Possible?
Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo
12 posts • Page 1 of 1
Possible?
by WhiteNova » Wed Jan 28, 2009 8:23 am
Hey, I want to hack a certain computer and I know the IP address. I don't know anything else on the computer. The computer is NOT on a network that I am connected to. I do have limited access to this computer. Can I remotely hack it from my home computer?
-
WhiteNova - Been Around
- Posts: 212
- Joined: Mon Jan 26, 2009 12:06 am
- Location: Your pants
by devsed » Thu Jan 29, 2009 8:24 am
Is the computer connected to the internet? If so, the answer to your query is yes.
Assuming a win32 OS, you should have little trouble infecting it with a backdoor of sorts. If it has a firewall, then you will need a backdoor which [for example] retrieves it's instructions from a text file on a web site, and then connects to an address(yours) listed in the text file....say...a vnc server session that initiates an outgoing connection to the client(server->you instead of server<-you as is typical). That would allow you to use the PC remotely.
You should be more specific with what you wish to accomplish by "hacking" the PC. Do you want to access the data on it remotely? Do you want to monitor other people's usage of it? Something else? Also.....provide information about the PC to get a better answer. Such as...what OS is it running, what is your level of access(user/root/etc), and most importantly is the computer in question connected to the internet.
Lastly, if you carried out my suggestion, you would:
Almost certainly be breaking the law
..and
Almost certainly get caught by any sysop worth their salt
If you are asking this sort of advice on a message board, chances are you should abandon this plan altogether. Hope that was informative.
Assuming a win32 OS, you should have little trouble infecting it with a backdoor of sorts. If it has a firewall, then you will need a backdoor which [for example] retrieves it's instructions from a text file on a web site, and then connects to an address(yours) listed in the text file....say...a vnc server session that initiates an outgoing connection to the client(server->you instead of server<-you as is typical). That would allow you to use the PC remotely.
You should be more specific with what you wish to accomplish by "hacking" the PC. Do you want to access the data on it remotely? Do you want to monitor other people's usage of it? Something else? Also.....provide information about the PC to get a better answer. Such as...what OS is it running, what is your level of access(user/root/etc), and most importantly is the computer in question connected to the internet.
Lastly, if you carried out my suggestion, you would:
Almost certainly be breaking the law
..and
Almost certainly get caught by any sysop worth their salt
If you are asking this sort of advice on a message board, chances are you should abandon this plan altogether. Hope that was informative.
your answers = `head /dev/urandom`
- devsed
- I Have A Few Questions
- Posts: 8
- Joined: Thu Jan 29, 2009 1:35 am
by WhiteNova » Thu Jan 29, 2009 8:40 am
Computer is connected to the internet.
Breaking the law is not within my list of concerns.
I am a user, I am not even allowed to make folders in the Programs Files Folder.
It's running Windows XP.
If you can tell me how, tell me how. To be honest I'm not sure what I want to do. I just want to know that I can do it. Being caught isn't of my concerns because it would most likely spread around, and everyone would know I accomplished something they couldn't think of doing correctly. None of the information on these computers can really benefit me in any way.
I suppose my two main goals are:
To prove to myself I can do this
To show the stupid a$$ network admins that they're douches.
Breaking the law is not within my list of concerns.
I am a user, I am not even allowed to make folders in the Programs Files Folder.
It's running Windows XP.
If you can tell me how, tell me how. To be honest I'm not sure what I want to do. I just want to know that I can do it. Being caught isn't of my concerns because it would most likely spread around, and everyone would know I accomplished something they couldn't think of doing correctly. None of the information on these computers can really benefit me in any way.
I suppose my two main goals are:
To prove to myself I can do this
To show the stupid a$$ network admins that they're douches.
-
WhiteNova - Been Around
- Posts: 212
- Joined: Mon Jan 26, 2009 12:06 am
- Location: Your pants
by devsed » Fri Jan 30, 2009 1:26 am
1. Sit down at computer
2. Put live CD(linux) in the drive
3. Reboot
Now you have read/write access to the entire drive, and you can place anything you want there.
Alternatively....use a tool like Hiren's boot CD to set a new local admin password, log in as local admin and place your trojan that way.
The golden rule is, if you have physical access to a machine, there is no way in hell you can keep someone out of it unless you are standing over their shoulder.
2. Put live CD(linux) in the drive
3. Reboot
Now you have read/write access to the entire drive, and you can place anything you want there.
Alternatively....use a tool like Hiren's boot CD to set a new local admin password, log in as local admin and place your trojan that way.
The golden rule is, if you have physical access to a machine, there is no way in hell you can keep someone out of it unless you are standing over their shoulder.
your answers = `head /dev/urandom`
- devsed
- I Have A Few Questions
- Posts: 8
- Joined: Thu Jan 29, 2009 1:35 am
by minorutono » Fri Jan 30, 2009 1:37 am
Lol, yep, if you have physical access to the computer, then you basically control it.
Like said, if you put in a Linux Live CD into the computer, you can Live Boot off the CD and control the whole computer (not remotely though) ..
If you want the password (if there is a password for the admin account on the computer), I suggest OPH Crack. Its a Linux Live Boot that can brute force crack any password on Windows. Downside to this is it takes a while and is pretty conspicuous.. the Text GUI just screams hacker/hack, but just turn the monitor off so noone can see while it cracks the password.
Like said, if you put in a Linux Live CD into the computer, you can Live Boot off the CD and control the whole computer (not remotely though) ..
If you want the password (if there is a password for the admin account on the computer), I suggest OPH Crack. Its a Linux Live Boot that can brute force crack any password on Windows. Downside to this is it takes a while and is pretty conspicuous.. the Text GUI just screams hacker/hack, but just turn the monitor off so noone can see while it cracks the password.
-
minorutono - i R t3h nUB!!111
- Posts: 944
- Joined: Thu Apr 17, 2008 10:10 am
- Location: 2845 Vista Verde Way Cameron Park CA 95682
by devsed » Fri Jan 30, 2009 2:54 am
Also...consider a much simpler but higher-yield attack. If you don't mind spending a few dollars, buy a hardware keylogger. It's about the size of a cigarette lighter, and you plug it into the keyboard receptacle of the computer, then plug the keyboard into the logger. It will record every key pressed regardless of any software on the PC.
So here is a hypothetical application after you install it...
1. Fail to logon several times, locking you out
2. Tell the admin something is "wrong with my computer!"
3. When he/she sits down, they will see you are locked out
4. They login with their admin user/pass to unlock you
Then you remove the keylogger, and read the admin's user/pass off of it. That's a much more productive "hack" as you call it, rather than just compromising a single PC.
one of the many cheap hardware keyloggers you can find...
http://www.shopsmokymountain.com/storefrontprofiles/processfeed.aspx?sfid=81367&i=237867425&mpid=5319&dfid=1
A minor note also, a bit of social engineering is involved in this attack. You need to feign ignorance, and get the admin to come to your computer. Don't tell them in advance you are locked out, or they will unlock your account remotely. The best approach is to appear as though you don't understand what is wrong with the computer(put the caps lock key on to really appear daft), to get them to come and physically log-in at the baited computer.
So here is a hypothetical application after you install it...
1. Fail to logon several times, locking you out
2. Tell the admin something is "wrong with my computer!"
3. When he/she sits down, they will see you are locked out
4. They login with their admin user/pass to unlock you
Then you remove the keylogger, and read the admin's user/pass off of it. That's a much more productive "hack" as you call it, rather than just compromising a single PC.
one of the many cheap hardware keyloggers you can find...
http://www.shopsmokymountain.com/storefrontprofiles/processfeed.aspx?sfid=81367&i=237867425&mpid=5319&dfid=1
A minor note also, a bit of social engineering is involved in this attack. You need to feign ignorance, and get the admin to come to your computer. Don't tell them in advance you are locked out, or they will unlock your account remotely. The best approach is to appear as though you don't understand what is wrong with the computer(put the caps lock key on to really appear daft), to get them to come and physically log-in at the baited computer.
your answers = `head /dev/urandom`
- devsed
- I Have A Few Questions
- Posts: 8
- Joined: Thu Jan 29, 2009 1:35 am
by JB Gzn » Fri Jan 30, 2009 3:09 am
cool, i'm gonna use that at school, hey it worked once,(only without the logger, i knew the password, but they changed it because they knew, i knew 
)
)
famous wrote:What's worth the price is always worth the fight
famous wrote:Every second counts cause there's no second try
-
JB Gzn - Pro++
- Posts: 1985
- Joined: Sun Jan 27, 2008 7:56 pm
- Location: Unknown, please use a pointer.
by devsed » Sun Feb 01, 2009 6:26 am
I googled "net tools 5" and found http://mabsoft.com/nettools.htm
I don't use that product, so I really can't give you any advice on it.
It looks like someone has cannibalized open-source code, put it all into one horrendous visual basic application, and put their name on it though. Seems like a hodgepodge of 1990-ish tools, indicated by the inclusion of a "credit card validator".
I only see one truly useful tool, and it's the last listed, which is "nmap". If you want to "scan" for exploitable systems, consider something like Nessus, which you can get at http://mabsoft.com/nettools.htm
I don't use that product, so I really can't give you any advice on it.
It looks like someone has cannibalized open-source code, put it all into one horrendous visual basic application, and put their name on it though. Seems like a hodgepodge of 1990-ish tools, indicated by the inclusion of a "credit card validator".
I only see one truly useful tool, and it's the last listed, which is "nmap". If you want to "scan" for exploitable systems, consider something like Nessus, which you can get at http://mabsoft.com/nettools.htm
your answers = `head /dev/urandom`
- devsed
- I Have A Few Questions
- Posts: 8
- Joined: Thu Jan 29, 2009 1:35 am
12 posts • Page 1 of 1
Return to General Related Discussions
Who is online
Users browsing this forum: No registered users and 0 guests