| I sat in my office for about thirty minutes
trying to decide if I was going to write this article. I finally came to the conclusion
that I would since this information is already freely available on the Internet, and in
fact, was posted as part of a government article.
This video
(http://www.demosondemand.com/clients/fiberlink/002/page/index_new.asp), part of a sales
and marketing strategy (Or, maybe just public awareness and education) to sell a product
called Fiberlink Extend360, literally walks you through the steps you need to take to hack
a PC on a wireless network. Not only is it demonstrated in video, it is fully narrated.
Connecting To The Target PC
The video shows you what tools to use to scan a wireless
network, determine the user accounts, determine if account lockout is on or off, how to
attach to the PC using the null session attachment, and how to use a compiled exploit tool
to gain command access to the target PC.
Shutting Down Anti-Virus Software
At this point, they go on to explain how to shut down the
target PC's anti-virus software, all along referencing their product (although to be fair
they also mention patches and other basic security measures), and how if you had it, this
attack would not be possible. They then create a folder on the compromised PC and share
it.
Then, they connect to the shared folder from the source
machine an go on to explain how to get all the user ID's and passwords. They use pwdump to
dump the entire SAM (where the user accounts and hashed passwords are stored). They also
show you how to copy off a CISCO VPN configuration file and explain how to use it.
Cracking Account Passwords
They then show you how to crack one of the user passwords
using a tool I have written about previously, called CAIN. Next, they install a Trojan
(subeven) on the system that will allow them to perform key logging, and since the
anti-virus software is disabled, it won't be noticed. They install the Trojan and connect
to the machine. They then make sure to tell you that the Trojan will alert them when the
target machine comes online so they can go back and hack it some more. However, if you
were using their product, this would not be possible.
Capturing Data Using A Sniffer
After the Video on how to hack into a wireless PC, another
one of the companies CISSP's shows you everything you need to know about finding
usernames, passwords, PIN's, and other information by analyzing a set of sniffer output.
Conclusion
I must say that this video instruction on how to hack a PC
is very well done. The video and narration is visually and audibly perfect and the detail
and steps to hack the computer are accurate. They do explain that most of these hacking
procedures can be thwarted by measures other than using their product / solution. However,
the presentation is clearly a sales and marketing tool.
I'm not sure if making a video presentation on how to hack
a PC is the right or wrong thing to do. I myself write articles that provide similar, if
less detailed information. One could say that this is just another way of promoting public
awareness. It's true, hacking into a PC or network can be just this simple. However,
making a video on how simple it is might be taking it a little to far (Maybe this should
be a question on the CISSP exam). I'll leave it up to you to decide. |
