Computer Security Demo/Presentation

Associate
Joined
14 Sep 2008
Posts
188
Location
Keeping 'er Country!
Hi all,

As part of a module for my degree I need to do a presentation (with another student) on anything related to computer security. For top marks we need to include a demonstration.

I'd really like to do something ridiculous such as DDOSing the intranet or a man in the middle attack on the lecturer we will be presenting to.

Anyway I'm after your suggestions!

Ta,

Tom
 

AJK

AJK

Associate
Joined
8 Sep 2009
Posts
1,722
Location
UK
What do you actually know how to do, and can set up in the presentation room? The answer to that question will probably give you your demo!

Don't do anything with public repercussions like initiating a DDOS attack on your intranet (or any other site)...
 
Permabanned
Joined
21 Nov 2010
Posts
2,315
Location
Newton Aycliffe
Cookie jacking maybe a good one too.

After re-reading the initial post DO NOT MITM your lecturer without his strict WRITTEN permission, also just forget DOSing the intranet they would never let you.

You could however show how a DOS affects a computer by DOS'ing your friends laptop and showing how requests to each computer slow (pings or traceroutes will show this)
 
Associate
OP
Joined
14 Sep 2008
Posts
188
Location
Keeping 'er Country!
Cheers for the replies.

I know DOSing would be a touchy topic. Would would highlight some major security issues!

Apart from that I know and can easily do ARP poisoning. I'm happy to learn other things as well, but the demo can't last more than 1o minutes. And we will have access to whatever equipment we take with us into the demo.
 
Soldato
Joined
19 Feb 2010
Posts
13,145
Location
London
How complex does it need to be? Do you get extra marks for something clever?

You could something simple like having wireshark on a span port (or just on a hub port, maybe even just on one of the boxes if those aren't possible) to demonstrate how insecure protocols like telnet and FTP are, plain text passwords will be visible in the captured output.

Leave a share "accidentally" open with world rights and fill up the disk from another machine...

What kit do you have to work with? 802.1x might be a good demo.
 
Last edited:
Associate
OP
Joined
14 Sep 2008
Posts
188
Location
Keeping 'er Country!
@PianoBasher - Extra marks for something clever! So I'm guessing complex enough for that. As for kit I have access to numerous laptops and lots of networking gear including hubs, switches, VPNs and wifi

@dfarrall - Got any more info about hole 196? Sounds interesting!

@Kobrakai - We have done quite on SQL databases in other modules so we know our way around it a bit. As for websites we have limited knowledge. SQL injection would be really good though.

Ta
 

J.B

J.B

Soldato
Joined
16 Aug 2006
Posts
5,922
MS08-67 in metasploit
use hashdump to get the LM/NTLM hash
then use Ophcrack to either crack the LM or 'pass the hash' for the NTLM and log in via psexec or RDP
Explain how rainbow tables/hashing works

My bosses favourite:
Get a member of the audience to mash the keyboard at the windows login screen to show it is an actual password protected account
Use incept to scan the memory via DMA over the firewire port to rewrite the msv1_0.dll
get the audience to randomly mash the keyboard and let it log in. Then explain how DMA works

E:
The first one can be done with one laptop and virtual machines but the second really need two physical laptops with firewire ports
 
Last edited:
Associate
OP
Joined
14 Sep 2008
Posts
188
Location
Keeping 'er Country!
MS08-67 in metasploit

My bosses favourite:
Get a member of the audience to mash the keyboard at the windows login screen to show it is an actual password protected account
Use incept to scan the memory via DMA over the firewire port to rewrite the msv1_0.dll
get the audience to randomly mash the keyboard and let it log in. Then explain how DMA works

E:
The first one can be done with one laptop and virtual machines but the second really need two physical laptops with firewire ports

This could be the one! Looks very cool and something we haven't covered in the lectures which is a bonus. Also has some audience participation which would really seal the deal. Having googled it, it seems like it wouldn't be too complex and we would have enough time as well!

Edit:

If the laptops didn't have firewire onboard could we use an external firewire device (USB) or would that totally defeat the object as it would be travelling over USB?
 

J.B

J.B

Soldato
Joined
16 Aug 2006
Posts
5,922
Yeah, it's pretty simple once you get incept working and it's dependencies.

Some laptops (Lenovo springs to mind) have built in hardware protection but most laptops seem to work. We keep a little tub with PC Express firewire cards in it so we can just pop one in, Windows installs the drivers automatically, give it a minute and away it goes.

We did this on some ones Windows 7 laptop the other day and he was impressed how quickly we could do it. It can take time for incept to scan through the memory to find the dll so I would suggest preparing something to say during that section to fill the time.

You could make the other one interactive by getting someone to set the password then revealing it later via rainbow tables
 
Soldato
Joined
17 Jul 2008
Posts
7,295
tell him you can doss attack the uni intranet... just take a fire axe to the servers.. prove their physical security was not up to the job?

get him to lock down a laptop and tell him you have designed a program that will give you access, produce a ak47 and say "this is the hardware my softweare needs, and I'll kill every %$%$^ %$^$%^ one of you unless you give me the passwords to the system???
 

J.B

J.B

Soldato
Joined
16 Aug 2006
Posts
5,922
tell him you can doss attack the uni intranet... just take a fire axe to the servers.. prove their physical security was not up to the job?

get him to lock down a laptop and tell him you have designed a program that will give you access, produce a ak47 and say "this is the hardware my softweare needs, and I'll kill every %$%$^ %$^$%^ one of you unless you give me the passwords to the system???

http://xkcd.com/538/

Makes sense.
 
Top Bottom