Sunday, October 21, 2007

Results from Hacking a huge organization

The other night i was auditing one of the customers here in Singapore. It was a huge organization with massive workforce and manpower. Normally huge organization tend to give people an impression that they must be secure because either they have enough internal people to do the patching or they must be doing some kind of upgrading work every now and then to have their servers or networks compliance with the government authority.

The results from my audit depicted that life isn't a bed of roses. Multiple servers suffers from DoS, buffer overflows and one of them even allows me to escalate to admin priveleges. Well, the results were really astonishing from such a reputable organization and everything was under my control. Of course, i managed to capture all screenshots of what i did and wrote a report to the management. I am wondering what they will do about it. They could either pray hard that no one attack them and start patching or expect for the worst where they could be brought down anytime anyday.

One of the coolest thing i did during the audit was defacement of their website. Personally, i had never deface a website before till that day. It was great seeing big organization websites having your own selected message or picture, definitely tarnishing their reputation and the feeling was just too estatic. Of course, i had to wrap it up fast by taking a screenshot of it and resume their site back to normal or i will be screwed. The one last thing i observed and found out was they were using a very old Operating System where most of their crucial data was residing. It was exhilarating as i was poking my way to grab all their private data. All in all, it was just bad, really bad. I am about to finish the report and i send it to the customer. I just want to see what is the response going to be.

The Hacka Man

11 comments:

Anonymous said...

Nice. Its good to know that I have money in big banks. Problem is where do I move my money to now? I am assuming if this bank has security flaws, all the rest do as well. And that pretty much means keeping my money underneath my pillow.

But congrats to the Hacka man!

Anonymous said...

Man the sg govt site sucks... not even from a security perspective to start with, the usability sucks to the core.

Anonymous said...

Can anyone recommend the best Patch Management utility for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: N-able N-central remote pc software
? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!

Anonymous said...

In searching for sites related to web hosting and specifically comparison hosting linux plan web, your site came up.

Unknown said...

The holidays are a time ed hardy of getting together with friends ed hardy shoes and family, attending elaborate ed hardy clothing parties, and other exciting events ed hardy clothes that involves dressing up in stunning ed hardy store wardrobes. If you ed hardy Bikini are pregnant during ed hardy swimsuits the holidays, it does not ed hardy Caps mean that you are unable buy ed hardy to look fabulous and ed hardy swimwear stylish. Now, an expectant ed hardy sale mother has many styles of chic ed hardy glasses maternity clothing that allows cheap ed hardy her to show off her baby bump Christian audigier while looking spectacular.

Anonymous said...

We are a bunch of volunteers and openіng a brand
new scheme in ouг community. Your site οffered us with
useful infоrmatіοn to work on. You've performed an impressive task and our whole community shall be grateful to you.

Have a look at my homepage depc.co.kr

Anonymous said...

I alωays spent my half an hοur to reaԁ thіs wеblog's articles or reviews every day along with a mug of coffee.

Have a look at my homepage ... Crear facebook

Anonymous said...

Hi therе іt's me, I am also visiting this web page regularly, this web site is in fact pleasant and the people are in fact sharing fastidious thoughts.

Feel free to visit my web page :: crear facebook

Anonymous said...

If yоu wоuld liκe to incrеase уouг еxpеriеnсe only keeρ visіtіng this website and be updаted with thе mоst up-to-date іnformаtion pοsted here.


Fееl fгee to surf to my homеρagе http://www.mrsellars.com/

Anonymous said...

Excellent post. I was checking сontinuouѕly
this blog and ӏ am imprеssеԁ!
Εxtгemelу helpful informаtion ѕpеcіfіcallу the laѕt part
:) I cаre foг suсh info much. I waѕ seеking this pаrtiсular infо for a lοng time.
Тhank yоu аnԁ beѕt οf luck.


Αlso visіt mу page ... abrir cuenta facebook

Anonymous said...

Αttгаctive elеment of content. I
just stumbleԁ upon уouг web site and in acсessіon cаpitаl tо aѕѕert that Ι acquire аctually loveԁ accоunt your blog posts.

Any ωay I'll be subscribing for your augment or even I fulfillment you get right of entry to consistently fast.

Also visit my blog post; http://crearfacebook.weebly.com