These wonderful VPNs or what users of shared resources should keep in mind.
Introductory information:
The provider has provided me “access to the network using ADSL technology”. I am a user of Fedora Core 6. This operating system is gradually surviving winXP from my computer, it is possible that some GNU Linux distribution kit will also be installed on the larger of the two disks soon.
"Network access ..." sounds good, right? And it actually is - inside the virtual private network of the provider you can raise, for example, http-, irc- (which I did) the server. Others are possible as well, but this is less relevant (the traffic inside the network is rated, it means that ftp disappears, and very few people from the “hookers” have heard what jabber is). Of course, dynamic ip introduces a certain amount of inconvenience, but it’s somehow pleasant to communicate in your chat.
But it's not about that. I decided to somehow stuff Konqueror into the address bar with something like smb: //192.168.240.* (local ip address according to the version of pptpconfig or inet addr according to the version of ifconfig, in fact - dynamic ip-addresses in the virtual private network ). On the fourth attempt, I was able to see the shared resources of another computer. “Shared” they were, apparently, on the basis that they will see users of the local area network in one quarter. Alas, the connection speed and the fact that the traffic inside the network is rated (I found out experimentally - by downloading some mp3-file) did not allow the screw of the cinemas to fill their own screw. How to find other resources? Brute forceing is long and inefficient ... Since I connected using the Samba protocol, it means we have to dig in this direction ... ... man samba and almost immediately come across the nmblookup utility. nmblookup -A allows you to scan the machine with the specified ip for shared resources (and samba resources too). If you enter several ip through the space, then nbmlookup will check them all. Since I never figured out how to set a mask, I had to write a small script that displays the range of addresses that interests me:
#! / bin / bash
for i in `seq 0 255`;
do
nmblookup -A 192.168.240. $ i
done
I should note that at a speed of 128kB / s, scanning a 256-ip takes several minutes. The first search gave about a dozen cars. These included several servers with movies / music / warez for local area networks, and several enterprise computers. The next day, "caught" the computer of the enterprise, in which the admin is my friend. The fact is that due to problems with the program of the bank-client type, 2 machines of his network were not covered by a proxy and were directly connected to the adsl-router. Since the rights of the employees were not properly restricted, they opened the discs for each other. Working documents, databases, correspondence, photos - everything is open.
Disorder? What else! I reported this to the admin, and at the same time I provided a screenshot for justifying users in front of their superiors.
The next was a travel agency car. Customer lists, contracts and more. But the main thing is the qip `s directory. Conscience did not allow to read the correspondence, but I decided to find out whose uin`y are in the folder names. Natalia ... added contact to pidgin and talked for a while with a very nice girl - an employee of this travel agency. I explained (well, let's say, brought to the attention :)) how I found her contact. The girl asked for help in the computer store next door to them ... ... after five minutes I already watched the fully-shared drive of the store ... ... the folder with games, electronic licenses, 1C databases - their ip was next on the list. Well, is it possible?
So, with almost no special knowledge, using only regular utilities of the package included in all the least popular distributions of GNU Linux, I got access to the shared resources of all the provider's users who did not pay enough attention to network security. Using a properly configured proxy server, a firewall, or at least setting passwords for shared resources would not allow me to see anything without hacking (which, by the way, I have no idea about).
I would like to note that, if possible, the author of the article informed all owners of the shared-resources identified by him about their miscalculations. I advise the same to all readers - it’s not worthwhile to spoil people simply because there is such an opportunity, on the contrary, help someone with business or advice today, it is possible that someone else will help you tomorrow.
And one more thing ... ... while raking the samba logs, I noticed several attempts to scan my shared resources from external ip, including those that did not belong to my provider ... Watch out for security, friends!
PS Zamik, I lost your ICQ, cover the same directory PATRON1 and PATRON2!
The provider has provided me “access to the network using ADSL technology”. I am a user of Fedora Core 6. This operating system is gradually surviving winXP from my computer, it is possible that some GNU Linux distribution kit will also be installed on the larger of the two disks soon.
"Network access ..." sounds good, right? And it actually is - inside the virtual private network of the provider you can raise, for example, http-, irc- (which I did) the server. Others are possible as well, but this is less relevant (the traffic inside the network is rated, it means that ftp disappears, and very few people from the “hookers” have heard what jabber is). Of course, dynamic ip introduces a certain amount of inconvenience, but it’s somehow pleasant to communicate in your chat.
But it's not about that. I decided to somehow stuff Konqueror into the address bar with something like smb: //192.168.240.* (local ip address according to the version of pptpconfig or inet addr according to the version of ifconfig, in fact - dynamic ip-addresses in the virtual private network ). On the fourth attempt, I was able to see the shared resources of another computer. “Shared” they were, apparently, on the basis that they will see users of the local area network in one quarter. Alas, the connection speed and the fact that the traffic inside the network is rated (I found out experimentally - by downloading some mp3-file) did not allow the screw of the cinemas to fill their own screw. How to find other resources? Brute forceing is long and inefficient ... Since I connected using the Samba protocol, it means we have to dig in this direction ... ... man samba and almost immediately come across the nmblookup utility. nmblookup -A allows you to scan the machine with the specified ip for shared resources (and samba resources too). If you enter several ip through the space, then nbmlookup will check them all. Since I never figured out how to set a mask, I had to write a small script that displays the range of addresses that interests me:
#! / bin / bash
for i in `seq 0 255`;
do
nmblookup -A 192.168.240. $ i
done
I should note that at a speed of 128kB / s, scanning a 256-ip takes several minutes. The first search gave about a dozen cars. These included several servers with movies / music / warez for local area networks, and several enterprise computers. The next day, "caught" the computer of the enterprise, in which the admin is my friend. The fact is that due to problems with the program of the bank-client type, 2 machines of his network were not covered by a proxy and were directly connected to the adsl-router. Since the rights of the employees were not properly restricted, they opened the discs for each other. Working documents, databases, correspondence, photos - everything is open.
Disorder? What else! I reported this to the admin, and at the same time I provided a screenshot for justifying users in front of their superiors.
The next was a travel agency car. Customer lists, contracts and more. But the main thing is the qip `s directory. Conscience did not allow to read the correspondence, but I decided to find out whose uin`y are in the folder names. Natalia ... added contact to pidgin and talked for a while with a very nice girl - an employee of this travel agency. I explained (well, let's say, brought to the attention :)) how I found her contact. The girl asked for help in the computer store next door to them ... ... after five minutes I already watched the fully-shared drive of the store ... ... the folder with games, electronic licenses, 1C databases - their ip was next on the list. Well, is it possible?
So, with almost no special knowledge, using only regular utilities of the package included in all the least popular distributions of GNU Linux, I got access to the shared resources of all the provider's users who did not pay enough attention to network security. Using a properly configured proxy server, a firewall, or at least setting passwords for shared resources would not allow me to see anything without hacking (which, by the way, I have no idea about).
I would like to note that, if possible, the author of the article informed all owners of the shared-resources identified by him about their miscalculations. I advise the same to all readers - it’s not worthwhile to spoil people simply because there is such an opportunity, on the contrary, help someone with business or advice today, it is possible that someone else will help you tomorrow.
And one more thing ... ... while raking the samba logs, I noticed several attempts to scan my shared resources from external ip, including those that did not belong to my provider ... Watch out for security, friends!
PS Zamik, I lost your ICQ, cover the same directory PATRON1 and PATRON2!
')
Source: https://habr.com/ru/post/19703/
All Articles