TAZ Forum Community

I have just watched a seminar hosted by a guy called Jasper Johansson, who is the main guy at MS when it comes to Network/Application security by the sounds of it.

In it he demonstrated how it is possible to take over an entire network in less that 30 minutes.

He established a foothold by exploiting a web server (how many firewalls allow unrestricted traffic on port 80......), then he moved onto the back-end database server that the Web server talked to. He roots this, moved on to the Domain Controller for the DMZ, gains admin access to it and then moves on via the DMZ DC on to the main corporate LAN and establishes himself a Domain Admin account....

I was pretty impressed by it I must say.

He has some custom wrote tools that are not available to anyone but himself, that pretty much automated the process of elevating his rights on a fully patched Windows 2003 server......enumeration of all the users on the DC, he even installs a Trojan on the DC (via his new found account with system rights) which informs him of when a user logs on, the users name and the users password......

The video is here:(you may need an MSDN / Technet subscription to be able to watch it) (oh, and you need to use IE)
http://www.microsoft.com/seminar/en/SEC ... opreload=1

He has also wrote a book about it all - which from the free online chapters are almost word for word the same as the demonstration:
http://www.awprofessional.com/articles/ ... Num=1&rl=1
(If you want to buy it the Promo code of JJSR6437 will get you 30% off

It has made me look at network security in a slightly different way.....if someone ever got hold of the tools he has wrote and made them publicly available the effect would be devastating for quite a lot of networks.......

You may think it is slightly worrying how the senior MS security guy is able to write a tool that pretty much automates privilege escalation on a fully patched Windows 2003 server.......surely he should pass this info on to the guys coding the OS and get them to plug it.......
The way he describes how it works is that it is not really exploiting anything; the OS behaves how it is meant to behave when a service account requests information from the OS......

He was also able to come in on port 443 (again a port that is open on most firewalls) and using an IPv6 tool called portproxy (which is part of the IPv6 service pack) he configured the server to redirect the request (internally) to the RDP port…and a nice remote desktop GUI was displayed to him via port 443…….

It makes you want to almost give in bothering to secure your networks!

Truly amazing.


Digg this story:

http://digg.com/security/Accessing_a_ne ... _side_door
Digg - Accessing a network through the side door..

great stuff nokia, dugg and blogged

Fascinating presentation - I skipped around and watched a few bits here and there, but what I already saw was crazy.. Hopefully I'll have some time later this evening to watch the entire presentation..

Thanks for the heads up Nokia..

Hummm....I have been warning a site of this...

web server and corp server behind the same router...


Think I will forward the link.

I love it when I am right

MLF

Now - the next step (and probably the hardest) is to get the involved people to actually pay attention and listen to what you're showing them!

Well that happens to be something I am really good at

MLF

I say show them with an example

Yes...... could be an approach...

I am going start by forwarding the l33t web server guy the link

and cc all correspondence to relevent others

as it reinforces what I have been warning them about ...

MLF