[...]... 21 The Worm Turns—Ryan Russell and Tim Mullen After a few hours, I’ve got a tool that seems to work Geeze, 4:30 A.M I mail it to the list for people to check out and try Heh, it’s tempting to use the root.exe and make the infected boxes TFTP down my tool and fix themselves Maybe by putting it out there some idiot will volunteer himself Otherwise the tool won’t do much good, the damage is done I’m showing... Registry, as well as dump the SAM.There is also a tool for doing a minimal analysis of a SQL Server with the output viewable as HTML .The tool suite requires access to the sa account in order to run some of the tools, but this usually is not a problem If the SQL administrator has removed the xp_cmdshell extended procedure, the tool temporarily restores xp_cmdshell In order to do this, the dynamic link library... When they told me they were giving me walking papers, all I could see was red Just who did they think they were dealing with anyway? I gave these clowns seven years of sweat, weekends, and three-in -the- morning handholding And for what? A lousy week’s severance? I built that IT organization, and then they turn around and say I’m no longer needed.They said they’ve decided to “outsource” all of their IT to. .. for network devices like Cisco routers and switches I have a directory dedicated to default passwords for various systems and accounts All in all, I have a pretty big toolbox for cracking into networks Once I get into a system, I usually try to dump out either the SAM or capture the UNIX password and shadow files If I can get those, then I download them to my local system and run them through John the. .. the three-way handshake TCP uses to establish a connection.This tends to allow me to avoid being detected by IDSs if I’m also careful to slow down the scan I prefer to use a SYN scan rather than a full-connect scan, because a connect scan will probably log the connection somewhere and may alert the network administrators that something suspicious is going on So, for these guys, I slowed the scan down... the years I keep everything in what I call an “attack tree” directory structure Essentially, I have exploits broken down between UNIX exploits and Windows-based exploits From there, I break down these two categories into the subcategories of remote and local.Then I subdivide the remote and local categories into exploits for various services .The next level is the breakdown of the exploits based on the. .. but they wouldn’t listen.They said, “policy is policy,” and “didn’t you read the fine print?” Well, if they’re going to take that position… Look, they were okay guys on the whole.They just needed a bit of a lesson.That’s all So, there I was, the day after Christmas, with nothing to do .The family gathering was over I decided to see just how good their site was Just a little peek at what’s under the hood.There’s... about the phone numbers to the dial-up modem bank, how you should configure your software, and if you think the technical people defending the system have the skills to keep you out.These attacks are generally performed over the phone after substantial research has been done on the target.They are hard to defend against in a large company because everyone generally wants to help each other out, and the. .. provided a plethora of information See, that’s the beauty of SSL: It hides things from the IDSs.They can’t see into the data stream, because the data stream is encrypted Isn’t that lovely? So to get the scans of their SSL servers, I had to set up an SSL tunnel and then use that to conduct my scans.That’s easy enough to do with one of the tools in my toolbox called—big surprise—SSL Proxy SSL Proxy (sslproxy)... they said that they wouldn’t take the card back because it was a closeout.Their site didn’t say that the card was a closeout! I told the support drones that, but they wouldn’t listen.They said, “policy is policy,” and “didn’t you read the fine print?” Well, if they’re going to take that position… Look, they were okay guys on the whole.They just needed a bit of a lesson.That’s all xi 249_StealThis_TOC . your network. 249_StealThis_TOC. qxd 4/18/03 5:55 PM Page xvii 249_StealThis_TOC. qxd 4/18/03 5:55 PM Page xviii Stealing the Network: How to Own the Box is a unique book in the fiction depart- ment use the root.exe and make the infected boxes TFTP down my tool and fix themselves. Maybe by putting it out there some idiot will volunteer himself. Otherwise the tool won’t do much good, the. curriculum for the same. Other books Ken has co-authored or contributed to include Hack Proofing Your Network, Second Edition (Syngress Publishing, ISBN: 1-9 2899 4-7 0-9 ), The Definitive Guide to Network