Results 1 to 5 of 5

Thread: Terminal Value

  1. #1

    Question Terminal Value

    My School's Admin recently came to me and asked me to test the school's security. He promised me no actions would be taken for my exploits as long as I should him how I did them. This has become an awesome experience for me, I have learned so much and have also gotten a chance to teach him.

    After finding a whole with file permission on the Local terminal's I went to him to talk about it. I assured me that he knew about this and it didn't bother him because if something went wrong he could always ghost the machines.

    Any user on the network can delete any file that is not required by the system. (NT 5)

    Well I'm working on showing him the value of Terminals. I planned on Stealing the Sam file from the local machine and brute forcing it.... But I need to think of a clever way to steal it.

    I can use a boot disk, and get it from the server. But that is rather boring... So I sat down in vb and wrote a little program with one button that when pressed, it would copy the file. This got me thinking... writing a vbscript that when run it would check your username and compare it to a list of admin. If user was an admin, the script would send the file to a remote folder on a terminal. If the user was not an admin, it would use the outlook to spread to every user. To prevent it from spread out in the open, I would have it check ip address if the ip addres didn't match up, I would have it kill itself.

    Well I guess I'm just looking for everyone's opinion. Or suggestions for creative ways to show the value of Terminals.

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    175
    Ok..Just to make sure..I'm clear:

    When you say "Terminal" you mean --> "Node" or "Workstation" right? (In the networking enviroments I have been exposed to, most of the people called them "Nodes" or "Workstations")

    Just wanted to make sure we are on the same page. So our terminologies don't confuse each others.

    Ok..As for your program.. the concept sound neats.. One thing though:
    ... So I sat down in vb and wrote a little program with one button that when pressed, it would copy the file
    Are you trying to do this without the user knowing what is happening?

    If so...I suggest you place all your executable code in "form_load()" and make the form invisible and hidden in the taskbar.

    This got me thinking... writing a vbscript that when run it would check your username and compare it to a list of admin
    Is the list that your checking usernames against available on the server?... or are you going to write it yourself? Because either way the above quote suggests that their is a file that contains the list of admin users.. If this is so.. then why would you need spreading capabilities:
    If user was an admin, the script would send the file to a remote folder on a terminal. If the user was not an admin, it would use the outlook to spread to every user.
    ( Clarification is needed on this)

    Overall...as I said above the concept is neat.. but the program sounds very "wormlike" in nature. And I think that it is fair to warn you that if your "program" spreads outside the "jurisidiction" of your system administrator then you could be looking at criminal charges. I would take great caution in how you code and test this one.

    Is it not an option to help your system administrator patch the hole.
    Simon Templer

    \"Your work is to discover your world and then with all your heart give yourself to it. \"
    -The Buddha

  3. #3
    Yeah by terminals I mean nodes or workstations....

    As far as protection so it doesn't leak outside the network, I planned on includeding a small section of code that would compare ip's... if the ips didn't match a list of ip's then it would delete itself.

    also... as far as list of admins. I would supply the list... there are only two admins so The list would be fairly short.

    This "Worm"or 'Script" will not be compiled or even written down. Just a creative way to get the Sam file.

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    484
    I wish my school admin would let me test our security.
    Why am I still here?

  5. #5
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007
    Heh... The Sysadmin at my high school is a pretty cool guy, I had a class that he taught last year on the A+ exam... Last-minute-School-Scheduling-botch-up mishap, so I totally missed the networking (Network+), and found myself in the hardware semester, but it was okay. The problem is, I seal off opportinities to get farther into the system by helping out in the immediate. Also, this is a Novell Netware network, which I am less-than-knowledgable about... Although I did give him Chknull at the beginning of the year, before I had the class, for finding null-passworded accounts, and at the time there were some teacher-group accounts that were lying around vulnerable...

    At any rate, most of the Roving Nomad stuff didn't work, that was patched, and I've made a sort of covenant with myself that I must try to chip away at it without using keyloggers or anything like that. In a way, it seems worse to have a COMPETENT administrator , just nothing to do.
    [HvC]Terr: L33T Technical Proficiency

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •