-
January 26th, 2002, 02:55 AM
#1
Junior Member
Vulnerabilities Of Win XP?
Hi Net Security People
A friend has given me *permission* to "hack" their XP computer. They think
that security is a joke and XP erases all needs for such. Now, I can get their IP,
they are on a high speed connection 24/7 and run no firewalls at all.
Since they think I am a liar that they are vulnerable, they have asked me to prove it.
I want to take them up on such a challenge. If anyone here has suggestions for just
such a situation, I will post results for you guys... I run Win2Kpro on highspeed conn,,,
-Gecko
-
January 26th, 2002, 03:06 AM
#2
if i were you i think i would read from some google searches, or if you really want to be lame do it easily , via trojan.
-
January 27th, 2002, 04:09 AM
#3
well there is the famous UPnP flaw in win XP and im sure your friend never bothered to d/l the patches.. and there's another one in IE about the %%00 code..
-
January 28th, 2002, 09:29 AM
#4
Member
there are flaws in xp if they hv not apply the patches. they may hv turn on the built-in firewall which comes with xp.
rgds
de
-
January 28th, 2002, 11:04 AM
#5
Member
hum...
I think before telling them they are vulnerabil I whould of checked to see about how vonerable they where...... evryone is at risk more then others though..... hum... on M$.com do tehy tell you what the security updates fix? if so check that....
-
January 29th, 2002, 01:34 AM
#6
there are so many ways to prove them wrong but before you come to security site and ask for hacking tips. A simple little search of www.google.com would turn up at least 26.600 different sites you could peruse for just that sort of information.
here's a hint : buffer underruns could allow administraitve authority. And yes then there's that over publicized universal Plug and play thing. You could always use that.
I think I know the reason why personal firewall programs haven't caught on as well as they should.. Think about it for a second......those companies are in essence selling condoms,and most people don't want the world to know they cover up their Jimmy!!!!!
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
-
January 29th, 2002, 04:41 PM
#7
Re: Vulnerabilities Of Win XP?
Another "safe" way to show security holes is to use Nessus security scanner. The deamon have to be running on a *nix box, but a client is available for win32. If you have a *nix box I would advice you to use Nessus (maybe not as fun as doing it yourself though :)).
Originally posted by gecko
Hi Net Security People
A friend has given me *permission* to "hack" their XP computer. They think
that security is a joke and XP erases all needs for such. -Gecko
Website: www.nessus.org
The "Nessus" Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner. A security scanner is a software which will audit remotely a given network and determine whether bad guys (aka 'crackers') may break into it, or misuse it in some way.
Unlike many other security scanners, Nessus does not take anything for granted. That is, it will not consider that a given service is running on a fixed port - that is, if you run your web server on port 1234, Nessus will detect it and test its security. It will not make its security tests regarding the version number of the remote services, but will really attempt to exploit the vulnerability.
-
February 3rd, 2002, 12:56 PM
#8
Junior Member
Thank You Replyers..
Today have Re-confirmed explicit permission to experiment with said friends
computer. Phase #1
Will go there tomorrow and will obtain IP using IP Agent. I tried
to find IP previously using e-mail header info, found origination IP to be
mail server, AOL , not the originating computer IP. Did I miss anything?
Obviously, this is a friendly experiment done for knowledge only and to test
presumtions of computer security issues. To any skeptics out there,,
I am planning to post a web page about this including all revevant info, including
our written agreement, the types of approach to the problem and, *what actually happens*.
I live in USA and if *anyone* has any question about its, ahh, "legal propriety", YouGottaPost I know AO would/could do little to help me otherwise and they have a good IP for my machine, so I am pretty confident..
Anyways, I think this is fun and want everybody to know what actually occurs...
Will post Phase #2 soon but this may take time.
Gecko
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|