Flawed Internal Setups by Example

posted onDecember 16, 2001
by hitbsecnews

By: presto

1. High School Havoc
2. College Calamity
3. Conclusion; Reason for Exposes

1. “High School Havoc”

In high school, it was a lot fun hacking at their network. My goal was to have enough access where as I could use the entire network as a bounce, to fiddle around with better things. And being that most public schools lack any real security funding or staff, it wasn’t all that hard.

First and foremost, the school’s firewall was one really designated to protect from outside intrusions and attacks. To filter internal workstations and servers, the network administrator allowed only incoming/outgoing connections for http (80). And to avoid any configuration mishaps, network management implemented workstation “software locks” for both the Apple workstations as well as the Windows 9x ones. There was also a flavor of Cyber Patrol as the school district wide proxy. From the looks at the current description, it would be safe to say that the school did a pretty good job. Even in computer specific courses was there a fascist system of security. Network related courses lacked any presence of UNIX and networking was nothing beyond the LAN. This, in addition to everything else, would look pretty good as a cheap scheme of protection. Now let’s expose reality.

You have to remember that public school districts, and even some private schools will not put IT security as a top priority when it comes to funding and such. My former high school is a great example. There was one real network administrator, who also served district wide. His presence was rare, except when he taught a few computer science courses. The average teacher isn’t any sort of computer guru either, and most likely, a security one if that.

Almost every room in the high school was Ethernet ready and some even had computers already connected. This is where the havoc began.

I took the liberty to work on a workstation in one of the regular classrooms. Being that the teacher is one that believes in the school’s security implementations, I am left alone to work free willingly on the computer. By the way, it’s Windows 95. Oh yeah. Oops. This one is missing a “software lock”.

First thing I managed to do was remove the proxy setting, hoping to have some access to the free world. But it turns out web functionality was totally dependent on this. I then maneuvered to the Control Panel to see what kind of network settings we’re dealing with. The very first thing I noticed was that there were no DNS entries. That explained my disability to resolve any hostnames. I now revert back to its original state and go to arin.net, where I use a few school hostnames to look up DNS entries. After a few consecutive sessions of trial and error with DNS, I found a valid pair. The proxy is now disabled and I test my abilities by visiting every violent and sexually saturated site known to man (of course, just to test things out =)). I figured that now was the time to manually fire-walk the firewall.

Five minutes later, I laughed. There was never any real internal rule sets. I used IRC and SSH with no problems whatsoever. I worked remotely with MYSQL for a bit and fiddled with all the services I could find. It turned out that the “firewall” was merely the disabling of DNS and nothing else.

What did I do after this? Well, I got it good with another teacher later on in a networking Course and was trusted with the refurbishing of computers. This required me to work with clean installs and even a designation of my own workstation. I had Windows NT server installed and Linux would “magically” appear if I happened to use my boot disk. I already knew everything in this school district was NT and discovered 98% of the shares to be open. I scanned for router types and figured out the main 3com they had been using was vulnerable to denial-of-service attacks. The rest is history.

2. “College Calamity”

I attend a Philadelphia based university now, a school renowned for engineering and information systems. I got accepted in the first place because of my report on mass NT and Solaris flaws I had discovered – on their network. That was bad news, but they’re the number one school for information systems in the U.S., so I said, “What the hell?”

This led to my own personal observance of other aspects of security on campus. Again, I focused on physical and internal parameters, since I already knew the public domains were somewhat screwy. I was hoping to journal a better and more concerned environment on campus, in comparison to k12, and that happened to be the case. But nevertheless, I still discovered a world of poor modalities.

This “dissertation” goes for all campuses, not just mine. My college campus is not perfect, but the improvements are in escalation levels much better than others.

Once again, most of the problems revealed are due to insufficient funding and staff (whether it be the lack of it or training). When walking into any computer lab on campus, to identify yourself, you simply flash your school issued ID. The ID is one that, look wise, is a couple collapses below a credit card (without the hologram). If I chose to exploit this, and if I were not a member of the campus, I could go on a hacking free for all at the university’s expense.

Let’s say that this aspect did improve, even to the level of smart cards. You still got the school public lounges. A lot of campuses now have lounges with Ethernet ports inhabiting them. This is for the sake of convenience for students carrying laptops. And unfortunately, a lot of lounges go without physical security (such as ours). Again, I could simply walk in, sit down with a nice cup of coffee, and hack away.

Wireless is also available on campus. Currently, we have one of the best wireless campuses (voted and all). It was once “first generation”, using 802.11b as its choice of transfer. It has since then taken Bluetooth for a spin, as well as VPN implementations. To log on, you are required to have a domain log on. This may be the case for this campus, but I know for sure that there are a lot of campuses are still on 802.11b. And even in the most horrible cases, we’ve got universities still building towards a “secure” network and have not enabled log on procedures.

3. Conclusion; Reason for Exposes

Simply, I hope that by taking these specific examples, the general look on internal and physical security is made more specific itself. How I hope to achieve this is by purity. That is, and includes, the breakdown on “what if” scenarios and putting yourself on both sides (cracker and administrator). My thoughts were recorded in a very pure form purposely for that. Straight technical exposure totally ruins the anthropological insight, which is also a very valuable tool in figuring out the pieces of puzzles, whether if you are the intruder or administrator. Because of legal issues, you may not want to play one of the sides. If you choose not to, refer to someone who has. You may have also noticed that 99% of this paper was based on logic and tactic, not infiltration through any real technical means. Remember that

1.) Old Posts don't die -- they get archived - Dinesh Nair
2.) Flawed Internal Setups By Example - presto
3.) An Interview with the Father of the Internet - L33tdawg
4.) Exploiting Weaknesses In Intrusion Detection Systems - spoonfork
5.) Snort for idiots (and cheap people like me) - presto
6.) A short commentary on script kiddies - Anateus
7.) SOTHA Returns! - madsaxon
8.) Cold Fusion Server Security - madirish

Source

Tags

Intel

You May Also Like

Other Articles In This Section

Recent News

Friday, November 29th

North Korean hackers posing as IT workers steal over $1B in cyberattack
OpenAI is at war with its own Sora video testers following brief public leak
Found on VirusTotal: The world’s first UEFI bootkit for Linux

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes