETENT administrator , just nothing to do.
[HvC]Terr: L33T Technical Proficiency