Results 1 to 4 of 4
Well as a CEH in training that already is hired for CEH stills I get paid for thinking about security. If I have to check the Security of a Company ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 12-04-2007 #1
I thought of a way to Attack Linux. Is this possible, how to prevent this?
Well as a CEH in training that already is hired for CEH stills I get paid for thinking about security.
If I have to check the Security of a Company I normally Like to take the 'Classy' way. If they have WIFI they make it really easy and Id prefer to Implant a Session Hijack over cracking passwords or using Exploits found by other people.
Recently I got the task to crack this Network that has this:
Linux OnlyBoxes, Never remote Accessed. Doesn't run services like Apache or OpenSSH.
It only connects to the internet twice a day. Once at 5PM to send all the work of the day to the MasterServer and once at Midnight to Update all the software.
The network also has a Wireless Access point since everybody in the Company uses Laptops. So they can also work when they are outside. And then when they get at 4PM at the Office they can Upload their work..
Well I thought of the Following attack.
There is Wifi, so thats a way in.. The wifi was really weak. WEP..
Since there arnt ANY sessions to Hijack that are really interesting I thought of a way to get Root Access on the Servers.
I thought, what if I do a Classic Session Hijack but instead of Hijacking his connection Id make him think that I have a Update for the packages. That update is a program that runs as root. But with a Trojan Code injected in it.
I havnt tried this yet. Since I havnt took a look at the Dep Update protocol. But something like this should be possible right? (This is all Ethical dont worry)
I am nearly 80% sure this idea of a Attack can (and will) work.
so, well what is your opinion about this?
And ofc really important.. How to make sure crackers (Black Hats) can deploy such a attack?
- 12-04-2007 #2
- Join Date
- Nov 2004
Sounds like you're halfway there, but the repositories have public/private keys to identify them. The first thing that would happen is that the packages would error as not being verified by the provider.
- 12-04-2007 #3
Ah, ok thanks that is the part that I didnt know and still had to find out.
I go back to the Sketch Board and think of a new way to do it.
And if I just cant get in, well then that guy gets a "Hacker Safe" Stamp in his Documents..
Thanks. knowing that saves me alot of time..
- 02-11-2008 #4
- Join Date
- Feb 2008
It would be easier to just hijack the connections by overpowering the wireless router's signal with your own router, name everything the same thing clone mac address, clone SSID, and just route and log all traffic coming to your router. Done once you would have more than enough infomation logged, you could turn on the router at 4pm exacltly leave it up for just 4 minutes, enough for people to initaite the upload, log their packets, and then turn it off before the sys admin gets a bunch of phone calls from people saying they can't upload.