I know that hacking into a machine with a server is a possibility... even if its difficult, but it can be done eventually.
what about a box that literary nothing is installed on it... simply put: a PC with windows XP as an OS, connected to the internet via router.
And here i mean hacking, not sending a trojan, or a remote key logger or some thing like that! i mean actually going into the device in a professional way...
I am asking this just out of curiosity.
hacking into...
hacking into...
mahmoud_shihab@hotmail.com
-
- cyber messiah
- Posts: 1201
- Joined: 30 Apr 2006, 16:00
- 17
- Location: 127.0.0.1
well i guess the answer to this is obvious, if you dont have any window in the wall, you wont expect a thief.
But i am not sure how well administered machine are we talking about, we have machines which are stripped of all the services, and we have a default configuration.
Normally there are many other services which listen by default on windows, an example would be netbios, or you must have heard of infamous IPC$ exploit, and i am sure that microsoft has opened up many hacking opportunities with .NET remoting (RPC) for budding hackers but who gives a shit to microsoft anyway.
These and similar services are usually running, anyway if a computer is connected to the internet with no services running, we have to rely on him interacting with the internet, we need a path, to get in, now we can get in from the paths meant to get in( services) or we can sneak into the path meant for getting out(ephemeral ports binded with sockets meant for outgoing packets).
There are a lot of potential bugs/vulnerabilities in software that interacts with the internet, for e.g. internet explorer, windows media player, and all of these have buffer overflow exploits, i am sure no one has found or bothered to find out yet.
That would obviously mean setting up server smart enough to identify the opportunity(vulnerability in this case), to do the actions, and make its way in. OR we can say it should wait for its prey to make a move
Well i am only talking in theory,
It isnt something new, once i installed a proxy on a network, and all the requests went via that, which means all the user passwords were with me, for all the people using the computers on those networks, their email ids and whatnot, simply i put a proxy to collect it and no virus scanner or firewall ever had a clue. It was simple as that.
But hypothetically, if a computer is on internet with not a single damn service running/up, and the system is sitting idle, without any process accessing the internet, then yes, it is impossible to hack that system remotely.
Even in that scenario, if i had sworn to hack that bitch, i'd look for something in things like QOS packet scheduler which is enabled by default, or i am not sure but even svchost.exe wants to get out to the internet, i guess that has something to do with networking services, and dlls. Ofcourse there are a lot of possibilities for having fun, but i have better things to do.. and i have already retired.. so i dont really wanna find out
But i am not sure how well administered machine are we talking about, we have machines which are stripped of all the services, and we have a default configuration.
Normally there are many other services which listen by default on windows, an example would be netbios, or you must have heard of infamous IPC$ exploit, and i am sure that microsoft has opened up many hacking opportunities with .NET remoting (RPC) for budding hackers but who gives a shit to microsoft anyway.
These and similar services are usually running, anyway if a computer is connected to the internet with no services running, we have to rely on him interacting with the internet, we need a path, to get in, now we can get in from the paths meant to get in( services) or we can sneak into the path meant for getting out(ephemeral ports binded with sockets meant for outgoing packets).
There are a lot of potential bugs/vulnerabilities in software that interacts with the internet, for e.g. internet explorer, windows media player, and all of these have buffer overflow exploits, i am sure no one has found or bothered to find out yet.
That would obviously mean setting up server smart enough to identify the opportunity(vulnerability in this case), to do the actions, and make its way in. OR we can say it should wait for its prey to make a move
Well i am only talking in theory,
It isnt something new, once i installed a proxy on a network, and all the requests went via that, which means all the user passwords were with me, for all the people using the computers on those networks, their email ids and whatnot, simply i put a proxy to collect it and no virus scanner or firewall ever had a clue. It was simple as that.
But hypothetically, if a computer is on internet with not a single damn service running/up, and the system is sitting idle, without any process accessing the internet, then yes, it is impossible to hack that system remotely.
Even in that scenario, if i had sworn to hack that bitch, i'd look for something in things like QOS packet scheduler which is enabled by default, or i am not sure but even svchost.exe wants to get out to the internet, i guess that has something to do with networking services, and dlls. Ofcourse there are a lot of possibilities for having fun, but i have better things to do.. and i have already retired.. so i dont really wanna find out
- CommonStray
- Forum Assassin
- Posts: 1215
- Joined: 20 Aug 2005, 16:00
- 18
-
- cyber messiah
- Posts: 1201
- Joined: 30 Apr 2006, 16:00
- 17
- Location: 127.0.0.1
You can allways use metasploit or google around for ms08_067_netapi exploit
(need file and printer shareing on)....
(need file and printer shareing on)....
Last edited by remotepwn on 08 Jun 2009, 08:09, edited 1 time in total.
well, definitely we don't want to do this for harm, but always beaing aware of the theoretical part of things makes you knowledgeable, and knowledge is powerCommonStray wrote:why would you want to get into a system that has nothing on it?
default configs dont really give you anything to go on...
mahmoud_shihab@hotmail.com
- CommonStray
- Forum Assassin
- Posts: 1215
- Joined: 20 Aug 2005, 16:00
- 18
The professional way to hack a desktop PC is either physically putting your hands on it - or directing it to a server that has server-side apps to exploit the visiting PC.
Directing the PC to a server is easy with mis-direction or spoof - and since the PC's firewall has already approved traffic via port 80 and its return port - anything can now pass through that connection. Browsers are no longer html driven apps - with all the social networking apps and other interactive shit people code into their sites - the broswer is now a app capable of running other active scripts. And stuff like this can confuse a firewall, or the user controlling the firewall "facebook requires a plug-in to be downloaded so you can see your gay friends"
Even attaching to a server to download a picture is a risk - that server can send other data through the same port the computer thinks its downloading a picture, but the server is using the lag to run its own scans.
The permission you gave the website to download a picture, is actually permission to access your computer. This is a tactic used by crackers - spam is becoming picture oriented - it bypasses the keyword spam filters, and when people click on the image - it takes them to the bad server. They can also just send an email with a URL, if it is legitimate - it could be a site effected by RFI,XSS, which will just re-direct you to the bad server.
The server can geolocate the IP, determine the OS, determine the firewall/AVP, and craft a payload just for that setup. This is very important - as the server can scan for the appropriate malware to send based on the server scan of your computer. For crackers that just send emails with a malware - they are doing so blind - as they usually don't know what OS or apps the recipent has on their computer.
DNR
Directing the PC to a server is easy with mis-direction or spoof - and since the PC's firewall has already approved traffic via port 80 and its return port - anything can now pass through that connection. Browsers are no longer html driven apps - with all the social networking apps and other interactive shit people code into their sites - the broswer is now a app capable of running other active scripts. And stuff like this can confuse a firewall, or the user controlling the firewall "facebook requires a plug-in to be downloaded so you can see your gay friends"
Even attaching to a server to download a picture is a risk - that server can send other data through the same port the computer thinks its downloading a picture, but the server is using the lag to run its own scans.
The permission you gave the website to download a picture, is actually permission to access your computer. This is a tactic used by crackers - spam is becoming picture oriented - it bypasses the keyword spam filters, and when people click on the image - it takes them to the bad server. They can also just send an email with a URL, if it is legitimate - it could be a site effected by RFI,XSS, which will just re-direct you to the bad server.
The server can geolocate the IP, determine the OS, determine the firewall/AVP, and craft a payload just for that setup. This is very important - as the server can scan for the appropriate malware to send based on the server scan of your computer. For crackers that just send emails with a malware - they are doing so blind - as they usually don't know what OS or apps the recipent has on their computer.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
-
- cyber messiah
- Posts: 1201
- Joined: 30 Apr 2006, 16:00
- 17
- Location: 127.0.0.1
Incase our target is specific person/computer, we will have to make him visit our server on which we have set the trap on, unless you're going for man-in-middle sort of attack..
With modern multimedia,(let's take HTTP protocol), the http protocol has evolved a long way, but lets not forget, there still is a protocol, and all the data we transfer has to be in compliance with the protocol, we surely can send data from those ports easily, but the main challenge is, how do you exploit the target with your data,
A script is only limited to certain amount of control, like javascript you can control roughly no more than a browser. you can think of installing malicous extensions, or malicious java applets, and in case of IE, activeX is your easiest way in.
So like i said, this is where vulnerabilities come into picture, which allow us to gain more control than ever intended, and since the firewall is already allowing it, we need not worry about it.
The only objective of a hacker to own the box is to be able to run a line of code once on that box with full perms.
These perms can be directly obtained by something direct like buffer overflow, where you can actually stuff instructions in stack provided the data in stack is executable.
OR these perms can be obtained by camoflaging itself within the parent application/environment.
But there is still certain amount of skill required, one of the lamest spyware attempt i have seen is:
You go to a site to download something you've been googling for a while,
and this site badly wants you to install some browser extension or something,
it asks me "ok" or "cancel", i click on "cancel", and it pops again, and i hit cancel thousand times and it popped up 1001 times, that was really funny and lame.
It was aimed to frustrate user into submission and click ok...
So i am not really suggesting you do this, but damn, people have found weird ways.. and its so funny
With modern multimedia,(let's take HTTP protocol), the http protocol has evolved a long way, but lets not forget, there still is a protocol, and all the data we transfer has to be in compliance with the protocol, we surely can send data from those ports easily, but the main challenge is, how do you exploit the target with your data,
A script is only limited to certain amount of control, like javascript you can control roughly no more than a browser. you can think of installing malicous extensions, or malicious java applets, and in case of IE, activeX is your easiest way in.
So like i said, this is where vulnerabilities come into picture, which allow us to gain more control than ever intended, and since the firewall is already allowing it, we need not worry about it.
The only objective of a hacker to own the box is to be able to run a line of code once on that box with full perms.
These perms can be directly obtained by something direct like buffer overflow, where you can actually stuff instructions in stack provided the data in stack is executable.
OR these perms can be obtained by camoflaging itself within the parent application/environment.
But there is still certain amount of skill required, one of the lamest spyware attempt i have seen is:
You go to a site to download something you've been googling for a while,
and this site badly wants you to install some browser extension or something,
it asks me "ok" or "cancel", i click on "cancel", and it pops again, and i hit cancel thousand times and it popped up 1001 times, that was really funny and lame.
It was aimed to frustrate user into submission and click ok...
So i am not really suggesting you do this, but damn, people have found weird ways.. and its so funny