Help in beating the dad.

Bad threads go here

Help in beating the dad.

Post by timothywong on Tue Feb 23, 2010 1:31 am
([msg=35613]see Help in beating the dad.[/msg])

Hi, not sure if this is the right area to post it/against the rules, so move if it's inappropriate.

My dad's a bit of a control freak with a strange internet setup (Internet -> ClarkConnect box -> Switch -> Our Computers), so I've had to hack into the ClarkConnect box a few times, just to enable my internet, by booting into single user mode, and just changing the root password, and creating a few secondary admin accounts for changing various settings via the WebConfig GUI.

Obviously, dad wasn't happy.

He warned me not to mess with the box anymore (Physically), and since I had secondary accounts with admin access, there was no problem.

Recently, he has changed to another distro, "IPCop" IPCop's WebConfig GUI is built so that there is only one account with access to ANYTHING. Its password can only be changed if one has already logged into it, or has root access to the box directly, and enter the WebConfig setup (box's root password isnt the same as webconfig's root password),

Since dad doesn't like me nosing around with the box physically, I was wondering how one would break into this system (Hacking into a server at home, don't know if that classifies as illegal. :S) If I hack into the box directly, the password will be different, and the alarm will have been set off. So I need a way to gain admin access to the webconfig, without changing the password.

Not quite sure how I should start, kinda stuck.
Help would be very much appreciated.

Victor (sorry for wall of text)
timothywong
New User
New User
 
Posts: 3
Joined: Tue Feb 23, 2010 1:16 am
Blog: View Blog (0)


Re: Help in beating the dad.

Post by Goatboy on Tue Feb 23, 2010 11:03 am
([msg=35625]see Re: Help in beating the dad.[/msg])

timothywong wrote:(sorry for wall of text)

Dude, that wasn't a wall of text. That was a well-formatted section of information. Props to you for that.

Anyways, as far as exploiting this thing, it's obviously going to be a lot harder than the last one. The first thing that pops into mind would be (assuming this is a wired connection) to install a hardware device and sniff his traffic. Not always an option, because not everyone has access to such a device, so on to the next idea.

If you're lucky enough to have a wireless connection, a good ol' packet capture would probably do the trick. Unless of course he encrypts his traffic (as he should), in which case we need yet another approach.

You could check the version against a database of vulnerabilities and see if anyone else has had any luck in getting in. Depending on how popular this software is, you may have varying levels of success. So in that case...

Attack his computer directly. Trick him, sneak in and log in, or generally do whatever you need to do to compromise his box. I would go for a software keylogger. There are some pretty useful tools for getting into a Windows box (google "chntpw" and "konboot") without knowing the pass. Now there's a chance this won't work, so as a last resort...

You could physically beat him, as per this xkcd comic. However, I cannot see that ending well.

I hope you get some use out of my mad ranting.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2752
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Help in beating the dad.

Post by Defience on Tue Feb 23, 2010 11:45 am
([msg=35628]see Re: Help in beating the dad.[/msg])

Goatboy wrote:
timothywong wrote:(sorry for wall of text)

Dude, that wasn't a wall of text. That was a well-formatted section of information. Props to you for that.

Anyways, as far as exploiting this thing, it's obviously going to be a lot harder than the last one. The first thing that pops into mind would be (assuming this is a wired connection) to install a hardware device and sniff his traffic. Not always an option, because not everyone has access to such a device, so on to the next idea.

If you're lucky enough to have a wireless connection, a good ol' packet capture would probably do the trick. Unless of course he encrypts his traffic (as he should), in which case we need yet another approach.

You could check the version against a database of vulnerabilities and see if anyone else has had any luck in getting in. Depending on how popular this software is, you may have varying levels of success. So in that case...

Attack his computer directly. Trick him, sneak in and log in, or generally do whatever you need to do to compromise his box. I would go for a software keylogger. There are some pretty useful tools for getting into a Windows box (google "chntpw" and "konboot") without knowing the pass. Now there's a chance this won't work, so as a last resort...

You could physically beat him, as per this xkcd comic. However, I cannot see that ending well.

I hope you get some use out of my mad ranting.


Goatboy, as usual, gives solid advice and I have to agree with this:
Goatboy wrote:Dude, that wasn't a wall of text. That was a well-formatted section of information. Props to you for that.


Much better than something like this: "I need help getting into my dad's computer. Can someone please help?".
Anyway, sorry I don't have anything else to add to what Goatboy said but I think I'd try the keylogger route as well.
User avatar
Defience
Addict
Addict
 
Posts: 1265
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Help in beating the dad.

Post by timothywong on Wed Feb 24, 2010 1:07 am
([msg=35668]see Re: Help in beating the dad.[/msg])

I totally forgot to even show what I was up against, to me, the Web GUI seemed pretty low security, but I could be wrong. :S

http://i46.tinypic.com/imnk80.jpg
If cancel is clicked:
http://i49.tinypic.com/1z4ec87.jpg

And yes, I am connected via ethernet cables.

I feel really noob, because I have a feeling this is really easy. ._.
timothywong
New User
New User
 
Posts: 3
Joined: Tue Feb 23, 2010 1:16 am
Blog: View Blog (0)


Re: Help in beating the dad.

Post by zmullin on Wed Feb 24, 2010 1:16 am
([msg=35669]see Re: Help in beating the dad.[/msg])

you try simply asking him, if he asks if you are a hacker ever, explain the difference between hackers and crackers. I never had such a problem myself, since I am now looking to gain skills in order to run a site, but honesty works great. You can ask him why he feels obligated to do what he did. In the end, it is his computer though, so he has the right to do to it what he wishes, if he is adamant about doing this, you can always get a laptop. Not what you were looking for but thought I put it in.
zmullin
New User
New User
 
Posts: 3
Joined: Tue Feb 23, 2010 2:49 pm
Blog: View Blog (0)


Re: Help in beating the dad.

Post by nermd on Wed Feb 24, 2010 9:27 am
([msg=35681]see Re: Help in beating the dad.[/msg])

Hm two things come in to mind ...
First i assume you dad is using windows ... as others have already mentioned, next time your dad is on the toilet get into his room with a "ready-to-use" keylogger on an usb stick. Wait until the reports come in ... :)

If this seems too lame for you or you want to learn some things about networking you can go with a Man-in-the-Middle-Attack on the SSL Connection to the IPCop Webinterface. The tool of choice for this is ettercap ... disadvantages for you may be the steep learning curve to make use of the tool! On the other hand there are tons of tutorials and articles about ettercap on the web.

I think i would go with the second option because
1) most people dont care when they get a certificate error
2) if their is a virus scanner on your dad's box the keylogger will most likely be found and you are screwed
3) its more "stealthy" and
4) you will learn some nice skills about network security ...

nermd
With this world there is no understanding, we belong their only to the extent, as we rebel against it (Theodor W. Adorno) --> if somebody knows a "official" translation for the well known german quote ... pls let me know!
User avatar
nermd
New User
New User
 
Posts: 42
Joined: Fri May 23, 2008 3:22 am
Blog: View Blog (0)


Re: Help in beating the dad.

Post by insomaniacal on Wed Feb 24, 2010 3:15 pm
([msg=35693]see Re: Help in beating the dad.[/msg])

In fact, there's even an interlocutory tutorial written by yours truly, right here at HTS :)

Password Sniffing With Ettercap
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: Help in beating the dad.

Post by Defience on Wed Feb 24, 2010 4:25 pm
([msg=35696]see Re: Help in beating the dad.[/msg])

I still like the title of this thread: Help in beating "the dad". :twisted:
User avatar
Defience
Addict
Addict
 
Posts: 1265
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Help in beating the dad.

Post by timothywong on Fri Feb 26, 2010 5:19 am
([msg=35800]see Re: Help in beating the dad.[/msg])

I think I'll try nermd's second option. Thanks for the input everyone. :D
timothywong
New User
New User
 
Posts: 3
Joined: Tue Feb 23, 2010 1:16 am
Blog: View Blog (0)


Re: Help in beating the dad.

Post by nermd on Fri Feb 26, 2010 2:04 pm
([msg=35817]see Re: Help in beating the dad.[/msg])

cool, let us know if you've beaten "the dad" (*lol*) or if you have problems on how to use ettercap.
With this world there is no understanding, we belong their only to the extent, as we rebel against it (Theodor W. Adorno) --> if somebody knows a "official" translation for the well known german quote ... pls let me know!
User avatar
nermd
New User
New User
 
Posts: 42
Joined: Fri May 23, 2008 3:22 am
Blog: View Blog (0)


Next

Return to Graveyard

Who is online

Users browsing this forum: No registered users and 0 guests