Video On How To Hack A PC
Posted: Monday, January 23, 2006
by DefendTheNet
DefendingTheNet.com
Video On How To Hack A PC
Hacking Video - Education Or Marketing Tool?
----------------
I sat in my office for about thirty minutes trying to decide
if I was going to write this article. I finally came to the
conclusion that I would since this information is already
freely available on the Internet, and in fact, was posted as
part of a government article.
Connecting To The Target PC
-----------------
The video shows you what tools to use to scan a wireless
network, determine the user accounts, determine if account
lockout is on or off, how to attach to the PC using the
null session attachment, and how to use a compiled exploit
tool to gain command access to the target PC.
Shutting Down Anti-Virus Software
-----------------
At this point, they go on to explain how to shut down the
target PC's anti-virus software, all along referencing their
product (although to be fair they also mention patches and
other basic security measures), and how if you had it, this
attack would not be possible. They then create a folder on
the compromised PC and share it.
Then, they connect to the shared folder from the source
machine an go on to explain how to get all the user ID's and
passwords. They use pwdump to dump the entire SAM (where the
user accounts and hashed passwords are stored). They also
show you how to copy off a CISCO VPN configuration file and
explain how to use it.
Cracking Account Passwords
-----------------
They then show you how to crack one of the user passwords
using a tool I have written about previously, called CAIN.
Next, they install a Trojan (subeven) on the system that
will allow them to perform key logging, and since the
anti-virus software is disabled, it won't be noticed. They
install the Trojan and connect to the machine. They then
make sure to tell you that the Trojan will alert them when
the target machine comes online so they can go back and hack
it some more. However, if you were using their product, this
would not be possible.
Capturing Data Using A Sniffer
-----------------
After the Video on how to hack into a wireless PC, another
one of the companies CISSP's shows you everything you need
to know about finding usernames, passwords, PIN's, and other
information by analyzing a set of sniffer output.
Conclusion
-----------------
I must say that this video instruction on how to hack a PC
is very well done. The video and narration is visually and
audibly perfect and the detail and steps to hack the
computer are accurate. They do explain that most of these
hacking procedures can be thwarted by measures other than
using their product / solution. However, the presentation is
clearly a sales and marketing tool.
I'm not sure if making a video presentation on how to hack a
PC is the right or wrong thing to do. I myself write
articles that provide similar, if less detailed information.
One could say that this is just another way of promoting
public awareness. It's true, hacking into a PC or network
can be just this simple. However, making a video on how
simple it is might be taking it a little to far (Maybe this
should be a question on the CISSP exam). I'll leave it up to
you to decide.
About The Author
-----------------
Darren Miller is an Information Security Consultant with
over seventeen years experience. He has written many
technology & security articles, some of which have been
published in nationally circulated magazines & periodicals.
If you would like to contact Darren you can e-mail him at
Darren.Miller@defendingthenet.com. If you would like to know
more about computer security please visit us at
http://www.defendingthenet.com.
You may reprint or publish this article free of charge as
long as the bylines are included.
Original URL (The Web version of the article)
-----------------
http://www.defendingthenet.com/newsletters/VideoOnHowToHackAPC.htm
Title
-----------------
This Article has been viewed 5,272 times. (Not updated in real-time.)
No comments yet.We want your comments! If you can read this, you don't have javascript enabled, so you can't use this comment system. Please enable javascript.