Below is a recount of a small, simple and a sweet hack done on a network. Even when they had a firewall installed and used to monitor the network regularly, the hack could take place!
Scene : Target compromised through a User Account having default password. Thanks to Social Engineering 😀
Cast: Batman and the Joker (The compromised User Account). But the Joker is just an normal employee, not a top manager! Would be difficult to get escalated! (Attacker = Batman, Attacked = Joker)
Motive : Batman wants to plant a Key logger in to the target, but the bloody anti virus detects it as a virus and is deletes it!
Joker: Hey dude, what doing man? Are you free for a few minutes? This f*****g internet doesnt work on my system!! Batman: yeah, let me see. (after a few minutes) You seem to have entered the wrong credentials for the cyberoam! Whats your username …?
Batman: … and your password?
Joker: sorry sir, cant give it! (he enters the password)
(Batman then clicks “login” and firefox pops up a message to save the password. Batman saves the password using the keyboard shortcuts w/o Joker knowing!)
To make the long story short, Batman is able to find out the password of Anil for the Cyberoam through the firefox saved password list! It seemed to be a default password set for all the users!!
Present: Batman is still trying to access the drives of the target system to deploy the key logger! No drives are shared and no simple passwords work; tried out all possible combination.
He then remembers the password Anil entered for Cyberoam and it works!! He is able to get into the system and access all the drives and files! Then another idea struck him. He tried the same password for the Admin account; and guess what, it worked too!! Awesome!
Now, the only thing to be done is to install a key logger. No other hacks to be done, strictly; we are good people :P. But, to his dismay, he finds out that a Symantec Anti Virus is installed which is deleting the key logger (bloody, all free key loggers are detected by the anti virus!!) Idea! Go to the Symantec drive and delete all the Symantec anti virus files (other than the ones in use) and your work is done!!! This was really surprising at that time that a high fundu security tool like Symantec could be shut down just by deleting its files!!
Restarted the system using the command “shutdown -r -t 01” (look up the man page). As was expected, Symantec did not run since there were no supporting files/dlls! Using the psexec command from the “pstools“, the key logger was installed remotely, after which a restart was required, which was easily done! Through this we got hold of a lot of sensitive information.
Through this, I was convinced that a successful hack does not require the use of any vulnerability assessment tool or any high fundu tools/scanners; that Social Engineering/Shoulder Surfing/etc is pretty simple and can mar the effect of the best of the networks and learnt one more way of bypassing firewalls.
The biggest learning from this project was about the Anti Virus. A tool which was supposed to safeguard us is vulnerable in such a simple way! The Anti Virus guys could any day afford to add a File Integrity Monitor!! As a friend said “So much so for companies that supposedly pour millions of dollars into R & D!!!“