293 lines
13 KiB
Plaintext
293 lines
13 KiB
Plaintext
==Phrack Inc.==
|
|
|
|
Volume 0x0b, Issue 0x3f, Phile #0x14 of 0x14
|
|
|
|
|=-----------------------------------------------------------------------=|
|
|
|=--------------------=[ W O R L D N E W S ]=--------------------------=|
|
|
|=-----------------------------------------------------------------------=|
|
|
|
|
|
|
*** NSA & PHRACK ***
|
|
|
|
.. And in a positive way. See:
|
|
http://www.nsa.gov/snac/
|
|
|
|
Which has a section specifically for routers:
|
|
http://www.nsa.gov/snac/downloads_cisco.cfm?MenuID=scg10.3.1
|
|
|
|
And on page 80 Phrack is at the top of the list of references.
|
|
|
|
**** QUICK NEWS **** QUICK NEWS **** QUICK NEW ***** QUICK NEWS ****
|
|
**** QUICK NEWS **** QUICK NEWS **** QUICK NEW ***** QUICK NEWS ****
|
|
**** QUICK NEWS **** QUICK NEWS **** QUICK NEW ***** QUICK NEWS ****
|
|
|
|
And once gain ... two big companies, Cisco and ISS, try to scare free
|
|
researchers to not talk about the problems in their software.
|
|
|
|
Michael Lynn has shown great courage and made use of his natural-born
|
|
rights: to talk.
|
|
|
|
Quote from his homepage:
|
|
|
|
'People who know me will tell you I have a long history of
|
|
not being afraid of people I should.'
|
|
|
|
Kudos to Lynn from the Staff @ Phrack.
|
|
|
|
From Michael Lynn's homepage:
|
|
|
|
A dangerous culture regarding hardware based network devices as impervious
|
|
to remote compromise has been allowed to exist. Mike has taken on enormous
|
|
personal risk to do the right thing for the security research community by
|
|
coming forward with his research and bringing this problem into focus.
|
|
|
|
Cisco has consistently been on the forefront of this dangerous culture. They
|
|
exercise a strategy of walling off updates and information only to those
|
|
with support contracts. In many areas of critical infrastructure, engineers
|
|
are often limited in their ability to utilize the latest security updates
|
|
due to their IOS feature train. For years, attempting to adopt SSH as the
|
|
primary method of administration for Cisco hardware has provided a perfect
|
|
example of Cisco's broken security culture. Their handling of this situation
|
|
is putting icing on the cake. We must encourage change in Cisco's security
|
|
culture.
|
|
|
|
ISS's actions to date have shown an effect of this broken security culture.
|
|
ISS's handling of this critical security threat and the researcher that
|
|
found it have been less then desirable. We are confident our free-market
|
|
business and media environment will result in both ISS and Cisco learning
|
|
lessons from this event.
|
|
|
|
http://www.nicklevay.net/
|
|
http://blogs.pcworld.com/staffblog/
|
|
http://blogs.washingtonpost.com/securityfix/2005/07/update_to_cisco.html
|
|
|
|
---
|
|
|
|
Welcome to Austin/Texas International Airport. Please check out our
|
|
new camera system. We can spy on our employees, our citizans and
|
|
even on our president. Try it out now:
|
|
|
|
http://lobbycamera4.abia.org
|
|
|
|
---
|
|
|
|
Microsofts goes l33t: The 31337 dictionary
|
|
http://www.microsoft.com/athome/security/children/kidtalk.mspx
|
|
|
|
---
|
|
|
|
This is a big fuckup of what happens if you dont watch out:
|
|
1) An attack happens
|
|
2) Politicans scare the shit out of the people and tell them it will
|
|
happen again!
|
|
3) People accept to give up their rights, their freedom and their brain.
|
|
4) People get fucked by what the policticans told them would help
|
|
against terror.
|
|
|
|
Ladies and Gentlemen, the TSA-FUCKUP:
|
|
http://www.komotv.com/stories/37150.htm
|
|
|
|
I love this quote: And I said what about my constitutional rights? And
|
|
they said 'not at this point ... you don't have any'."
|
|
|
|
---
|
|
|
|
DVD copy software illegal in the netherlands.
|
|
http://www.theregister.co.uk/2005/07/25/dvd_copy/
|
|
http://www.theregister.co.uk/2005/07/25/uk_war_driver_fined/
|
|
|
|
Wait a moment? The software? I would even protest if it would
|
|
be the act of copying. But the software? What fuckup is this?
|
|
|
|
1) I buy a DVD
|
|
2) I buy software to copy DVD
|
|
3) I make a copy of my OWN DVD for MY OWN purpose
|
|
4) I make a copy of my OWN DVD for my FRIEND
|
|
5) I make a copy of my friends DVD for MY FRIEND
|
|
6) I make a copy of my friends DVD for ME
|
|
7) I make MANY copies of my friends DVD for OTHERS
|
|
|
|
So where does warez trading start? Netherlands, that was a bad move. The
|
|
people of the Netherlands are not stupid. They will never allow you to
|
|
forbid them to make a copy of their own DVDs. And for sure you will never
|
|
ever be able to forbid them to develop and research software to copy
|
|
DVDs or any other software.
|
|
|
|
Other countries would have sponsored smart guys who can write such software.
|
|
The people of the Netherlands will fight for their rights. Free speech & free
|
|
research will win in the end.
|
|
|
|
---
|
|
|
|
|=-------=---------------------------------------------------------------=|
|
|
|=[ Social Penetration Testing ]=----------------------------------------=|
|
|
|=-------=---------------------------------------------------------------=|
|
|
|
|
|
|
By Pascal Cretain (Pascal_Cretain@mail.com)
|
|
|
|
I' say with certainty that the MD5 checksum of each and every one of the
|
|
last, say 200 days has not been tampered with and is the same in all cases.
|
|
It's yet another dull day in the office and I'm bored out of my f***ing skull.
|
|
This new client not only wants an 'external blind pen test' they also want
|
|
'comprehensive static code analysis'. Why they are paying money to 'secure'
|
|
this monstrosity is beyond me. It doesn't even have an authentication
|
|
section. Bollocks.
|
|
|
|
A DNS zone transfer request greets me cheerfully with all their internal
|
|
network structure...not that I will need that since they have only asked
|
|
for webserver testing but it's good to know anyway. I launch that damn
|
|
nessus scan for the millionth time and I senselessly wait for the attack
|
|
progress bar to complete'no joy. I fire up Nikto, Webscan, N-Stealth AND
|
|
ISS at the same time enabling all dangerous plugins in an attempt to DoS
|
|
this ugly webserver, certainly not running Free/GNU open source software
|
|
but something proprietary and expensive starting from I and ending in IS.
|
|
In addition to that I launch independent SYN FLOOD attacks and distributed
|
|
teardroping to improve my chances of achieving the goal. Soon, the website
|
|
falls clumsily like a non-armoured villager in the battle of Waterloo.
|
|
|
|
I smile with content as the overbloated, dysmorphic, dynamic html pages are
|
|
soon replaced with a plain, powerful, beautiful and snowy white 404 error.
|
|
A minute of silence and peace is instantly shattered by the phone ringing.
|
|
It's the operations manager.
|
|
|
|
- Pascal, they people from Dorksershire_Upon_Avon just called me complaining
|
|
that the website is down. Does that have something to do with the pen
|
|
testing we perform?
|
|
|
|
- Well , partially yes, I respond. And then, more aggressively I explain
|
|
"If the client wants a penetration test to be complete they have to get
|
|
their website tested against Denial Of Service Attacks, the most innocuous
|
|
and common type of attack nowadays. They will thank us for that,
|
|
eventually. Moreover, we had warned them about the danger of DoS when
|
|
they signed the contract. Despite the fact that we take every precaution
|
|
to avoid such a side-effect, DoS is a risk that comes bundled with proper
|
|
testing. I clearly remember that sales guy. He'd thought that with the
|
|
term DoS I meant that black, command-line pre-windows OS, the one that
|
|
emptied the screen when you typed CLS. Oh well.
|
|
|
|
- Thank you Pascal, I will inform them.
|
|
|
|
It's already 4+30...I'd like to escape earlier today, especially now, after
|
|
the DoS unfortunate 'incident' that has put a temporary pause to our duties
|
|
I can't do much.
|
|
|
|
The operations manager is now gone, or he might even be in the loo, who
|
|
cares, now is my ultimate chance to scram. Within seconds, literally, I'm
|
|
sitting right in the middle of the 'Thirsty Fox' pub. Oooh I love this
|
|
place.
|
|
|
|
- Pint of John Smith's please
|
|
- Sure mate
|
|
- Cheers
|
|
- Cheers
|
|
|
|
A fractal amount of ale gets spilled over the counter
|
|
|
|
- Sorry
|
|
- Sorry
|
|
- That's all right mate
|
|
- Cheers
|
|
- Cheers
|
|
|
|
I grab the glass and drink half of the beer in one go. Then I look around
|
|
for female presence vulnerable to man in the middle attack. Equipped with
|
|
my brand new 'penetration testing anyone?' t-shirt, I can't lose.
|
|
There she is! Black hair, my type. I down the rest of my drink, order
|
|
another pint.
|
|
|
|
- Pint of John Smith's please
|
|
- Sure mate
|
|
- Cheers
|
|
- Cheers
|
|
I Grab the glass and make my move.
|
|
- Hey
|
|
- Hiya.
|
|
- You come here often? I say with an epic voice
|
|
- Yeah , quite often she responds uninterested
|
|
- You know, I'm a penetration tester. My voice is deep and certainly erotic.
|
|
- *Silence*
|
|
- I'm a hacker, I say, and I get paid to do it.
|
|
- Ha. That's interesting. Do you hack hotmail?
|
|
- Of course, I respond confidently. I'm a Hotmail Hacking Certified Reverse
|
|
Engineer and president of the British Open Source institute for
|
|
...mm...E-mail Compromise (HHCRE&PBOSIEC)
|
|
- Wow, she says impressed. Could you offer me your valuable help then please?
|
|
There is a particular email account that I have forgotten the password for
|
|
and has critical information for me. The account is
|
|
Brutus_Needham@hotmail.com...Would you help me hack it?
|
|
- Sure, no worries. Why don't we finish these drinks and be gone, I live
|
|
nearby. In my place I got 1Gb Download/512MB X-DSL access, 3 workstations
|
|
and 2 mainframes running different command-line OSs. In the worst case
|
|
scenario, we can always run a distributed john the ripper dictionary attack
|
|
using my VERY LONG AND THICK dictionaries, I say in an attempt to impress.
|
|
The girl is moving her head, looking somehow puzzled. We'll sort out your
|
|
situation in a jiffy, I add to simplify things. Say, how can this be your
|
|
email account, tho'? isn't that a man's name? I say while blinking at the
|
|
same time.
|
|
- Well. _blush_ ok you got me! It's my darn ex boyfriend and I have to find
|
|
out what he has been doing! If you don' mind.
|
|
- No worries, we can take care of that. I'm glad I can be of assistance.
|
|
Your female friend can join us as well if she feels like a 'small
|
|
penetrating class' free of charge!, I say, while making some fast, and
|
|
certainly erotic & meaningful gestures.
|
|
- Yeah, why not! sounds like fun! , both girls reply.
|
|
- Bingo. Let's get to some real penetration testing, I think to myself while
|
|
smiling.
|
|
|
|
I don't own a car since I believe that it's a good idea not to acquire
|
|
products that will make your life more stressful and costly. Why pay car
|
|
insurance, petrol and refrain one's self from the wonderful act of drinking
|
|
John Smith's when you can use public transport completely wasted, or walk,
|
|
or cycle (wasted). Generally, I consider that people should only buy goods
|
|
that they absolutely need. An oscilloscope, for instance, is an example of
|
|
an absolutely necessary device, that's why I own two of them. Other than
|
|
that, not owning things provides the luxury of being flexible, free, and
|
|
ensures you tread lightly on this earth. Anywayz.
|
|
|
|
So we walk home, myself in the middle , girls on both sides.
|
|
|
|
- So, what's your name, hacker? One of the girls asks.
|
|
- Pascal, I reply. Pascal Cretain.
|
|
- Ha, this is not a very usual name. Where do you come from , Pascal?
|
|
- I come from the land of Compromise. I respond, looking at the void.
|
|
- You are an interesting one, Pascal. I honestly hope you're not
|
|
bullshiting around with us.
|
|
- As a true hacker, I will speak with actions and not with useless words,
|
|
I say. Just wait till we crack that Brutus who needs ham, girl.
|
|
|
|
Soon, all three of us are sitting comfortably in my messy 'IT room'. One
|
|
of the girls asks:
|
|
|
|
- Hey, where is your equipment mate? Didn't you say you had five computers
|
|
with X-LSD internet? All I can see is a shitty laptop! What's going on?
|
|
And where is the LSD?
|
|
|
|
- Don't worry honey, I reply with a calm voice. My computer equipment is all
|
|
here. But not quite. This laptop basically is the access point to my REAL
|
|
IT infrastructure, which resides somewhere near - very near. Unfortunately,
|
|
due to non-disclosure confidentiality agreements, I cannot inform you of
|
|
the real location of my computers, nor show you around, tho' I'd love
|
|
to - sigh. The girls are gazing at me, unconvinced
|
|
|
|
- Oh well , whatever. D'you have anything we can drink then?
|
|
|
|
- Sure, I got John Smith's premium Ale. They grab a can each and start
|
|
chatting about online shopping.
|
|
|
|
I grab a can and quickly get to work . I browse to passport.net, then reset
|
|
password, choose country, type in the username....wait for the Brutus'
|
|
'Secret' question. Fuck yeah!
|
|
|
|
- Hey, girl, you didn't tell me your name. I ask the 'interested party'.
|
|
'Jude' she responds..I type in the answer to Brutus's secret question,
|
|
then reset the password to 'Oscilloscoped'
|
|
- Mine is Gloria , the other girl says.
|
|
- Hey Jude, I says. Wanna come over here? I got somethin' for you. Fact I
|
|
got two. I blink.
|
|
|
|
Both girls approach. I sit back and smile.
|
|
It's not such a bad day after all.
|
|
|
|
|=[ EOF ]=---------------------------------------------------------------=|
|