phrack/phrack63/20.txt

293 lines
13 KiB
Plaintext

==Phrack Inc.==
Volume 0x0b, Issue 0x3f, Phile #0x14 of 0x14
|=-----------------------------------------------------------------------=|
|=--------------------=[ W O R L D N E W S ]=--------------------------=|
|=-----------------------------------------------------------------------=|
*** NSA & PHRACK ***
.. And in a positive way. See:
http://www.nsa.gov/snac/
Which has a section specifically for routers:
http://www.nsa.gov/snac/downloads_cisco.cfm?MenuID=scg10.3.1
And on page 80 Phrack is at the top of the list of references.
**** QUICK NEWS **** QUICK NEWS **** QUICK NEW ***** QUICK NEWS ****
**** QUICK NEWS **** QUICK NEWS **** QUICK NEW ***** QUICK NEWS ****
**** QUICK NEWS **** QUICK NEWS **** QUICK NEW ***** QUICK NEWS ****
And once gain ... two big companies, Cisco and ISS, try to scare free
researchers to not talk about the problems in their software.
Michael Lynn has shown great courage and made use of his natural-born
rights: to talk.
Quote from his homepage:
'People who know me will tell you I have a long history of
not being afraid of people I should.'
Kudos to Lynn from the Staff @ Phrack.
From Michael Lynn's homepage:
A dangerous culture regarding hardware based network devices as impervious
to remote compromise has been allowed to exist. Mike has taken on enormous
personal risk to do the right thing for the security research community by
coming forward with his research and bringing this problem into focus.
Cisco has consistently been on the forefront of this dangerous culture. They
exercise a strategy of walling off updates and information only to those
with support contracts. In many areas of critical infrastructure, engineers
are often limited in their ability to utilize the latest security updates
due to their IOS feature train. For years, attempting to adopt SSH as the
primary method of administration for Cisco hardware has provided a perfect
example of Cisco's broken security culture. Their handling of this situation
is putting icing on the cake. We must encourage change in Cisco's security
culture.
ISS's actions to date have shown an effect of this broken security culture.
ISS's handling of this critical security threat and the researcher that
found it have been less then desirable. We are confident our free-market
business and media environment will result in both ISS and Cisco learning
lessons from this event.
http://www.nicklevay.net/
http://blogs.pcworld.com/staffblog/
http://blogs.washingtonpost.com/securityfix/2005/07/update_to_cisco.html
---
Welcome to Austin/Texas International Airport. Please check out our
new camera system. We can spy on our employees, our citizans and
even on our president. Try it out now:
http://lobbycamera4.abia.org
---
Microsofts goes l33t: The 31337 dictionary
http://www.microsoft.com/athome/security/children/kidtalk.mspx
---
This is a big fuckup of what happens if you dont watch out:
1) An attack happens
2) Politicans scare the shit out of the people and tell them it will
happen again!
3) People accept to give up their rights, their freedom and their brain.
4) People get fucked by what the policticans told them would help
against terror.
Ladies and Gentlemen, the TSA-FUCKUP:
http://www.komotv.com/stories/37150.htm
I love this quote: And I said what about my constitutional rights? And
they said 'not at this point ... you don't have any'."
---
DVD copy software illegal in the netherlands.
http://www.theregister.co.uk/2005/07/25/dvd_copy/
http://www.theregister.co.uk/2005/07/25/uk_war_driver_fined/
Wait a moment? The software? I would even protest if it would
be the act of copying. But the software? What fuckup is this?
1) I buy a DVD
2) I buy software to copy DVD
3) I make a copy of my OWN DVD for MY OWN purpose
4) I make a copy of my OWN DVD for my FRIEND
5) I make a copy of my friends DVD for MY FRIEND
6) I make a copy of my friends DVD for ME
7) I make MANY copies of my friends DVD for OTHERS
So where does warez trading start? Netherlands, that was a bad move. The
people of the Netherlands are not stupid. They will never allow you to
forbid them to make a copy of their own DVDs. And for sure you will never
ever be able to forbid them to develop and research software to copy
DVDs or any other software.
Other countries would have sponsored smart guys who can write such software.
The people of the Netherlands will fight for their rights. Free speech & free
research will win in the end.
---
|=-------=---------------------------------------------------------------=|
|=[ Social Penetration Testing ]=----------------------------------------=|
|=-------=---------------------------------------------------------------=|
By Pascal Cretain (Pascal_Cretain@mail.com)
I' say with certainty that the MD5 checksum of each and every one of the
last, say 200 days has not been tampered with and is the same in all cases.
It's yet another dull day in the office and I'm bored out of my f***ing skull.
This new client not only wants an 'external blind pen test' they also want
'comprehensive static code analysis'. Why they are paying money to 'secure'
this monstrosity is beyond me. It doesn't even have an authentication
section. Bollocks.
A DNS zone transfer request greets me cheerfully with all their internal
network structure...not that I will need that since they have only asked
for webserver testing but it's good to know anyway. I launch that damn
nessus scan for the millionth time and I senselessly wait for the attack
progress bar to complete'no joy. I fire up Nikto, Webscan, N-Stealth AND
ISS at the same time enabling all dangerous plugins in an attempt to DoS
this ugly webserver, certainly not running Free/GNU open source software
but something proprietary and expensive starting from I and ending in IS.
In addition to that I launch independent SYN FLOOD attacks and distributed
teardroping to improve my chances of achieving the goal. Soon, the website
falls clumsily like a non-armoured villager in the battle of Waterloo.
I smile with content as the overbloated, dysmorphic, dynamic html pages are
soon replaced with a plain, powerful, beautiful and snowy white 404 error.
A minute of silence and peace is instantly shattered by the phone ringing.
It's the operations manager.
- Pascal, they people from Dorksershire_Upon_Avon just called me complaining
that the website is down. Does that have something to do with the pen
testing we perform?
- Well , partially yes, I respond. And then, more aggressively I explain
"If the client wants a penetration test to be complete they have to get
their website tested against Denial Of Service Attacks, the most innocuous
and common type of attack nowadays. They will thank us for that,
eventually. Moreover, we had warned them about the danger of DoS when
they signed the contract. Despite the fact that we take every precaution
to avoid such a side-effect, DoS is a risk that comes bundled with proper
testing. I clearly remember that sales guy. He'd thought that with the
term DoS I meant that black, command-line pre-windows OS, the one that
emptied the screen when you typed CLS. Oh well.
- Thank you Pascal, I will inform them.
It's already 4+30...I'd like to escape earlier today, especially now, after
the DoS unfortunate 'incident' that has put a temporary pause to our duties
I can't do much.
The operations manager is now gone, or he might even be in the loo, who
cares, now is my ultimate chance to scram. Within seconds, literally, I'm
sitting right in the middle of the 'Thirsty Fox' pub. Oooh I love this
place.
- Pint of John Smith's please
- Sure mate
- Cheers
- Cheers
A fractal amount of ale gets spilled over the counter
- Sorry
- Sorry
- That's all right mate
- Cheers
- Cheers
I grab the glass and drink half of the beer in one go. Then I look around
for female presence vulnerable to man in the middle attack. Equipped with
my brand new 'penetration testing anyone?' t-shirt, I can't lose.
There she is! Black hair, my type. I down the rest of my drink, order
another pint.
- Pint of John Smith's please
- Sure mate
- Cheers
- Cheers
I Grab the glass and make my move.
- Hey
- Hiya.
- You come here often? I say with an epic voice
- Yeah , quite often she responds uninterested
- You know, I'm a penetration tester. My voice is deep and certainly erotic.
- *Silence*
- I'm a hacker, I say, and I get paid to do it.
- Ha. That's interesting. Do you hack hotmail?
- Of course, I respond confidently. I'm a Hotmail Hacking Certified Reverse
Engineer and president of the British Open Source institute for
...mm...E-mail Compromise (HHCRE&PBOSIEC)
- Wow, she says impressed. Could you offer me your valuable help then please?
There is a particular email account that I have forgotten the password for
and has critical information for me. The account is
Brutus_Needham@hotmail.com...Would you help me hack it?
- Sure, no worries. Why don't we finish these drinks and be gone, I live
nearby. In my place I got 1Gb Download/512MB X-DSL access, 3 workstations
and 2 mainframes running different command-line OSs. In the worst case
scenario, we can always run a distributed john the ripper dictionary attack
using my VERY LONG AND THICK dictionaries, I say in an attempt to impress.
The girl is moving her head, looking somehow puzzled. We'll sort out your
situation in a jiffy, I add to simplify things. Say, how can this be your
email account, tho'? isn't that a man's name? I say while blinking at the
same time.
- Well. _blush_ ok you got me! It's my darn ex boyfriend and I have to find
out what he has been doing! If you don' mind.
- No worries, we can take care of that. I'm glad I can be of assistance.
Your female friend can join us as well if she feels like a 'small
penetrating class' free of charge!, I say, while making some fast, and
certainly erotic & meaningful gestures.
- Yeah, why not! sounds like fun! , both girls reply.
- Bingo. Let's get to some real penetration testing, I think to myself while
smiling.
I don't own a car since I believe that it's a good idea not to acquire
products that will make your life more stressful and costly. Why pay car
insurance, petrol and refrain one's self from the wonderful act of drinking
John Smith's when you can use public transport completely wasted, or walk,
or cycle (wasted). Generally, I consider that people should only buy goods
that they absolutely need. An oscilloscope, for instance, is an example of
an absolutely necessary device, that's why I own two of them. Other than
that, not owning things provides the luxury of being flexible, free, and
ensures you tread lightly on this earth. Anywayz.
So we walk home, myself in the middle , girls on both sides.
- So, what's your name, hacker? One of the girls asks.
- Pascal, I reply. Pascal Cretain.
- Ha, this is not a very usual name. Where do you come from , Pascal?
- I come from the land of Compromise. I respond, looking at the void.
- You are an interesting one, Pascal. I honestly hope you're not
bullshiting around with us.
- As a true hacker, I will speak with actions and not with useless words,
I say. Just wait till we crack that Brutus who needs ham, girl.
Soon, all three of us are sitting comfortably in my messy 'IT room'. One
of the girls asks:
- Hey, where is your equipment mate? Didn't you say you had five computers
with X-LSD internet? All I can see is a shitty laptop! What's going on?
And where is the LSD?
- Don't worry honey, I reply with a calm voice. My computer equipment is all
here. But not quite. This laptop basically is the access point to my REAL
IT infrastructure, which resides somewhere near - very near. Unfortunately,
due to non-disclosure confidentiality agreements, I cannot inform you of
the real location of my computers, nor show you around, tho' I'd love
to - sigh. The girls are gazing at me, unconvinced
- Oh well , whatever. D'you have anything we can drink then?
- Sure, I got John Smith's premium Ale. They grab a can each and start
chatting about online shopping.
I grab a can and quickly get to work . I browse to passport.net, then reset
password, choose country, type in the username....wait for the Brutus'
'Secret' question. Fuck yeah!
- Hey, girl, you didn't tell me your name. I ask the 'interested party'.
'Jude' she responds..I type in the answer to Brutus's secret question,
then reset the password to 'Oscilloscoped'
- Mine is Gloria , the other girl says.
- Hey Jude, I says. Wanna come over here? I got somethin' for you. Fact I
got two. I blink.
Both girls approach. I sit back and smile.
It's not such a bad day after all.
|=[ EOF ]=---------------------------------------------------------------=|