View previous topic :: View next topic |
Author |
Message |
Zilker Just Arrived
Joined: 02 Apr 2003 Posts: 0
|
Posted: Mon Apr 14, 2003 5:54 am Post subject: Biff |
|
|
I really would have liked to, but he was one of the clients. This pud added unauthorized DCs, attempted to redirect the WINS replication and make his WINS box the primary and troubleshot web development problems by adding the "everyone" group to the admins group on his web server (which also happened to be a domain controller.)
When i was told by management I could not remove his admin priveledge, I polished the resume and found another job.
The fun part is: in a couple months my new job will be pen-testing that company. VENGANCE IS MINE.....
/Zilker
|
|
Back to top |
|
|
squidly Trusted SF Member
Joined: 07 Oct 2002 Posts: 16777215 Location: Umm.. I dont know.. somewhere
|
Posted: Mon Apr 14, 2003 6:33 am Post subject: |
|
|
Zilker how many holes are you gonig to tell them right off the batt. All of them or just the ones that the moron would open up.
LMAO what company was that... I'll "assist" the pen-test
|
|
Back to top |
|
|
Zilker Just Arrived
Joined: 02 Apr 2003 Posts: 0
|
Posted: Mon Apr 14, 2003 8:32 pm Post subject: |
|
|
I figure I'll hit his personal box first, use that to attack the rest of the network. That should be embarrasing enough.
I appreciate the offer, maybe I'll let you know after I've delivered the report. You can then "verify" they have made the appropriate changes...
/Zilker
|
|
Back to top |
|
|
Hackmo Just Arrived
Joined: 22 Jun 2003 Posts: 0
|
Posted: Sun Jun 22, 2003 1:24 am Post subject: |
|
|
This didnt do any harm but was extrememly stupid. When I was in irc awhile ago I used the /nickserv IDENTIFY command to log in but instead of putting a / before the command I put a . so everyone in that channel saw my password luckily no one done anything with it and I changed my password quickly but still was pretty stupid.
|
|
Back to top |
|
|
bknows Just Arrived
Joined: 11 Jul 2003 Posts: 5
|
Posted: Fri Jul 11, 2003 5:39 pm Post subject: |
|
|
Immediatley after giving a family member a lecture on how stupid most users are and how little they understand about security, I left my laptop and briefcase in my driveway and drove to work (I put it down to move something else in my driveway).
Pride goeth before a fall
|
|
Back to top |
|
|
Guest
|
Posted: Mon Jul 21, 2003 11:19 pm Post subject: |
|
|
I've done something really bad when I tried linux for the first time:
It was 1996, I had bought a old box and I wanted to try linux so I borrowed a Redhat 5.* (don't remember the version correctly) disc of a friend and started to install a webserver (full install with all applications and they were put in init.d). After 3 weeks I got a call from a sysadmin from Sunet (it's a big gigabit network in Sweden(www.sunet.se)), and he said that I had killed alot of their boxes, I had no idea what he talk about but as you can imagine at this point I got hacked really quickly. That was about what I had to say about it .
|
|
Back to top |
|
|
tutaepaki Trusted SF Member
Joined: 02 May 2002 Posts: 3 Location: New Zealand
|
Posted: Mon Jul 21, 2003 11:29 pm Post subject: |
|
|
Remebered this in the sdfc irc the other day...
I was doing a vulnerability scan using Nessus for work one night, and kicked of the scan 'bout 10PM. I was doing it over a dialup link, and I kept getting disconnected, so I stayed up all night baby sitting the scan, and cursing my ISP. (Staying up all night is no mean feat at my age )
The next day, I realised that I'd forgotten to disable the ATH0 exploit!
DUH!
|
|
Back to top |
|
|
thehulky1 Just Arrived
Joined: 29 Jul 2003 Posts: 0
|
Posted: Tue Jul 29, 2003 6:55 am Post subject: |
|
|
Mine is when dialing my ISP I trusted the DUN app and had a BO flashed into my bios by an ISP idiot.
see new topic, FW Rules for PC.
|
|
Back to top |
|
|
whacker_mole Just Arrived
Joined: 12 Aug 2003 Posts: 0
|
Posted: Tue Aug 12, 2003 9:29 pm Post subject: |
|
|
Good old PHP mistake...
Threw it together early in the morning as the last item on my todo list... (This will always get ya) I simply made the mistake of taking a HTTP passed variable and issuing it directly to a local linux app...
Realized the mistake the next morning, when the *thoughtful* intruder snagged dir structures of all of my home/office machines through an 'ls' of my /mnt dir.
doh!.
|
|
Back to top |
|
|
uncletom Just Arrived
Joined: 21 Jun 2003 Posts: 8 Location: Isle of Man
|
Posted: Tue Aug 12, 2003 9:44 pm Post subject: |
|
|
Not necessarily my worst security blunder, but one made by a co-worker that I discovered one bored saturday night.
Netbios was being exported to the world, as was LDAP/ Active Directory and a copy of surf control with a tree recursing bug in.
My what a shock they got when they read the e-mail I has sent them over the weekend with full details of the user names, shares, etc on the mail server (the one that was exporting all the above things).
Made myself very popular!
|
|
Back to top |
|
|
cisco student Just Arrived
Joined: 07 Sep 2003 Posts: 8 Location: SFDC USA: Chico, California
|
Posted: Thu Oct 16, 2003 5:48 pm Post subject: |
|
|
typing my password into the username field.
|
|
Back to top |
|
|
chewiepm Just Arrived
Joined: 05 Jul 2003 Posts: 3 Location: hellbound
|
Posted: Thu Oct 16, 2003 8:46 pm Post subject: |
|
|
Leaving that porn on my hard disk unencrypted...
________
TOYOTA TS010
Last edited by chewiepm on Sat Feb 19, 2011 4:57 am; edited 1 time in total |
|
Back to top |
|
|
TXLeXTC Just Arrived
Joined: 04 Sep 2003 Posts: 2 Location: The Great Republic Of Texas
|
Posted: Thu Oct 16, 2003 9:28 pm Post subject: |
|
|
Forgetting that I still have big brother in other offices....
And assuming that the latest version of IIS was secure and leaving the webserver out there unattended...
|
|
Back to top |
|
|
Lîm Gravecryer Just Arrived
Joined: 08 Dec 2003 Posts: 0 Location: Holland!!
|
Posted: Tue Dec 09, 2003 11:17 pm Post subject: |
|
|
Im living in Holland, and KPN (our phone company) is very weird...
they know about the follwing and yet wont do anything against it
My cousin and a lot of other ppl here in holland got hacked by some company, wich went calling sex-lines with their phone account
luckily my uncle read the phone bill and saw SOMEONE had called a sex-line for over 12 hours!! (he first blamed his kids )
|
|
Back to top |
|
|
cyn1c4l Just Arrived
Joined: 22 Nov 2003 Posts: 2 Location: Canada
|
Posted: Sat Jan 17, 2004 12:13 am Post subject: |
|
|
LOL to all of you. I think we've all made mistakes, and hopefully some of us (at least I have) learned from them.
My worst blunder ever I commited about a year ago. I was setting up Windows 2K Advanced Server, and before I did updates or ANYTHING I hooked it up behind the router. I got distracted, as my g/f wanted me to come home, etc. So, I left this unprotected box, chilling behind the router, IN FRONT of the firewall, because I didn't notice where I was placing it. I also had the Telnet service running, with Guest and Guest (UID and PWD) with full r00t access.
I was pwnd in under 8 hours. Call it a lucky strike, or an act of God, but I lost EVERYTHING. It wasn't even a good h4ckz0r who wants to use my comp to attack someone else... NOOOO, it was a frigging l4m3 kid who formatted everything,
*sigh*
Let's just say I didn't do that again.
-Cyn
|
|
Back to top |
|
|
Toblopo Just Arrived
Joined: 02 Feb 2004 Posts: 0 Location: Australia
|
Posted: Wed Feb 04, 2004 12:23 am Post subject: |
|
|
At the school i work at we had a program called Networx. Or something to that extent which was a remote network admin program. It was good. and kept the average user inline. There were ways to exploit it but most of the students arn't that smart. Anyway the main thing was it worked. until browsing the network one of the students stumpled across a shared folder that contained the Networx install file. now that wouldn't have been a problem apart from the Txt file that contained the password to disable it.
There was another instant of shared stuff being leaked and that was an Excel spreadsheet containing the teachers usernames and passwords.
Both these mistakes were made by the old It tech when i was a student here.
|
|
Back to top |
|
|
|