Class project

Projects, "toy" collections, etc.

Moderator: RLG MGMT Team

Post Reply
Softball
Posts: 6064
Joined: 29 Jun 2002, 18:11
Location: San Diego, CA

Class project

Post by Softball » 04 Aug 2009, 14:19

Hey everyone,

I wanted to get some input from you all on this project I need to do for school. I need to come up with a "Hack" that I can share with the class and besides the basic OS and program password cracking tools out there, I wanted to come up with something cool and worthwhile. I have been scouring the web for a variety of hacks but I haven't quite come up with anything to my liking. The hack can be for Windows or Linux based systems, I would prefer Windows for simplicity, but I'm not opposed to using Linux.

I know there are a few "tech" types around here, so I wanted to pick your brain. Does anyone know of any cool or interesting hacks that you coudl share?

One hack that I was thinking of was to have two separate virtual PCs (2 different VMWare installs of Windows Server 2003) and have remote desktop disabled on the target box. I would connect to the tagret box using Metasploit or some other hacking tool, and enable RDP remotely. I'm not sure if is too basic, but it's the best I could come up with right now.

Your ideas and opinions are appreciated.

Thanks,

SB
Image

Image

"SILENCE, I KILL YOU!!" - Achmed the Dead Terrorist

VEGETA
Posts: 3637
Joined: 13 Mar 2002, 16:00
Location: Brampton, Ontario, Canada Eh

Post by VEGETA » 04 Aug 2009, 14:23

I am assuming Hacking. first is how dose the target pc get the hack, ie do you put the software for the hack on manually or from email or hell a USB key. Here is my thoughts, a prank hack ok. Buddy asks for files and you give them the special USB key which installs something for said hack. Now you can have said hack software set up to do some non harmful but annoying things to there system such as random cd rom ejection, beeps and smiler annoyances. Of course said software could be used for taking over pc as stated Ie usb goes in and you get complete control any time you want.

Can chat later


So anyone what to borrow my USB keys lol

Softball
Posts: 6064
Joined: 29 Jun 2002, 18:11
Location: San Diego, CA

Post by Softball » 04 Aug 2009, 16:40

That's just it, I'll have to use some kind of software vulnerability to gain access to the target PC. Let's assume that I already know the IP number of the target PC (for training purposes). If the target PC is running an Anti-virus program or a firewall, that will make things more difficult. I would most likely run nmap and see what OS and services are running and go from there.
Image

Image

"SILENCE, I KILL YOU!!" - Achmed the Dead Terrorist

Hammer
Posts: 7806
Joined: 11 May 2005, 14:50

Post by Hammer » 04 Aug 2009, 21:15

so you have to demonstrate a hack?
Helmut

VEGETA
Posts: 3637
Joined: 13 Mar 2002, 16:00
Location: Brampton, Ontario, Canada Eh

Post by VEGETA » 04 Aug 2009, 22:23

well virus detection generally looks for known patterns of known apps/viruses idea. If you find things that a virus scanner don't know or don't consider a threat then its all good. So hey using tools that are considered harmful could be a cool trick

Softball
Posts: 6064
Joined: 29 Jun 2002, 18:11
Location: San Diego, CA

Post by Softball » 05 Aug 2009, 10:45

Hammer wrote:so you have to demonstrate a hack?


Exactly.
Image

Image

"SILENCE, I KILL YOU!!" - Achmed the Dead Terrorist

Hudson
Posts: 1752
Joined: 12 May 2003, 20:57

Post by Hudson » 05 Aug 2009, 16:30

Something I'd like to see is a replay attack on a poorly configured Apache web server using mod_auth_kerb without ssl; that would be pretty cool. That being said I don't think it's trivial, would probably require using tcpdump or something similar to collect information and reuse it in a timely manner.
Last edited by Hudson on 05 Aug 2009, 17:15, edited 1 time in total.

daofcmacg
Posts: 1546
Joined: 01 Jul 2002, 09:38
Location: Chicago
Contact:

Post by daofcmacg » 05 Aug 2009, 16:31

Sounds like someone is taking a network securities class. Sweet!

DA
Death Angel, SGT, 13th MEU

Fly Low Fly Hard Move MUDD!
If you can see it you can take it down!
MAVERICK!!!!

Softball
Posts: 6064
Joined: 29 Jun 2002, 18:11
Location: San Diego, CA

Post by Softball » 06 Aug 2009, 22:10

*BUMP*

Still looking for some ideas and opinions. Serious responses please.
Image

Image

"SILENCE, I KILL YOU!!" - Achmed the Dead Terrorist

daofcmacg
Posts: 1546
Joined: 01 Jul 2002, 09:38
Location: Chicago
Contact:

Post by daofcmacg » 07 Aug 2009, 09:06

How about a self replicating virus. Everytime its destroyed it only regenerates into another more dangerous virus that is already out there. PDT_Armataz_01_14 PDT_Armataz_01_14 PDT_Armataz_01_14 PDT_Armataz_01_14 PDT_Armataz_01_14 PDT_Armataz_01_14 PDT_Armataz_01_14

Pinky finger up to mouth as I say I want a GAGILLION DOLLARS for the fix.

HAAAAHAAAAAHAAAAHAAAAAA!!!!!!

DA
Death Angel, SGT, 13th MEU

Fly Low Fly Hard Move MUDD!
If you can see it you can take it down!
MAVERICK!!!!

Softball
Posts: 6064
Joined: 29 Jun 2002, 18:11
Location: San Diego, CA

Post by Softball » 07 Aug 2009, 15:23

Softball wrote: Serious responses please.


daofcmacg wrote:How about a self replicating virus. Everytime its destroyed it only regenerates into another more dangerous virus that is already out there. PDT_Armataz_01_14 PDT_Armataz_01_14 PDT_Armataz_01_14 PDT_Armataz_01_14 PDT_Armataz_01_14 PDT_Armataz_01_14 PDT_Armataz_01_14

Pinky finger up to mouth as I say I want a GAGILLION DOLLARS for the fix.

HAAAAHAAAAAHAAAAHAAAAAA!!!!!!

DA


...
Image

Image

"SILENCE, I KILL YOU!!" - Achmed the Dead Terrorist

VEGETA
Posts: 3637
Joined: 13 Mar 2002, 16:00
Location: Brampton, Ontario, Canada Eh

Post by VEGETA » 07 Aug 2009, 15:44

reminded about a acedental virus a friend of mine made. He ws playing with setting programs on unix box to run in backgrount and activate itself somehow on a timer (not crontab) nothing normal. It activated wrote a fle and was gone. It ended up out of control he could never kill it or find it as it was active so short a time ps never found it. And well he could not turn it off lol

daofcmacg
Posts: 1546
Joined: 01 Jul 2002, 09:38
Location: Chicago
Contact:

Post by daofcmacg » 07 Aug 2009, 16:31

Did he throw the box away????
DA
Death Angel, SGT, 13th MEU

Fly Low Fly Hard Move MUDD!
If you can see it you can take it down!
MAVERICK!!!!

Hudson
Posts: 1752
Joined: 12 May 2003, 20:57

Post by Hudson » 07 Aug 2009, 18:51

"It activated wrote a fle and was gone"

if it was gone it had to reactivate itself somehow... something had to be running and resident in memory. if it survived a reboot it had to be read into memory from disk...

hiding processes, files, or directories would at minimum requires a loadable kernel module; I think he might have created something stupid fun and amusing, but I am dubious of the claim that he created a completely hidden self replicating 'virus' on his computer that was completely incapable of being located or isolated. Virus writers having basically been trying to do something like this since the beginning of virus - well ok some just want to trash your system or delete all your pr0n - but a subset have been trying this for a long time, and still have no succeeded...

Softball
Posts: 6064
Joined: 29 Jun 2002, 18:11
Location: San Diego, CA

Post by Softball » 07 Aug 2009, 19:58

I may have found a registry hack to try, but I can only test it at school. Usually, the RDP port is blocked on my school's network.

I would setup a user account on my home PC that I can log in to via Remote Desktop. I would then change a setting in the registry for the RDP port from 3389 to 443 in the registry on my home PC. And then from school, I would log into my home PC using RDP, entering the IP number and the port (443) to connect to my home PC. (For Example: 65.55.45.35:443). Not sure if this will work right.

I'll have to see if I can accomplish this before Monday. Ugh!
Image

Image

"SILENCE, I KILL YOU!!" - Achmed the Dead Terrorist

Softball
Posts: 6064
Joined: 29 Jun 2002, 18:11
Location: San Diego, CA

Post by Softball » 11 Aug 2009, 08:43

UPDATE

I just wanted to share my hack with you all. It is fairly simple, and when I demonstrated this in class, I did it via Remote Desktop using VMWare.

----------------------------------------------------------------

In order for this hack to work, you will need to have access to an Administrative account on the machine. Once you are logged into an Administrative account, use the following these steps to make a hidden user account:

PART 1 – Create a new User
1) Go to: Start/ Control Panel/ User Accounts

2) Create a new user account, call it anything, but let’s call it: Hidden. Make the account a Computer Administrator, and give it a password (password).

3) Click Create Account and take note that the user account Hidden is now on the list of users as an Administrator.

4) Reboot the machine.

You should now see the previous accounts already configured on the machine and the new user account you just created.

PART 2 – Hide the User
5) Log in as the Hidden user.

6) Once logged in as Hidden, select START, RUN, type REGEDIT in the open box, and click OK.

7) Navigate through the registry to the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT
\CurrentVersion\Winlogon\SpecialAccounts\UserList.

8) Click on the UserList Key folder to select it, and look to the right window pane.

9) Right click in the right-pane and select NEW / DWORD Value, and name it: Hidden. (or the username you gave the account in Step 2)

10) Select the new DWORD value: Hidden, right click and choose Modify. Select the “Decimal” radio button and set the value to: 0. (Zero)

11) Close the registry editor and reboot the machine.

Upon rebooting, at the user selection screen you will notice that the user account Hidden is no longer visible. In order to log in as Hidden, press CTRL+ALT+DEL twice rapidly and a log in box will appear. You can now log in using the Hidden user account.

PART 3 – Verify User Account is hidden.
12) To verify that the account is not visible to other Administrator accounts, log in as an Administrator on the machine.

13) Once logged in on an Administrator account, go to: START / Control Panel / User Accounts. You will notice the Hidden user account is not visible. Neat-o!

14) To make the hidden user account visible again, simply follow the steps in Part 2, delete the newly created DWORD Value, and reboot.


So there you have it; you know how to hack the system registry to hide a user account from the login screen.

---------------------------------------------------
Image

Image

"SILENCE, I KILL YOU!!" - Achmed the Dead Terrorist

VEGETA
Posts: 3637
Joined: 13 Mar 2002, 16:00
Location: Brampton, Ontario, Canada Eh

Post by VEGETA » 11 Aug 2009, 09:39

so basically you need to have a remote client there already , so do u have a virus of some sorts that installs that for you

Softball
Posts: 6064
Joined: 29 Jun 2002, 18:11
Location: San Diego, CA

Post by Softball » 11 Aug 2009, 21:24

No, this would basically be classified as a Social Engineering attack, ie you learn the Administrator Password to a certain machine in order to add your user account and hide it. I could have included some kind of exploit to retain the Admin password, but I didn't want to make it too complex.

Another student had a really cool hack, he reverse engineered a virus program that has been going around the campus computers and made it run Netstat in the BG and remotely send the data to another PC using the SMTP protocol.
Image

Image

"SILENCE, I KILL YOU!!" - Achmed the Dead Terrorist

Post Reply