Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Hello everyone

from [GroundZero Security] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Hello everyone
Date: Wed, 29 Mar 2006 17:43:23 +0200 
Hello,

well the problem is, if you do access the System, you cross the line.
Even if its open or without password, but that is already illegal access.

Sure you just want to be nice, but if one of the users you try to inform
gets angry, then he could still contact law enforcement. On the legal side, he
would be right as you accessed his System. Especially if its on a cooperate 
network. Companies have a lot to loose if customer data or even source code
gets stolen, so even if you inform them of a bug, they can't be sure that you 
didn't already copy things, unless they inform law officials to raid you.

In the 90s, if you informed a Administrator of a vulnerability, you offten 
received a present of some sort like a free t-shirt  :-) but those times 
changed.
At least i didnt hear of someone receiving a present for hacking in years
(contests don't count). Its a nice idea to inform the people the have 
vulnerabilities,
but you have to be carefull. If you just scan and tell them that port 139 is 
open
then its fine as you didnt access the System and as far as i know port scanning
is still legal in most countries, but if you actually connect to a open share 
thats a 
different story. 

A few years back there was also a discussion about whitehat worms which would 
scan and patch vulnerable hosts, but its still illegal to hack a system and 
install 
software, no matter if its to patch or not. Well i suggest you setup a little 
test 
network and hack those Systems on your LAN. On that way you can learn 
without breaking the law. You need to understand how bugs get exploited and 
how to find vulnerabilities in code and how to write your own exploits.
Get some old daemons which are known to be vulnerable and where exploits
exist to get a better understanding. Just a few hints, hope that helps you out.

good luck! (and dont trust any hacking certifications as that is just to make 
money)

-sk
Http://www.groundzero-security.com
 
----- Original Message ----- 
From: "Ian stuart Turnbull" <ian.t7@hotmail.co.uk>
To: <full-disclosure@lists.grok.org.uk>
Sent: Wednesday, March 29, 2006 5:05 PM
Subject: [Full-disclosure] Hello everyone



I have just started in this "hacking" [ethical I should quickly add] and 
after much reading etc [and a forest more to do] I have a fundamental 
question I'd like to pose.
After just a few hours of scanning (I have to start somewhere} I have 
located quite a few routers that have their manufacturers password still set 
not to mention loads of Windows machines that have port 139 open AND have 
write access to the whole of the C: Drive in some instances.

My question - since it is these machines that I understand will be the 
computers that the hacker will use to hide him/her self and given that there 
are tools around - just that I don't know of one yet - WHY doesn't someone 
send a message to these machines that the owner will see and ASK them 
politely to close up these holes? Perhaps something along the "net send" 
command.
I'm sure they would love to be enligtened. i.e. their banking info etc won't 
be stolen.

If given the knowledge I'd be happy to devote a day or so doing just this. 
Currently I don't yet have enough skills.

Yes, I know someone somewhere must have asked this question, though I 
haven't found any instance of it, so please don't flame me. I am here to 
LEARN from obviously well instructed and knowledgeable people.

Also, forgive me if I appear naive - at this point I admit I definately am 
but that will change in time to come.

I'd love to help make the internet a safer place. It is a truly great 
invention but for a few darksided individuals. Just because one has the 
knowledge doesn't mean they have to ruin it for others !!

_________________________________________________________________
Are you using the latest version of MSN Messenger? Download MSN Messenger 
7.5 today! http://join.msn.com/messenger/overview

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Hello everyone, Michael Holstein
Next by Date:  Re: [Full-disclosure] Critical PHP bug - act ASAP if you are runningweb with sensitive data, Tõnu Samuel
Previous by Thread:  Re: [Full-disclosure] Hello everyone, Octal
Next by Thread:  Re: [Full-disclosure] Hello everyone, Ian stuart Turnbull
Indexes:  [Date] [Thread] [Top] [All Lists]