|
|
| Another One Bites The Dust... | | Date Created: Oct 05, 2005, 10:33 PM |
So a friend of mine called me a few days ago and presents this challenge to me. He said that he had just config'd the ultimate Windows Server about 6 months ago and has been inviting his "who's who" list to break it. He said he saved me for last cause he wanted to make sure it was totally secure before I banged on the door...
What to do, what to do...
I know this guy knows me. He knows to have his users ready for me - so social networking of any type was out on this one. I just have to bang on the door in different places to see what he's got in place...
First things first. I email a buddy of mine who lives in the area (who just happened to be one of the guys who tested the network a few months ago). He tried to break the network by watching the external IP Addresses for traffic and then hunting for open ports. I had another plan. I had him to check out the local wireless in the area to see if we can catch something out of the air that we can use.
We knew it would take a while, cause our buddy knows how to config his wireless networks pretty well. He had everything turned off on the router - so the only way to see that there was a wireless network was by catching, and watching, the remote computers talking to it via KisMac. After two days we had quite a bit of info (there were 3 computers which used the wireless network consistently). Kismac, in conjunction with Ethereal, will log everything a wireless computer does, or accesses, including the usernames and passwords, IP Address, and Mac Address...
The cooler thing was that most of the wireless users on this network were the "higher ups" in the organization, so we had very good access to the servers and data from the get go...
And one of these guys used the wireless network at the local coffee shop to log in to the network remotely (VPN) - so we were able to grab that data as well...
When one of the VP's went offline on the second night, my buddy changed the MAC Address and IP Address on his computer to match the other guys, then he logged in...
From there he had the run of the place. The thing about the windows network is that once you are in, you own it. From here my buddy downloaded everything he could find, just to make sure he didn't miss anything, and then he sent it to me...
Once I got the data - I was on the network, and reconfiguring his server within a half an hour.
When I first received the data, I saw that he was running a VPN through a typical router/hub (acting as a firewall). This didn't make any sense to me (most of my buddies run a UNIX/Linux box as a firewall), but he was doing it none the less. the strange thing was that I was expecting his "killer Windows Server" to be acting as his firewall for some reason. He actually had this Server behind two "pseudo" firewalls (the wireless router and then the wired one) within the network.
So I logged onto the server, remotely, as a regular user, and made a few obvious changes to one of their databases that they use a lot. Wanted to make it obvious so he will see it, and fix it, first thing in the morning. I then logged in as the companies VP (with his MAC Address, IP, username, and password) - I took all the data we had collected and loaded it to the desktop of the server (just so he would know what we were able to access).
I also changed all of the tech center's desktop pictures (all 7 computers), and his three Windows Servers, to one of my own making just so there would be no mistake that I was there. I did this because he is always telling me how cool his remote admin software is, and I'm always telling him how weak and insecure it is - this will prove my point...
The server was actually configured well. Of course, it doesn't matter when you can get the information to log onto it...
Lesson: Do not allow anything remote or wireless on your network unless you properly configure the computer, and the user knows what he's doing. Even then, don't do it unless they hold a gun to your head. All it takes is time to break it, and the bad guys got nothin' but time... |
|
|
|
|
