I love this quote, “Microsoft has described the ease with which two officers from the UK’s Serious Organised Crime Agency managed to hack into Windows XP as both “enlightening and frightening”.”
This is somehow news to them? What exactly have they been taking in their coffee?
From ZDNet UK:
“You can download attack tools from the internet, and even script kiddies can use this one,” said Mick.
Mick found the IP address of his own computer by using the XP Wireless Network Connection Status dialogue box. He deduced the IP address of Andy’s computer by typing different numerically adjacent addresses in that IP range into the attack tool, then scanning the addresses to see if they belonged to a vulnerable machine.
Using a different attack tool, he produced a security report detailing the vulnerabilities found on the system. Mick decided to exploit one of them, CVE-2003-0533. This is a stack-based buffer overflow vulnerability in active directory functions which affects Microsoft Windows NT 4.0 SP6, 2000 SP2 to SP4, XP SP1, Server 2003, and NetMeeting, as well as Windows 98 and Windows Me.
Using the attack tool, Mick built a piece of malware in MS-DOS, giving it a payload which would exploit the flaw within a couple of minutes. SOCA requested ZDNet.co.uk give no more details than this about how the exploit was constructed. Getting onto the unsecured wireless network, pinging possible IP addresses of other computers on the network, finding Andy’s unpatched computer, scanning open ports for vulnerabilities, using the attack tool to build an exploit, and using the malware to get into the XP command shell took six minutes.
The sample XP machine had no firewall, no AV, and was only SP1. I thought this was supposed to be a challenge? So, allow me to recap. The officers were able to hack an XP box with no security running SP1.
Er, OK?
I had to go back and double check. Yes, the date of the article was today.
