After having made sure everything worked in his demo site, n3m0 issued the sql injection and uploaded his nomad.asp script. For n3m0 the results were like hearing a beautiful song.
0wned, the feeling still made n3m0 feel giggly, though this time it might have been because of lack of sleep. After penetrating the walls his focus went on to control. n3m0 began documenting the network, it had three servers. One Exchange server running IIS with OWA, this was the server he had first gained access to through the ShowRoom.Asp application. The second server was a Domain Controller which also acted as a file and print server. n3m0 chose the third server to host the website, it was a Windows Server 2003 box acting as a Terminal Server.
The server had 3 Gb of RAM, two 73 Gb SCSI disks set up in a RAID 1 mirror, only 13 Gb were used. Perfect, n3m0 found a suitable directory where his client would place the files and verified that the directory wasn’t part of any backup selection.
Regal-Pens used a firewall with a web interface, n3m0 was able to gain access with the help of a default password list. Later he also found the password in a text file located in kdonovan’s home directory; kdonovan was a member of the Domain Admins group which had prompted him to take a look. n3m0 opened up a random port for the web access and one to manage the server.
After some cleanup work he bid the network farewell and closed his connections.
Two days later the phone rang again.
“Hello” n3m0 answered.
“Why hello there,” said the distorted voice, “how are things progressing?”
“It’s done” n3m0 said.
“Excellent! What a good boy you are.”
“Uhm, what? Yes, I’m pretty good. So when will I get paid?”
“How do you want to transfer the money?”
“What, you’re not going to give them to me personally?” n3m0 asked.
“That’s not likely to happen, no.” The caller didn’t sound impressed.
“You don’t by any chance play online poker?”
“I guess I could learn.” n3m0 smiled.
[tags]security, stories, fiction[/tags]