|
-
February 18th, 2004, 08:46 AM
#11
I'll bite.
Here is my analysis on the situation:
Teacher sets up laptop, firewall -> Block all incomming requests.
You attack - everything fails due to firewall dropping it.
Basically, the firewall setting has you screwed over; he expects to win. In this game with your teacher, he lulled you into a trap that you can't break. Why? His computer is probably set to ignore yours, and everyone else's. IPC (Windows/Network) shares will not work if that is true, nothing will since you are ignored and nothing can connect to him. It is almost like unplugging the computer you are attacking...and he has no services to attack. (at least on webservers, there is a web server service or server side programs you can try to attack) So, simply put, you will probably lose unless you bend the rules a lot, which will probably get you into trouble, so don't waste your time on it.
BTW, I think he is trying to show off... I haven't taken any Cisco courses (I think they want to train me to sell stuff for them) so I don't know what the circulum covers, so it may also be remotely possible he might share some insight into computer security from his own expirence?
-
February 18th, 2004, 10:52 AM
#12
 a litle more info
I'm 17 years old live in holland and i'm following the sisco course at my school.
If you want to know more about cisco courses read this
cisco courses
The teacher in this case is a cool guy and I don't know why he asked
us to break into his laptop he yust did. Although it is like him to do a thing
like that.  He's been challenging us all the time.
For instance the first thime we had him he introduced us to the concept
of Net Send, the basterd was sending net send bombs to our computers saying the first person to figure out wat those messeges were and how to stop them from popping up
on the computers could get another chance on one test if it wasn't above 70 %.
I know that doesn't look like much but thats I nice thing to have in your pocket.
After some nice searching on google I found the answer pretty fast. So next lesson I
bombed his computer with a vbs script I wrote around a netsend spoofer for the
windows command line. I still have that second chance in case I need it someday.
I yust rounded of the first semester wich is networking basics. And next monday
wich is the day I have my classes we are starting on semester 2. I know what this site
is all about but this isn't about breaking in he's trying to teach us something.(I hope) Everytime someone figures something like this out he makes them tell the whole class how they did it. I do think he made this a little more complicated though. And yes I can use outside resources. (If you don't know it yourself find someone who can teach you.)
And im an onhest guy im not socially engineering you(had to look that word up).
He will want me to tell how I figured this out to the class so if applicable credit goes to antionline and its members.
So here's all the info I hope )
I know the Name of the laptop wich is LAP01
I figured out the IP of the laptop wich is 10.108.5.11
We are on the subnet 10.108.5.X
I don't have physical access to the laptop.(It's on his desk but he won't allow us)
I gues his OS is Win2000. With a very good securety policy.
He's got a firewall, but don't ask me witch.
The firewall has been blocking my packets.(most of them anyway)
I have access to a computer with CD and disk drive and internet and windows
2000 without restricsions login in throug novell. The school supplied us a
portable hard disk on witch I have a windows 2000 advanced server and windows xp pro.
As far as myself. I know how to work with telnet( a bit ). NMAP, ipscanners, portscanners
programming in (basic), C, C++, vbs. I have basic networking knowlidge know how to do a search with google am willing(eager, dieing) to learn. And my english is crap.
Thats about it.(That took me longer than I thought it would)
Since the beginning of time, Man has searched for the answers to the big questions: \'How did we get here?\' \'Is there life after death?\' \'Are we alone?\' But today, in this very theatre, you will be asked to answer the biggest question of them all...WHO LIVES IN A PINEAPPLE UNDER THE SEA?
-
February 18th, 2004, 11:40 AM
#13
Looks like you are goigng to have to try a little bit of social engineering yourself.
Does your prof connect to his laptop using the novell connection or does he log on locally?
Have you tried going up to him with a question when he is connected to the laptop. This might let you see some usefull information. Small things like the name of his user account. Is there any reconnisable icons for the fire wall. For example norton uses a small globe on the taskbar.
You may be able to confirm his operating system also like this.
Also this is probalbly not the first time he has given the challange.
Iwould also try a tracert on his computer name and his ip address. this will let you see if his laptop is on the same subnet.
any these are just a couple of quick thoughts that may help in the challenge.
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)
-
February 18th, 2004, 11:41 AM
#14
I don’t know **** about hacking into computers But questions that came to mind:
Since this is a cisco class I think maybe Relyt might be on the right track.
How is the router administered? Does he access it from his laptop?
Did you find it in your scans?
Did he tell you the model router or would you have to fingerprint it?
Is the router doing any NAT to his computer ?
And where exactly is the firewall?
At the stage you are at would he reasonably expect you to set up a sniffer for passwords, etc?
Again as Info Tech Geek said I would be looking for use of default passwords here.
The point here might be to show that the routers need to be set up properly.
my 2 cents.
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
-
February 18th, 2004, 01:01 PM
#15
try this site for default passwords:
http://www.phenoelit.de/dpl/dpl.html
perhaps it can be of help...
-
February 18th, 2004, 01:20 PM
#16
I have an idea. Set up a trap for your teacher. Use Cain and Abel password recovery or LC4, and have it sniff the network. Go to class early and set everything up. After that, wait for your teacher to sign into his PC and hope it works. I'm not sure if a firewall would interrupt LC4 and Cain. Let me know if it doesn't work, i'll think of something else  .
-
February 18th, 2004, 01:31 PM
#17
1. Use the force.
2. Port scan.
3. Exploit Scan, mso's are still buggy on some 2000 p.cs
4. Search for c$ share if you ain't done so.
5. Look at major geeks for bootable CD with Sam password removal system.
6. Repeatedly kick this lecturer in the head if he wins this challenge.
-
February 18th, 2004, 04:25 PM
#18
Junior Member
Just a couple of suggestions....
Many personal firewalls now have an integrated IDS. If this is the case with his your port scans may be failing because the scan is to agressive. Try slowing the scan down to the slowest speed. Maybe you can sneak something through.
You could also try spoofing the IP address to make it look like the requests comming from your computer are comming from his. Here again most personal firewalls and IDS will detect this but he has probably left you a hole somewhere.
Good luck.
-
February 18th, 2004, 06:32 PM
#19
Junior Member
Here is what I would look at also (besides the other very good suggestions already posted)
Since this is a Cisco class, I assume your class is all connect via a router or switch? Have you tried telnetting to the router/switch, and from there, telnetting to the teachers laptop?
The firewall may be blocking all traffic except that originating from the router...
Just a thought
-
February 27th, 2004, 04:59 AM
#20
Junior Member
A few more thoughts...
Try searching for 'passive OS scanning' on Google. If your class is on a shared network i.e. a hub, you might be able to use a passive OS scanner to find more information about the operating system on his laptop.
Also, if you are all on the same subnet (10.108.5.x) then he is most likely using a personal firewall. You might look for vulnerabilities associated with these types of firewalls. Zone Alarm is a very popular and FREE personal firewall that has a few major bugs in past releases. A few other personal firewalls are Black Ice Defender, Tiny Firewall and the Microsoft Personal Firewall.
Keep in mind that the laptop is participating in some kind of netbios browser negotiations (unless a WINS server is present) otherwise you would not be able to resolve the name LAP01 to an IP address. I would definitely spend a fair amount of time looking around with the 'net' command at the DOS prompt. Also, if it is a W2K host, it might be listening for RDP connections on TCP port 3389. You can attempt a telnet connection to this port or use the MS Terminal Services client to make a connection to the host.
Lastly, do an 'arp -a' from the command prompt and check for another IP address that is sharing the same mac address as the 10.108.5.11 IP. He might have two IP addresses assigned to the same interface of the laptop. If so, his firewall might permit various types of connections to the other IP. Just a few thoughts. Hope it helps and good luck!
-Tom
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
