Tiger Team

The movie Sneakers meets guys in real life (made 2 years ago, but I was talking to some guys about social engineering and decided to post them):

S01E01: The Car Dealership Takedown. The Tiger Team tests the security of Symbolic Motors, an exotic car dealership located in La Jolla, California. In this episode, the Tiger Team employs two distinct social engineering attacks, one rogue wireless access point attack, and a complex physical attack to gain unabated access to sensitive customer information and millions of dollars worth of cars on the show room floor.

S01E02: 24 Karat Caper. The Tiger Team tests the security of Jason of Beverly Hills, a custom jeweler located in Beverly Hills, California. In this episode, the Tiger Team employs a social engineering attack, an RFID cloning attack, a complex physical attack, and a safe-cracking attack to gain access to millions of dollars worth of precious gems and sensitive customer information.

– Soli Deo Gloria

Run-As Control Panel on Windows XP and Windows 7

Just as you think you know everything about Microsoft operating systems, someone recently asked a question on www.experts-exchange.com about using Runas with explorer.exe.  There use to be a feature where-in you could do a run-as on Internet Explorer as administrator, then you would get a superuser explorer window from
which you could leap frog to the Control Panel on Windows XP SP2. This allows you do to “admin like” things with a regular user logged into the system. Doing some searching on Google, I found this web link:

http://www.krunk4ever.com/blog/2006/12/01/how-to-run-explorerexe-as-another-user/

which comes up with runas.exe /u:administrator “explorer.exe /separate”  as the trick.  I tried this on both Windows XP and Windows 7 and it worked on both.  Just type in “Control Panel” in the explorer address bar and boom, Control Panel opens as an administrator! One thing this allows you to do is to change network settings logged in as a regular user, which something I could never figure out from an elevated cmd.exe session.

This also seems to work from a network drive, so all you need to do is stick this line in a CMD file and save it to a network share the user has access to and viola!

– Soli Deo Gloria

The Flaky Fluke

Another day, another ticket.  This one involved a computer dropping network connection.  I pulled out my trusty Testum TP350 to test the network port and sure enough: one of the pins was showing shorted.  Normally data jacks are labeled, but this wasn’t one of them.  I put the tester into tone mode and went into the data closet with my probe.  Unfortunately, when you have a data cable plugged into a switch, you will get little to no tone.  I ended up calling the network administrator, giving him the MAC address of the PC so he could tell me what port on the switch the computer was plugged into.

From this: I could disconnect the cable from the switch, see if it had tone and then trace it back to the patch panel.  I did this and looked on the back of the patch panel.  One of the plastic pegs that holds the wires in was broken and one of the little cables was just dangling free.  I re-punched it to another port on the patch panel and all was well.

I like to try to solve problems on my own without involving other people unless I have to.  I did some Google searching and came up with the Superlooper Loopback adaptor for $5.99.   Although you can build one yourself, I like the durable design of this one.  When plugged into a network jack, it will produce a solid light on the switch.  Normal lights are either blinking  or no light at all, so this should stick out as a sore thumb (although I guess it’s possible that someone could be using the full 100MB of the port causing it to go solid, but that is unlikely).  This can also act as a poor mans cable tester: if you get a solid light, that means the line is probably good.

Although the Testum TP350 is pretty good, it is not as good for data testing as the Fluke Linkrunner is.  The Linkrunner goes for around $400 new while the TP350 goes for $70-$90 new.   The Linkrunner can blink a light on the switch in an off-on matter in addition to tone generation, display port speed, link strength, obtain an IP address, ping the core router/DNS server, etc.  I searched eBay before for used Linkrunners and never found any cheap ones, but I did snag one recently for $140.

The first thing I noticed when I got the Fluke was how hard it was to put in the 2 AA batteries.  Someone must have decided to make the world’s smallest battery compartment.  Getting batteries in and out requires the use of a flat blade screwdriver.  I began testing wires.  Although most functions of the tester worked, it seemed the cable testing part was not.  I had a cross over cable that I know was good, but the Fluke was saying it was bad.  I tried it on the TP350 and it passed it with flying colors.  I tried different batteries, wiggling the cables, etc., but nothing would make it stable.  The weird thing was that the tester seemed to pass most of my straight through cables without any problems.

I took the tester to work the next day where we have a Linkrunner Pro.  I tested the cross over on that and it passed the cable as good as well.  I went into our box of cables and started testing cables with my Fluke.  Some passed: others didn’t.  It seemed like certain ones with different connectors would fail.  I took a flash light and started to compare the Ethernet ports on the Linkrunner and the TP350.  On the Linkrunner, pins 1 and 8 were pushed down further than the rest of the metal rods in each.  I took a paperclip and bent it, then gently bent each rod back up.  Guess what?  Fixed it!

Upon the magical wonders of Google, I discovered that if you push a telephone plug into an Ethernet jack, pins 1 and 8 get pushed down very hard because a telephone jack only uses 2 pins in the middle and it’s only 6 pins wide.  There is solid plastic where pins 1 and 8 would be in the Ethernet port.  It is obvious that someone did this, and then tried to get rid of the meter.  Upon questioning the seller, he indicated to me that he had sold it to someone before me, but that person returned it since it did not have Cisco Discovery Protocol (CDP).

My question is: if you were smart enough to know about CDP, would you jam a telephone plug into Linkrunner that doesn’t test telecom equipment at all?

– Soli Deo Gloria