PCA Forums

i know it can be done... basically there's a block of IPs that are completely exposed to the net that have windows boxes on the other end of them. more specifically, there's one running w2k pro, another 2 running ME. they've got static Internet (not LAN) IP addresses and as far as i know, the connection goes as follows:

T1 -> Demark -> router (cisco?) -> switch -> wall jacks -> computers

so ... these computers have IPs like 12.120.200.123 and are pingable via the net. what can i do remotely to get into these computers? i don't mean to be destructive as these are potential clients, but i'd like to be able to show them what a big risk it is to be exposed as they are and nothing beats a live demo. or better yet, doing stuff to their computers like deleting, adding, or editing files...

HELP...!?!?

Yeah.. i don't wanna be destuctive i just wanna get into clients computers and "delete"/edit/create...
thats what i said, you think my school belived me?

Just saying don't get caught! although it would serve a good point to the PoTeNtIaL clients (still might get into Sh!t) i don't know what you mean with -> switch ->

Jordan

search google plenty of info on it

The are some good books on hacking/security:
- Hacking Exposed Windows 2000 (the name says everyting)
- Hacking Exposed: Network Security Secrets & Solutions, Third Edition (more general on all OS)
- Maximum Security (3rd Edition) (this is another good book on major OS)

!!! DO NOT TRY THIS WITHOUT THE CLIENT GIVING ITS OK !!!

So you've been warned

My A+ teacher told me that a guy got his job by showing a company he could hack into them. Basically, the head man of the company didn't really see a need for a security guy, so when he got to work a couple days later he noticed a documet (or something) on his desktop basically saying he'd been hacked into. Needless to say the "hacker" got the job

I thought it was a pretty cool story. If this is what you are truely doing (and I see no reason why you would lie) then I would just do something similar. Good luck? hehe.

wow...i recommend against trying to "teach them a lesson". i'm sure there are dream stories where someone got a job that way, but i know what my company would do. it would go something like this:

hacker: "hey, i did this stuff to your exposed pc's...look how vulnerable you are!"
company: "really?! what did you do?"
h: "i didn't do anything bad, and it's a lesson to show you how important it is for security. can i have a job?"
c: "sure...what's your information? name, number...someone will be in touch"


later...

c: "hi, police? visit this guy for us..."

(then they would get an outside security consulatant to come in for a legitimate audit)

to do it right, tell them what you would like to demo so they know about it. if they say "no way" then i wouldn't touch their network.

.02

Agreed with b-man1

TheManiacal1:

I guess you wouldn't mind someone getting into your system to show you how vulnerable your operating system is. Surely you have a router configured as a bastion host? No? Well, what if somebody telenets into your box, removes some key system files, and renders it non-bootable? Is that a problem for you? Are you going to pay that person some money to help you fix your weakness?

Do yourself a favor, and play in your own network. Don't break into other peoples networks, as that is illegal. Most companies today are not stupid enough to hire the guy that hacked into them. They realize that these hackers or crackers need to be punished - not given jobs. Even the script kiddies are going to get no slack. I know that a 10 year old kid, with the right software ware tools, can get into networks and delete files or plant back doors. Did you know that this practice is illegal? Do you know that there are fines for this activity? Try explaining that one to your parents.... :|

Take the advice of b-man1 and Karchiveur - nobody is going to roll over and figure it's just the nature of the game. In my line of work, we recommend that if a client gets hacked, they dump their logs to read only backup, figure out how the hack was accomplished, and then report the event to the police.

This kind of stuff comes up all the time in security forums. Basically the answer is: do it yourself. No matter what your intentions, breaking into some one's computer IS ILLEGAL without their express permission. Check out those books that DocSilly mentioned. All are good reads.

Not to be negative or anything, but if you get a job on borrowed knowlege where will you be when you come into another situation where you are inexperienced?

Originally posted by shaggy
Not to be negative or anything, but if you get a job on borrowed knowlege where will you be when you come into another situation where you are inexperienced?

Right back here Nah, but really... ....I've learned a ton from this place over the years. Sometimes you just need a jump-start.

heh agreed...

besides... i wouldn't be "maniacal" if i didn't try