Page 1 of 6 123 ... LastLast
Results 1 to 10 of 60

Thread: Penetration Testing...from the inside...

  1. #1
    Senior Member
    Join Date
    Jun 2002
    Posts
    174

    Penetration Testing...from the inside...

    I work for a retail store which caters to many of the western states. Our main goal is to "provide entertainment to mid-sized communities."

    The company, hereafter reffered to as the Company, uses all manners of technology to expedite the sales process. Computers control inventory, till audits, payroll, scheduling, price control, POS, timeclock, and inter/intra-store email.

    PART ONE:
    Each associate is assigned a PID (Payroll ID) and with that a set of security permissions. The Company system is a custom frontend sitting on top of SCO. Each cash register and floor computer is networked the the store server in the back room. That computer in turn is connected the Home Office, in a undisclosed state.

    The interesting part about our system is that it is one system on top of another. This means that one way of bypassing the security is to bypass the system all together.

    When the server starts up, it automaticallly logs itself in as "manager", the equivalent to root in the Company system, since all files have the Unix permissions of "manager". From there you are landed into the main screen, where you would log in with your PID to each of the submenus.

    One of the options on the submenu is the Lynx Browser, used by us to browse the corporate intranet site. (You may wonder how one could come by this option, as it is located in a password protected submenu, but the eployees frequently leave this menu open.) One of the glorious features of Lynx is that, by pressing the ! key, you are dropped into a shell. Normally, this would not be such a big deal, since one would typically have the same permissions, but in this case, it is very BAD.

    This little feature, overlooked by the corporate programmers, allowed one to browse the store server in complete Unix power. One could change till audits (which could lead to un-noticed theft), change inventory (which would lead to un-noticed theft), change payroll info (which would lead to un-noticed theft) EVERYTHING.

    In theory, since the systems are all networked, one could transfer their session over to the corporate server (same permissions, no password) and send out nation wide commands. You know what shutting down every computer in 30 states could do for a business? A lot of damage.

    Thankfully, my ambitions are not so evil. After some browsing around (and finding out I am the least paid employee there), I reported the flaw to corporate, who in turn fixed the exploit (on a temporary basis - more later) and quietly shushed me. Just goes to show how even big businesses can let stupid things go past them.

    Part Two will be written upon review of the comments made about this post.

    ~Em

    P.S. - I am still the lowest paid employee.
    I\'m back.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Moved from Security Tutorials to Misc Security Discussions. This is not a tutorial.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    And I thought my "tut" was bad embro1001 I suggest you read the forum descriptions or post a little more info on your topic. Trust me, I know
    Space For Rent.. =]

  4. #4
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Is this a question... or the title of a book? Or umm...

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    If, by the phrase "from the inside", you mean from the inside of the perimeter to the outside, (ie. public network), I would suggest that would be a lot like cleaning your teeth from the "wrong" end.......

    Are you referring to an internal security audit which provides information about the ease an attacker could move through the network of he penetrated the trusted zone, or how easy it is to move and elevate priviledges if you start in the trusted zone. Or are you referring to testing the egress rules your perimeter devices place on outgoing traffic?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    Originally posted here by Negative
    Is this a question... or the title of a book? Or umm...
    If it help's, I'm more confused than you are Neg
    Space For Rent.. =]

  7. #7
    Senior Member
    Join Date
    Jun 2002
    Posts
    174
    No patience...jeez
    I\'m back.

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    embro1001, for future reference, why not write the tutorial up in Notepad or some other editor and then post it?
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Ahh.... The meat.....

    They "shushed" you..... That was nice of them..... Do you have a review coming up? I'd be inclined to have a little "whine session" if you do not receive an excellent review and pay raise.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Senior Member
    Join Date
    Jun 2002
    Posts
    174
    Written on a Pocket PC during English class....my bad.
    I\'m back.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •