dcsimg
Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 37

Thread: computer hacking

  1. #21
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    yeah cause durring an exercise to test people's knowledge of security they are going to open a random attachment(!?)

    first get a trojan with antivirus and firewall kill feature
    ok yes these features would be nice when trying to instal malware - esp in this case and the firewall will prevent connecting to your RAT but an AVP kill feature? hrm to in order for it to run and kill the AV it would....ummm correct me if am wrong here....but wouldn't it need to be ran?

    now I must be extra special cause my AVP stops me from running any malware - i suppouse if active scanning was halted before hand then it could work - but of course people doing this kind of course are gonna have it disabled, just like they are goingto download unknown programs.

    v_Ln

  2. #22
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    before they get their specific drives into the computers. We will not have physical access to them during the competition. We will try to put Keylogger on before that time.
    If there arent drives in the machine then you wont be able to put a keylogger (at least a software one) on. The keylogger unless memory resident will need to be on a harddisk. Although you might be able to write/ modify a memory resident virus / program that to log key strokes. There might be viri that already do this.

    U could go for security though obsecurity on your box and get a bootable linux cd distro, boot that up theyll still be trying to run windows 2000 exploits agaisnt you when your actually running knoppix or something. There likely to only run a port scan once and ge the OS off that. if you give them some time to do this, then boot linux cd I doubt there gonna notice until they realise that your ttl values are different (If they know about that)

    A hardware keylogger could be the way to go, there very simple to build your own. Its just getting the Data back, your could implement this using the MBUS/ FBUS on a mobile phone and a serial eeprom and PIC, maybe thats beyond you im not sure.

    There is a way to modify the registry in windows 2000 that allows your box to be stealthed on a network, other computers cant see it, but it continues to have network connectivity. If anyone knows what this is can they let me know? I saw it first on astalavista.com about 1.5 - 2yrs ago and cant find it in searchs.

    whats the network setup? it just a piece of crossover cable? hows the room laid out? you in 2 seperate rooms?

    Theres not allot of point in putting trojans and stuff on there unless thats the main aim. Theres enough things in 2000 to use against them as it is...remote desktop, net messenger RPC and the list goes on,

    Are the boxes updated/ patched? or a clean install?

    (why is it that my schools years didnt have cool stuff like this?)

    HTH

    i2c

  3. #23
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741
    while everyones ideas seem to be in the right area I think if you only have to take out the server then you guys should wheel in a EMP (electro magnetic pulse) machine and start it up and blast em just a thought.... if that doesnt work make your way down to the electric box and flip the breaker.

    Just a couple of thoughts for ya.
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

  4. #24
    Senior Member
    Join Date
    Jul 2003
    Posts
    634
    Spyrus: they wont be expecting that, I was gonna suggest bugging them so you could hear everything they say. I thought I was getting carried away then you suggested EMP!

    i2c

  5. #25
    Given you don't have access to the computer.... Social engineering would be most effective against a janitor or something after class... Just write up a fake note that says "permission to let so and so in at this and that time" with 2 random initials. Don't even try social engineering the other team or teacher, its a waste of time.

    Don't forget dumpster diving! Steal the teachers garbage can... in class and office. Maybe their will be an outline of some sort for the other team!

  6. #26
    Junior Member
    Join Date
    Aug 2001
    Posts
    9
    if you don't have any of their suggestions, and if by chance you could switch the keyboards to
    your own computer (that is, if your pc and theirs is near or in back to back location) then you could get their passwords as they logon by installing key logger to your own computer.. they would complain to their instructor that their keyboard is not functional or their computer hangs up, they might secretly go to their instructor coz they expect their computer was been attacked already as the cause of the hangup, then you can quickly switch back the keyboards... then there, you have their passwords on your computer... an idiot suggestion hehe but might work on to idiot users...

  7. #27
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    one trick i have found that works with both sygate and ZA is to set your source port as 53. They turn a blind eye to almost any packet with 53 as a source.

  8. #28
    Banned
    Join Date
    Nov 2003
    Posts
    1,161

    Re: computer hacking

    Originally posted here by marginasc
    Hello,
    I am enrolled in a college security class. We have a final lab competition in there. There are 2 teams againt each other and we have 12 hours to attack and 12 hours to defend ourselves. The server/client we need to attack are on the same network as ours, and have Windows 2000 Gold on them. The network is completely isolated from the school network and the outside world I am not aware on what software or anti virus stuff the other team has on. Does anyone have any ideas on how we can attack them? We need to either bring their server down, or even alter the data in the database, or anything like this. If anyone can help with ideas, I would really appreciate it.
    Thanks a lot!
    Did professor X say Denial of Service attacks are out of the question & cannot be used?
    On the defense side of things I would expect some type of Denial of Service attack....so many ways to create one, cutting someones cables,stealing the NIC, modem,creating sharp bends in coax will have a effect. Hell, even exposing and removing the sheild braid exposing the copper line or somthing you rigged for disturbance from RADIO SHACK that might slow or cut off the connection by remote. (making a jammer(3 in), 12Volt comes to mind) all those can be set off by remote.

    Become and think like a Dedicated Educated Attacker, think and go outside the box. Use all possible options, the only boundaries here are set by professor X right?

  9. #29
    Junior Member
    Join Date
    Apr 2004
    Posts
    7

    answers

    We can use Denial of Services. Boundaries are set by the instructor.
    The 2 teams will be in 2 separate rooms. I think the network is just a piece of a crossover cable.
    Thank you for all your help!

  10. #30
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    so when is the "competition"? I am sure im not the only memeber ofthis comunity that is interested in hearing how things go.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •