This hack is fun, any and all windows boxen insecure if you have login
access.
http://security.tombom.co.uk/shatter.html
On Fri, 2002-08-09 at 12:48, Tony Wasson wrote:
> Greetings PLUG readers,
>
> I am working on giving a security presentation to several medical offices.
> New federal laws will require 'reasonable security measures' when handling
> medical records (google search on HIPAA). I want to demonstrate some very
> nasty and quick exploits to show that the threats are real. Many offices
> will look at buying new billing packages before the end of 2004 to support
> additional per user auditing features, and I'd love to put more offices onto
> Linux. I'd also like to hear about medical billing packages that will run on
> Linux. (Yes I know about http://www.linuxmednews.com/)
>
> Here's my exploit demonstration game plan:
> 1) Run Netcat in listener mode on my demo PC.
> 2) Run IIS5HACK against a Windows 2000 server.
> 3) Show the Windows 2000 command prompt in my Netcat with no security
> limitations.
> 4) Copy over the NT Rootkit and 'deploy' it.
> 5) Show that I am 'invisible' when connected to the Rootkit (netstat output)
>
> What do you recommend I demonstrate? Most offices I've seen are running
> Windows 9x for clients and a Win NT/2000 server. Some run ancient *NIX boxes
> and terminals. My clients are running Debian GNU/Linux servers. ;-)
>
> Most medical offices have internet connectivity, but it is usually dialup in
> the doctor's office. I am going to play the part of a disgruntled employee
> whose going to compromise their system.
>
> Thanks in advance for your input!
> Tony Wasson
>
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
--
David IS Mandala
gpg fingerprint 8932 E7EF CCF5 1B8C 1B5C A92E C678 795E 45B2 D952
Phoenix, AZ (480) 460-7546 HP, (602) 321-8277 CP
http://www.them.com/~davidm/