It is a hundred years to the day since the Australian and New Zealand Army Corps (ANZACs) landed on a beach at Gallipoli, Turkey, to fight in a war — not a ‘cyber’ war, where people often lose web servers, but the type of war where people often lose mates, comrades, loved ones, and their lives. This is a change from my usual technical writing, and given the sensitive subject matter, the lack of sleep that I got last night, and the fact that I’m more comfortable writing about my technical endeavours, I’m hoping that I don’t cock this up.
After trying to get a copy of http.sys to examine, I discovered that it appeared to be in use on my desktop. Looking in to it, I found three desktop services using the HTTP Service provided by http.sys. There may be more, less obvious, vulnerable services/systems than just web servers. This post also demonstrates a brute-force approach to finding dependent services, for when you can’t find the proper way of doing so quickly enough.
What do you do when you’re a university student who’s just learnt about network sniffing and how anyone can capture your (unencrypted) UNIX account credentials from the network and log in as you? You create a challenge-response authentication system using a Bourne Shell script to stop them of course. It is also how I almost locked myself out of my university UNIX account. Continue Reading