The vulnerable system is bound to the network stack and the set of possible attackers extends beyond the other options listed below, up to and including the entire Internet. Such a vulnerability is often termed “remotely exploitable” and can be thought of as an attack being exploitable at the protocol level one or more network hops away (e.g., across one or more routers). An example of a network attack is an attacker causing a denial of service by sending a specially crafted TCP packet across a wide area network (e.g., CVE-2004-0230).
Attack Complexity
Low
AC
The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system.
Privileges Required
High
PR
The attacker requires privileges that provide significant (e.g., administrative) control over the vulnerable system allowing full access to the vulnerable system’s settings and files.
User Interaction
None
UI
The vulnerable system can be exploited without interaction from any human user, other than the attacker. Examples include: a remote attacker is able to send packets to a target system a locally authenticated attacker executes code to elevate privileges
Scope
Unchanged
S
An exploited vulnerability can only affect resources managed by the same security authority. In the case of a vulnerability in a virtualized environment, an exploited vulnerability in one guest instance would not affect neighboring guest instances.
Confidentiality
Low
C
There is some impact on confidentiality, but the attacker either does not gain control of any data, or the information obtained does not have a significant impact on the system or its operations.
Integrity
Low
I
Modification of data is possible, but the attacker does not have control over what can be modified, or the extent of what the attacker can affect is limited. The data modified does not have a direct, serious impact on the system.
Availability
None
A
There is no impact on the availability of the system; the attacker does not have the ability to disrupt access to or use of the system.
A common problem has been found by many sites running the Melange Chat
Server (Here on out states as m-chat). M-Chat is a simple IRC like chat
program for private websites. it can be ran from a java script, by using
the browser to connect to the host on port 6666 (hence
www.host.com:6666). However this service also allows for a telnet
session to be connect in order to use the server and here in lies the
problem.
By logging into M-chat through a telnet connection, one is able to
monitor the http connections comming in on that port. In most cases the
person logging on using the browser based chat has their entire header
displayed to any currently in a raw telnet session. Below is a a short
article of this big being put into se on a effect hack.
Source: http://www.oh2600.com/forum/viewtopic.php?t=43
By: Nexus
Background:
What is Aimforum.com?
Aimforum.com Is/Was a rather popular America Online Instant Messanger
Forum. The site has a large gathering of rather intelligent young kids.
However the forum is now seeing hard time......
Why was it hacked?
As such would happen AimForum.com's new onwer did not see eye to eye
with the older vetern members of the Forum. The forum, which was a
underground forum talking about "illegal AIM" activities was converted
over to a open public system with no illegal posts or chatter were
permitted, was bound to cause conflict. After many many member being
banned a few people had decided to take the matter witihin their own
hands and prove a point, which would lead to a call to the
FBI........here is how it was done
Many sites today run a low level chat system known as Melange Chat,
better known as M-Chat which server as a simple inner site IRC server.
Aimforum.com is no different in this matter. A major flaw with M-chat is
that when it is access via a web browser it displays critical cookie
information to anyone witin the server. By simply telneting to
www.site.com:6666 <http://www.site.com:6666> one can site within the
telnet session and wait.......
Step One: Setting the trap
The "Hackers" logged into the M-Chat via telnet. They sat and waited for
their target to get online.......Now once the Admin was online, a simple
IM to him offering a link to www.aimforum.com:6666
<http://www.aimforum.com:6666> was all that was needed, the admin was
sent right to the M-chat port and this cookie and browser header was
then displayed within the M-chat channel.
Step Two: Putting the information to use.
Now that they aquired the admin's header information, it was time for
them to put things into action. They husseled to their firefox directory
(as it was a firefox cookie) and cleared their entire cookie cache, then
would open Firefox, and log into aimforum.com with their own( or a
hacked, didn't matter) account. This would allow them to get the cookie
set. Once the cookie was grabbed they closed firefox, openned the cookie
file and edited the "bbuser" field from 3315(which is the normal user
level) to 419, i think it was(which is the admin user level) and then
changed the "bbhash" from whatever it was they had to the admins hash.
Now with this all done they now have the same cookie information as the
targeted admin did.....It was time for the third and final step
Step Three: Executing the Hack
Having the same cookie information as the said Admin, they simply only
needed to open their Firefox, and direct themselves back to
www.aimforum.com. <http://www.aimforum.com.> And in the instant was
greeted with the "Welcome [Username Removed]" They were in....
Now from here they could have done anything, a simple new thread to say
"blah blah you were explioted" or anything else to prove their point and
get out....But they decided to take a more Destructive approch to their
plans. As the small team of kids went through the newly hacked forum
they began to delete threads, posts and information. Years of topics,
and useful information was gone in minutes. From here the exploit was
done and they felt satisfied, but it was not over, they had to prove
even further that they were "l33t h3x0r d00ds" they created a new
announcement on the forum which was dsiplayed on the front page
annoucnign they(using their handles/usernames) had hacked and owned the
forum.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum