Page 1 of 1
Class project
Posted: 04 Aug 2009, 14:19
by Softball
Hey everyone,
I wanted to get some input from you all on this project I need to do for school. I need to come up with a "Hack" that I can share with the class and besides the basic OS and program password cracking tools out there, I wanted to come up with something cool and worthwhile. I have been scouring the web for a variety of hacks but I haven't quite come up with anything to my liking. The hack can be for Windows or Linux based systems, I would prefer Windows for simplicity, but I'm not opposed to using Linux.
I know there are a few "tech" types around here, so I wanted to pick your brain. Does anyone know of any cool or interesting hacks that you coudl share?
One hack that I was thinking of was to have two separate virtual PCs (2 different VMWare installs of Windows Server 2003) and have remote desktop disabled on the target box. I would connect to the tagret box using Metasploit or some other hacking tool, and enable RDP remotely. I'm not sure if is too basic, but it's the best I could come up with right now.
Your ideas and opinions are appreciated.
Thanks,
SB
Posted: 04 Aug 2009, 14:23
by VEGETA
I am assuming Hacking. first is how dose the target pc get the hack, ie do you put the software for the hack on manually or from email or hell a USB key. Here is my thoughts, a prank hack ok. Buddy asks for files and you give them the special USB key which installs something for said hack. Now you can have said hack software set up to do some non harmful but annoying things to there system such as random cd rom ejection, beeps and smiler annoyances. Of course said software could be used for taking over pc as stated Ie usb goes in and you get complete control any time you want.
Can chat later
So anyone what to borrow my USB keys lol
Posted: 04 Aug 2009, 16:40
by Softball
That's just it, I'll have to use some kind of software vulnerability to gain access to the target PC. Let's assume that I already know the IP number of the target PC (for training purposes). If the target PC is running an Anti-virus program or a firewall, that will make things more difficult. I would most likely run nmap and see what OS and services are running and go from there.
Posted: 04 Aug 2009, 21:15
by Hammer
so you have to demonstrate a hack?
Posted: 04 Aug 2009, 22:23
by VEGETA
well virus detection generally looks for known patterns of known apps/viruses idea. If you find things that a virus scanner don't know or don't consider a threat then its all good. So hey using tools that are considered harmful could be a cool trick
Posted: 05 Aug 2009, 10:45
by Softball
Hammer wrote:so you have to demonstrate a hack?
Exactly.
Posted: 05 Aug 2009, 16:30
by Hudson
Something I'd like to see is a replay attack on a poorly configured Apache web server using mod_auth_kerb without ssl; that would be pretty cool. That being said I don't think it's trivial, would probably require using tcpdump or something similar to collect information and reuse it in a timely manner.
Posted: 05 Aug 2009, 16:31
by daofcmacg
Sounds like someone is taking a network securities class. Sweet!
DA
Posted: 06 Aug 2009, 22:10
by Softball
*BUMP*
Still looking for some ideas and opinions. Serious responses please.
Posted: 07 Aug 2009, 09:06
by daofcmacg
Posted: 07 Aug 2009, 15:23
by Softball
Softball wrote: Serious responses please.
...
Posted: 07 Aug 2009, 15:44
by VEGETA
reminded about a acedental virus a friend of mine made. He ws playing with setting programs on unix box to run in backgrount and activate itself somehow on a timer (not crontab) nothing normal. It activated wrote a fle and was gone. It ended up out of control he could never kill it or find it as it was active so short a time ps never found it. And well he could not turn it off lol
Posted: 07 Aug 2009, 16:31
by daofcmacg
Did he throw the box away????
DA
Posted: 07 Aug 2009, 18:51
by Hudson
"It activated wrote a fle and was gone"
if it was gone it had to reactivate itself somehow... something had to be running and resident in memory. if it survived a reboot it had to be read into memory from disk...
hiding processes, files, or directories would at minimum requires a loadable kernel module; I think he might have created something stupid fun and amusing, but I am dubious of the claim that he created a completely hidden self replicating 'virus' on his computer that was completely incapable of being located or isolated. Virus writers having basically been trying to do something like this since the beginning of virus - well ok some just want to trash your system or delete all your pr0n - but a subset have been trying this for a long time, and still have no succeeded...
Posted: 07 Aug 2009, 19:58
by Softball
I may have found a registry hack to try, but I can only test it at school. Usually, the RDP port is blocked on my school's network.
I would setup a user account on my home PC that I can log in to via Remote Desktop. I would then change a setting in the registry for the RDP port from 3389 to 443 in the registry on my home PC. And then from school, I would log into my home PC using RDP, entering the IP number and the port (443) to connect to my home PC. (For Example: 65.55.45.35:443). Not sure if this will work right.
I'll have to see if I can accomplish this before Monday. Ugh!
Posted: 11 Aug 2009, 08:43
by Softball
UPDATE
I just wanted to share my hack with you all. It is fairly simple, and when I demonstrated this in class, I did it via Remote Desktop using VMWare.
----------------------------------------------------------------
In order for this hack to work, you will need to have access to an Administrative account on the machine. Once you are logged into an Administrative account, use the following these steps to make a hidden user account:
PART 1 – Create a new User
1) Go to: Start/ Control Panel/ User Accounts
2) Create a new user account, call it anything, but let’s call it: Hidden. Make the account a Computer Administrator, and give it a password (password).
3) Click Create Account and take note that the user account Hidden is now on the list of users as an Administrator.
4) Reboot the machine.
You should now see the previous accounts already configured on the machine and the new user account you just created.
PART 2 – Hide the User
5) Log in as the Hidden user.
6) Once logged in as Hidden, select START, RUN, type REGEDIT in the open box, and click OK.
7) Navigate through the registry to the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT
\CurrentVersion\Winlogon\SpecialAccounts\UserList.
Click on the UserList Key folder to select it, and look to the right window pane.
9) Right click in the right-pane and select NEW / DWORD Value, and name it: Hidden. (or the username you gave the account in Step 2)
10) Select the new DWORD value: Hidden, right click and choose Modify. Select the “Decimal” radio button and set the value to: 0. (Zero)
11) Close the registry editor and reboot the machine.
Upon rebooting, at the user selection screen you will notice that the user account Hidden is no longer visible. In order to log in as Hidden, press CTRL+ALT+DEL twice rapidly and a log in box will appear. You can now log in using the Hidden user account.
PART 3 – Verify User Account is hidden.
12) To verify that the account is not visible to other Administrator accounts, log in as an Administrator on the machine.
13) Once logged in on an Administrator account, go to: START / Control Panel / User Accounts. You will notice the Hidden user account is not visible. Neat-o!
14) To make the hidden user account visible again, simply follow the steps in Part 2, delete the newly created DWORD Value, and reboot.
So there you have it; you know how to hack the system registry to hide a user account from the login screen.
---------------------------------------------------
Posted: 11 Aug 2009, 09:39
by VEGETA
so basically you need to have a remote client there already , so do u have a virus of some sorts that installs that for you
Posted: 11 Aug 2009, 21:24
by Softball
No, this would basically be classified as a Social Engineering attack, ie you learn the Administrator Password to a certain machine in order to add your user account and hide it. I could have included some kind of exploit to retain the Admin password, but I didn't want to make it too complex.
Another student had a really cool hack, he reverse engineered a virus program that has been going around the campus computers and made it run Netstat in the BG and remotely send the data to another PC using the SMTP protocol.