EverCrest Message Forums
my profile | rules | faq | forum home
who's online | search | chat
You are not logged in. Login or Register.
EverCrest Message Forums » EverCrest Forums » Innoruuk's House of Ill Repute » Telnet
Author
Topic: Telnet
Sabratiz
Pancake
posted 09-02-2004 08:18:54 PM
Soon in my Cisco class we are going to have a game of "capture the flag" so to speak, there will be a few teams (not sure how many people per team) trying to take control of a PC. To do so we will probably have to go through a Cisco router, and a few other assorted obstacles. So my friend and I have been trying to figure out a way to access a computer remotely without the help of anything that isnt already installed on an XP pro machine. We figure the best way to do this would be using telnet, although we arent quite sure how to get to a computer that is behind the router so to speak. Does anyone have any solutions for this problem?
pain is temporary but pride is forever
Profile Message Ignore User
Report Reply
Iulius Czar
Pancake
posted 09-02-2004 08:31:19 PM
XP doesn't run a telnet server by default. At least mine doesn't. The first thing I would try is to port scan and see which make it all the way to the machine and back. Be sure to try both TCP and UDP. A quick perl script or C program will do this.
Profile Message Ignore User
Report Reply
Sabratiz
Pancake
posted 09-02-2004 08:38:08 PM
Im not much of a programmer, ill have to have my teammate do this. I really just need to get to another computer through a router. Once that is done I should easily be able to do the rest. If they are running a Linux OS it shouldn't be a problem, cause im almost sure they run a telnet server by default. But 99% of the computers in the lab will be running XP pro due to the simple fact that almost no one is willing to change operating systems because they dont wanna learn a new one.
pain is temporary but pride is forever
Profile Message Ignore User
Report Reply
Cherveny
Papaya
posted 09-02-2004 08:51:30 PM
quote:
The logic train ran off the tracks when Sabratiz said:
Im not much of a programmer, ill have to have my teammate do this. I really just need to get to another computer through a router. Once that is done I should easily be able to do the rest. If they are running a Linux OS it shouldn't be a problem, cause im almost sure they run a telnet server by default. But 99% of the computers in the lab will be running XP pro due to the simple fact that almost no one is willing to change operating systems because they dont wanna learn a new one.

If they are running XP Pro, look to see if they are running with "Remote Assistance" turned on (Windows terminal server client compatible service that can run under XP). Allows for full desktop access if running.

Of course, can also check if IPC$ is turned on on the target machine, and if it is, see if you can copy some files into critical locations. If it is, and things are fairly open, could copy a file to their harddrive and execute it remotely via the at command. (Like remotely installing a VNC server that you could use to take control of the desktop.)

Many, many possibilities here.

Profile Message Ignore User
Report Reply
Rabidbunnylover
Pancake
posted 09-02-2004 08:53:00 PM
Most Linux distros don't even install a Telnet server by default, opting for SSH instead.
Merp
Profile Message Ignore User
Report Reply
Sabratiz
Pancake
posted 09-02-2004 08:53:42 PM
How do I go about remotely checking to see if these things are on, and how do I exploit them?

Sabratiz fucked around with this message on 09-02-2004 at 09:08 PM.

pain is temporary but pride is forever
Profile Message Ignore User
Report Reply
Random Insanity Generator
Condom Ninja El Supremo
posted 09-02-2004 09:09:12 PM
I'll tell you now, you're looking at the wrong target. The box isn't your objective. It should never be the initial objective. The initial objective, considering this is a multi-team event, should be to deny anything and everything to the opposition.

I'll let you work on that piece of the puzzle for a bit.

* NullDevice kicks the server. "Floggings will continue until processing power improves!"
-----------------------------------
"That was black magic, and it was easy to use. Easy and fun. Like Legos." -- Harry Dresden
-----------------------------------
That's what playing Ragnarok Online taught me: There's no problem in the universe that can't be resolved by the proper application of daggers to faces.
Profile Message Ignore User
Report Reply
Sabratiz
Pancake
posted 09-02-2004 09:16:54 PM
My teammate and I have already figure this part out, we are intending to freeze all their computers with a batch file he is devising. In escence its going to open hundreds of windows and not allow them to do anything for a bit, he tested it out on his computer today. It literally slowed his computer to a crawl within a period of 10 maybe 20 seconds.
pain is temporary but pride is forever
Profile Message Ignore User
Report Reply
Alaan
posted 09-02-2004 09:18:54 PM
If you can punch into the router a few permit/deny statements works just as well. Have the ready to paste in.
Profile Message Ignore User
Report Reply
Random Insanity Generator
Condom Ninja El Supremo
posted 09-02-2004 09:19:51 PM
Insufficient. You must work with the assumption that your competition is at least as smart as you are. If you can do that to them, then they could do it to you, and more importantly, the should be able to block it.

Do not attack the opponent, that is not the goal I was pointing you twords. I'll give you another hint: They can't assume control of something that they have no communication path to.


**EDIT** *shakes fist* I'll get you next time Gadget! Next Time!!

Random Insanity Generator fucked around with this message on 09-02-2004 at 09:21 PM.

* NullDevice kicks the server. "Floggings will continue until processing power improves!"
-----------------------------------
"That was black magic, and it was easy to use. Easy and fun. Like Legos." -- Harry Dresden
-----------------------------------
That's what playing Ragnarok Online taught me: There's no problem in the universe that can't be resolved by the proper application of daggers to faces.
Profile Message Ignore User
Report Reply
Sabratiz
Pancake
posted 09-02-2004 09:21:48 PM
hmmm, That would be something for me to think about if I had any clue how to possibly do it.

Sabratiz fucked around with this message on 09-02-2004 at 09:23 PM.

pain is temporary but pride is forever
Profile Message Ignore User
Report Reply
Random Insanity Generator
Condom Ninja El Supremo
posted 09-02-2004 09:26:49 PM
quote:
So quoth Sabratiz:
hmmm, That would be something for me to think about if I had any clue hot to possibly do it.

If any of them have a unix box for this competition, you're not going to win... There are too many things that are too easy to setup for different levels of nastiness.

ARP Poison.. I could have you attmpting to control someone else's box.
MAC Flooding.. I could just brute-force overload the ARP table and consume resources
There are TONS of different exploits available depending on what Cisco gear is deployed, how "professionally" it was setup and what the ISO versions are. A fair number have ready-to-compile POC/expoit code available.
IP Spoofing.. have your PC talking to something/someone else other than the actual target

The list can go on and on...

* NullDevice kicks the server. "Floggings will continue until processing power improves!"
-----------------------------------
"That was black magic, and it was easy to use. Easy and fun. Like Legos." -- Harry Dresden
-----------------------------------
That's what playing Ragnarok Online taught me: There's no problem in the universe that can't be resolved by the proper application of daggers to faces.
Profile Message Ignore User
Report Reply
Sabratiz
Pancake
posted 09-02-2004 09:40:53 PM
I just need to learn this. and my friend may be bringing a Unix system to aid us. I came up with an idea, although im not sure how it will work. If I could find the file which the "passwords" icon in the control panel uses I may be able to replace it with one that allows remote administrating. But I doubt if that would work.
pain is temporary but pride is forever
Profile Message Ignore User
Report Reply
All times are US/Eastern
Hop To: