• Welcome to Valhalla Legends Archive.
 

Vulnerability Scans

Started by Thing, August 06, 2003, 08:04 AM

Previous topic - Next topic

Thing

I was testing out some different scanners and found one that I  liked.  I ran a scan on somebody's mail server just to see what I could see and came up with this: http://monitor.vpnsys.net/mailruss.htm

I sent an email to the admin with a link to the report.  His reply was to threaten me with legal action.  What a twit!  Common sense dictates that, "If somebody has just pointed out over 30 security holes in one of your systems, don't piss them off!"  Taking a peak at the header from his email, I derived the info on his home computer: http://monitor.vpnsys.net/chris.htm  He turned it off after I told him the name of his computer, what account he was logged in as, how long he had been logged in, that his password never expires and that he has never changed it.

Since it is likely that they are monitoring anything coming from my network, I feel that it would not be in my best interest to launch any attacks.  It would be a shame though if somebody cracked that box.  Tsk Tsk.
That sucking sound you hear is my bandwidth.

CupHead

If I've learned anything from the past 6 months, it's that people don't like you pointing out their stupidity.  Network security is a touchy thing.  At least you had the sense to stop.  ;)

Naem

#2
It seems many of the exploits are patched already (none of the files listed in the vulnerability scan seemed to be on the server under /cgi-bin/filename).
اگر بتوانید این را بهخوابید ، من را "پی ام" کنید

iago

If you click the links, you're using port 80, not port 10000.  Add :10000 to the ip.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Thing

#4
Since Nessus relies on the banner to determine most of it's vulnerabilites, it is sometimes inaccurate.
Ex. I have two web servers running Apache 1.3.6 and that is what they will report when queried.  A would be hacker will waste a lot of time trying to exploit them because they have been patched.

The amazing thing is that this is a production mail server and he has so much uneccessary crap running on it.  Even more amazing is his attitude.

I put these in top down order for easy reading:
QuoteSent: Tuesday, August 05, 2003 6:02 PM
Subject: I have taken control of your web and mail servers.
Don't panic!  I really didn't do it.  

Here are the results of the scans that I did on those boxes:

http://monitor.vpnsys.net/webruss.htm
http://monitor.vpnsys.net/mailruss.htm

The reason I am bringing this to your attention is you have a real problem here and you need to get it fixed.
---------------------------------------------------------
And if you were to attempt to exploit any purported vulnerability in any
system connected to our network, be advised you WILL be prosecuted to the
fullest extent of the law.

Already, your actions have placed you in violation of our Terms of Service,
and may be actionable under Federal statute.  We will let you know.

   Chris Gebhardt
   VIRTBIZ.COM
---------------------------------------------------------
You have no idea who I am or what I do and yet you feel that it is
necessary to make fictitious threats?!
That is possibly the most retarded answer you could have given.
---------------------------------------------------------
I've made no threats, ficticious or otherwise.

You're right.  I don't have any idea who you are or what you do.  I don't
care.  If you attempt to gain unauthorized access to our network or the
systems of our customers we will take action as appropriate.

Much of the information contained in your "report" is cannot be verified.

If you have a legitimate beef with our network or systems residing on it,
bring it to me.  Believe it or not, you'd have a pretty good chance of me
actually listening to you.  I've never purported to be perfect.  But insult
me by calling me retarded doesn't do much to earn my trust.
------------------------------------------------------------------
Chris,

You threatened me with:
"Already, your actions have placed you in violation of our Terms of Service,
and may be actionable under Federal statute. We will let you know."

Here is the number for the FBI:  972-559-5000.

I don't have a beef with you or your network or systems residing on it.  Since you
went to all the trouble of hijacking an email that you are not supposed to be reading,
why don't you read it again.  In it you will see my motivation and the fact that I am
only observing what your network is making public.  I made no penetrations into
your systems.

I did not call you a retard.  I said that your answer was retarded.  If I was some
kid with something to prove, your servers would already be cracked by now.
Come to think of it, your home computer would have been cracked by now
also.  The name of it is Elrancho and you are logged in as Administrator.  I also
see that you live in Carrollton.  What a coincidence, I do too.  Once again, this
is just the information that you are making public.  I mean you no harm.
----------------------------------------------------------------------
"Already, your actions have placed you in violation of our Terms of Service,
and may be actionable under Federal statute. We will let you know."

Not a threat.  Just telling you what's going on.

went to all the trouble of hijacking an email that you are not supposed to be reading,

Nope. Try again.

see that you live in Carrollton.  What a coincidence, I do too.

Nope.  But close.
----------------------------------------------------------------------
Wrong answer.
----------------------------------------------------------------------
What do you mean "wrong answer?"  I said I was letting it go.
I think my "Wrong answer" answer scared the crap out of him.  He turned off his home computer.  I doubt that he slept well that night either.  If he still has two brain cells left to rub together maybe he has patched that box.
That sucking sound you hear is my bandwidth.

mavrick_kr

I just hope you were using a firewall. Because if you don't(and if you got cable or dsl) they'll know you're doing that and they're going to phone and give you a warning. I'm just hoping you had that common sense. Sygate seems to be a good firewall. Too bad firewalls cant detect trojans from beast192 etc. But just saying if you use a Super Scanner for instance, you should put on your firewall.

But then again you probably know that  ???

iago

His server uses T1.. I doubt his ISP would want to lose the money :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


mavrick_kr

Haha, the lucky basterd.I would want a t1 but then again cables just as good(not as good), t1's are if you want to play counter-strike and unreal tournament type games for less lag. I'd want it only then. But iago you're right. :P

Raven

T1's wouldn't necessarily give you better lag since latency depends on the distance and speed of the host, but a T1 would give you better upstream and downstream rates. :)

Naem

Quote from: mavrick_kr on August 08, 2003, 06:29 PM
I just hope you were using a firewall. Because if you don't(and if you got cable or dsl) they'll know you're doing that and they're going to phone and give you a warning. I'm just hoping you had that common sense. Sygate seems to be a good firewall. Too bad firewalls cant detect trojans from beast192 etc. But just saying if you use a Super Scanner for instance, you should put on your firewall.

But then again you probably know that  ???

Eh. Firewalls don't hide your IP.

I made sure to use a proxy chain when testing the vulnerabilities (I mean.. my friend did).
اگر بتوانید این را بهخوابید ، من را "پی ام" کنید

mavrick_kr

Doesn't hide it, but it also makes it look like you aren't doing it.

Arta


mavrick_kr

#12
I guess it doesn't but I got caught once, and asked a friend how to avoid it, he  said to just slap on a firewall which I did, and I never got caught again. But using proxies is a good idea too.

Arta

You should go and learn things.