PDA

View Full Version : Am I an instant cracker???!!!!!!!!!!!



forrest44
14-06-2004, 10:41 PM
Hi

I was mucking around in Linux trying to upload some files to my website (http://coolpcs.orcon.net.nz). Discovered this program called Smb4K. It scanned the ¨network¨ and found some networks!! One was called ¨STRATHMORE¨ (name of A school up the road here in Tokoroa), another was ¨ENTIRE NETWORK¨ and another was ¨SOMERVILLE¨.

Maybe its something to do with my ISP. I´m on a local wireless scheme (http://southwaikato.net.nz/).

Anyway, went into the STRATHMORE one and discovered two of the computers were accessable (but had passwords on them). They had names like ROOM02, PRINCAPLE, OFFICE COMPUTER, ROOM07, and so on.

There was a computer in the ENTIRE NETWORK thingy that I was able to read and save files to the C drive!!

Isn´t that a bad effort from the system administrator??!!!

Forrest44

Baldy
14-06-2004, 11:10 PM
Maybe you should do the right thing and email the school(s) and warn them that they are vulnerable.

Murray P
14-06-2004, 11:16 PM
Dunno but if you get caught your in serious trouble. I'd also be wary that you don't have a 2 way street there.

Cheers Murray P

tweak\'e
14-06-2004, 11:19 PM
with a bit of effort you could just put a text file explaining whats happened and put a link into startup ;-)

someone should really shoot their IT guy tho :(

whiskeytangofoxtrot
14-06-2004, 11:56 PM
> Am I an instant cracker???!!!!!!!!!!!

Not really...

There are windows machines open pretty much anywhere you look.

Fully writable shares, printable printers etc.

You are on the tip of an iceberg really.

Chilling_Silence
15-06-2004, 01:01 AM
Two things here:
Grab a copy of nmap and port-scan them, see what's up and running
Go here and grab a copy of IP Scan (http://www.radmin.com/download/ipscan12.zip) and run it
Go to atstake.com (http://www.atstake.com/products/lc/), click Downloads and grab a copy of lc5 ;-)

Then, go to the relevant people with your findings :-)

You wouldnt be talking about this smb4k would you:
http://sal.neoburn.net/imagef1/files/smb4k.png

Hope this puts you on the right path


Chill.

P.S. No, you're not a cracker, nor a hacker, just somebody who's chanced across an open network. Dont get Crackers and Hackers mixed up either :-)

mikebartnz
15-06-2004, 03:52 AM
>Crackers and Hackers mixed up either
It seems like the Oxford English Dictionary is about to do just that.

whiskeytangofoxtrot
15-06-2004, 10:08 AM
> Grab a copy of nmap and port-scan them, see what's up
> and running
> Go
> here
> and grab a copy of IP Scan (http://www.radmin.com/download/ipscan12.zip) and run it
> Go [url=http://www.atstake.com/products/lc/]to

Incidentally this kind of behaviour can quickly get your ISP account closed.

Chilling_Silence
15-06-2004, 11:26 AM
Yes, it can, and it can get you a job.

You ever been hired to analyse somebodies network?

whiskeytangofoxtrot
15-06-2004, 11:43 AM
> You ever been hired to analyse somebodies network?

Yes I have, but thats beside the point.

Not a smart idea to encourage that sort of thing.

Chilling_Silence
15-06-2004, 01:07 PM
Suit yourself, you can discourage it, Im advising that he do it and go to the local school with the nmap results etc and tell them that they have issues.

My advice would be you approach them with the attitude:
Better I did it now and let you know you have or dont have a problem than somebody with an alternate agenda chances across what I have and ends up bringing your system down.

If you dont find anything, you dont _need_ to go to them. If you are contacted by them because their sys admin is being a prick about you setting off their firewall by portscanning them, then tell them you found network shares and were worried they may be vulnerable.

Any self-respecting Network/Systems/Server admin will respect that you were being a "White-hat hacker" and simply trying to help. You didnt constantly punish their system with port-scans so there's no need for them to get up-tight, and AFAIK, no ISP will punish you for running a single port-scan on a nearby system. Tell them to send it to Abuse@yourisp.co.nz if they do and Im sure you ISP will sympathise. I however have never been reported to my ISP, but have been contacted by a couple of Sys/Network Admins. Four were curious to know what I was doing, and were happy when I replied telling them I thought they were vulnerable and was going to check before reporting it to them. Three of the four were vulnerable so employed me to do further investigation. A final Systems Admin was pissed off that I had taken such measures and harrased me and began flooding my IP. I then went to his ISP, told them what had happened and he was disconnected. Poor bugger... :p

Anyways, provided you're not going to dig into their system and exploit it, then you should be sweet as, and most people would be happy that you're only trying to help them. I know that when I left my proxy open, I was glad to find somebody l33ching off me, because I knew I then had security issues that needed addressing. Most people are the same.

Hope this helps

</rant>


Chill.