Issledovaniya Intranet-seti kompanii PepsiCola International
---------------------------------------------------------------
Original etoj stat'i raspolozhen na
http://www.hackzone.ru
---------------------------------------------------------------
Date: 13 May 1998
Issledovaniya Intranet-seti kompanii PepsiCola International. [
pouchitel'naya istoriya s pechal'nym koncom ]
CyberLirik and Mix lirik_tnt@hotmail.com
Uvazhaemye chitateli, Vashemu vnimaniyu predlagaetsya stat'ya, opisyvayushchaya real'nyj
vzlom sistemy. |to 'issledovanie' bylo provedeno chisto v poznavatel'nyh celyah
i my staralis' rukovodstvovat'sya principom "ne navredi".
Vse nachalos' s moego interesa k h.25 setyam ( blago eta drevnyaya tehnologiya
vpolne prizhilas' u nas - seti tipa Rosnet, Rospac, IASnet, Infocom, Infonet,
SITA, Sprint imeyut svoi modemnye puly chut' li ne vo vseh gorodah Rossii,
ispravno snabzhaya NUI hakerov PPP i telnet dostupom v Internet ).
Dlya ryadovogo pol'zovatelya etu set' mozhno schitat' analogom Interneta, tut tozhe
est' svoi adresa ( pravda ne IP, a Network User Address ), est' i mnemoniki,
predstavlyayushchij analog imen DNS. Pravda udalenno po modemu "rabotat'" s etoj
set'yu mozhno tol'ko sidya na PADe v svoej terminalke. ( PAD - eto Packet
Assembler Disassembler t.e. veshch', kotoraya prinimaet \ peredaet pakety ot
pol'zovatelya k hostam , eto nemnogo pohozhe na telnet soedinenie).
Esli Vy hotite uznat' bolee podrobnuyu informaciyu pro h.25, to zaglyanite syuda
Itak....
Okolo 2 mesyacev nazad ya skanil SITA network na predmet interesnyh
obshchedostupnyh adresov v seti ( NUAs ). Odnazhdy utrom ya zaglyanul v log
skannera i obnaruzhil PPP soedinenie po adresu
2852376 PPP 165.198.104.22 ( sejchas etot adres ne otvechaet, skoree vsego
ego prikryli )
Pri podsoedinenii bylo obnaruzheno, chto set' predstavlyaet soboj nechto na
osnove tcp/ip s restricted dostupom v Internet.
Ispol'zovav servis whois, udalos' vyyasnit', chto dannaya maska ip 165.198.0.0
prinadlezhit
Pepsi-Cola International (NET-PCINET-B2)
1 Pepsi Way Somers, NY 10589
inetnum: 192.168.0.0 - 192.168.255.255 netname: IANA-CBLK1 descr: Class C
address space for private internets remarks: Country is really worldwide
remarks: This network should never be routed outside an enterprise
Vpolne logichnym teper' bylo pojti na blizhajshij router i chto-libo vyyasnit'
Router nashelsya legko - dostatochno bylo protrejsit' put' k lyubomu adresu,
otlichnomu ot 127.0.0.1 :)
>>>> tracert 165.197.160.10
Tracing route to 165.197.160.10 over a maximum of 30 hops
1 57 ms 60 ms 58 ms 165.198.104.22 <- my IP
2 578 ms 603 ms 583 ms 165.198.101.1 <- blizhajshij router
3 1170 ms 883 ms 1106 ms 192.168.52.49
4 1050 ms 903 ms 927 ms 192.168.52.5
5 912 ms 937 ms 939 ms 165.198.151.3
6 1043 ms 926 ms 1065 ms 165.198.151.1
7 1206 ms 924 ms 972 ms 165.198.151.3
8 1029 ms 969 ms 1028 ms 165.198.151.1 <-|
9 1044 ms 1021 ms 968 ms 165.198.151.3 <-| Loop
Zatem vpolne logichno bylo poprobovat' zajti na router telnetom
telnet://165.198.101.1
*****************************************************
* PLEASE ENTER THE PASSWORD AT THE SYSTEM PROMPT *
* - UNAUTHORISED ACCESS IS FORBIDDEN - *
*****************************************************
Password:
Kak obidno bylo uvidet' takoj banner ot CISCO routera, parolya na tot moment ya
ne znal ( a parol' byl na samom dele gustav, universal'nyj (!) parol' na vse
routery v etom Intranete )
Konechno eto nemnogo oblomalo, no ved' est' eshche priyatnye programmy - skannery
IP adresov :)
He dolgo dumaya, ya zapustil svoi NetScanTools na proskan ip diapazona
165.198.1.1 - 165.198.254.254 i obnaruzhil interesnye hosty dazhe s DNS entry
165.198.1.10 richntw1.richmond.intl.pepsi.com
165.198.1.11 RICHNTP2.richmond.intl.pepsi.com
165.198.1.12 RICHNTP3.richmond.intl.pepsi.com
165.198.1.13 RICHNTP4.richmond.intl.pepsi.com
165.198.1.14 richntp5.richmond.intl.pepsi.com
165.198.1.15 RICHNTP1.richmond.intl.pepsi.com
165.198.1.16 RICHMTA.richmond.intl.pepsi.com
165.198.1.18 RICHNTT1.richmond.intl.pepsi.com
165.198.1.21 RICHNTX1.richmond.intl.pepsi.com
165.198.1.24 proxy.richmond.intl.pepsi.com <- glavnyj proksi seti tut zhe
byl i interesnyj
FTP
165.198.4.14 corkntw1.cork.intl.pepsi.com
165.198.4.21 CORKNTP2.cork.intl.pepsi.com
165.198.4.85 WTODD.cork.intl.pepsi.com
165.198.4.86 TCOLLINS.cork.intl.pepsi.com
165.198.4.88 ZMCELLIG.cork.intl.pepsi.com
165.198.4.89 INTERMEC.cork.intl.pepsi.com
165.198.4.94 MDALY.cork.intl.pepsi.com
165.198.4.95 ABROWN.cork.intl.pepsi.com
165.198.4.96 KOBRIEN.cork.intl.pepsi.com
165.198.4.99 RMCGINTY.cork.intl.pepsi.com
165.198.4.102 MMCDONNELL.cork.intl.pepsi.com
165.198.4.104 MLANE.cork.intl.pepsi.com
165.198.4.105 BPEELO.cork.intl.pepsi.com
165.198.4.106 AONEILL.cork.intl.pepsi.com
165.198.4.109 RFOSTER.cork.intl.pepsi.com
165.198.4.112 SPETERS.cork.intl.pepsi.com
165.198.4.113 KODRISCO.cork.intl.pepsi.com
165.198.4.115 ABARRETT.cork.intl.pepsi.com
165.198.4.119 MHEALY.cork.intl.pepsi.com
165.198.4.121 KBENNETT.cork.intl.pepsi.com
165.198.4.122 SKIELY.cork.intl.pepsi.com
165.198.4.124 SWARD.cork.intl.pepsi.com
165.198.4.125 MTWOHIG.cork.intl.pepsi.com
165.198.4.126 NOCONNELL.cork.intl.pepsi.com
165.198.4.128 MCURTIN.cork.intl.pepsi.com
165.198.4.129 GMCNALLY.cork.intl.pepsi.com
165.198.4.130 MFITZGERALD.cork.intl.pepsi.com
165.198.4.131 TMEEHAN.cork.intl.pepsi.com
165.198.4.135 MMOLONEY.cork.intl.pepsi.com
165.198.4.138 JBOURKE.cork.intl.pepsi.com
165.198.4.141 OMURPHY.cork.intl.pepsi.com
165.198.4.142 CTRACEY.cork.intl.pepsi.com
165.198.4.143 COLEARY2.cork.intl.pepsi.com
165.198.4.149 RANTHONY.cork.intl.pepsi.com
165.198.4.151 JOHNS.cork.intl.pepsi.com
165.198.4.152 PCONDON.cork.intl.pepsi.com
165.198.4.153 SCRADOCK.cork.intl.pepsi.com
165.198.4.154 MSULLIVN.cork.intl.pepsi.com
165.198.4.157 JDALY.cork.intl.pepsi.com
165.198.4.158 DMURRAY.cork.intl.pepsi.com
165.198.4.159 DOREGAN.cork.intl.pepsi.com
165.198.4.160 SBRADY.cork.intl.pepsi.com
165.198.4.161 DOHERLIHY.cork.intl.pepsi.com
165.198.4.164 GUINNESS.cork.intl.pepsi.com
165.198.4.167 DOWENS.cork.intl.pepsi.com
165.198.4.168 AOSHAUGH.cork.intl.pepsi.com
165.198.4.170 RFOLEY.cork.intl.pepsi.com
165.198.4.171 ECOURTNY.cork.intl.pepsi.com
165.198.4.173 FOMAHONY.cork.intl.pepsi.com
165.198.4.181 DKENNEDY.cork.intl.pepsi.com
165.198.4.183 MSHINE.cork.intl.pepsi.com
165.198.4.187 SORIORDAN.cork.intl.pepsi.com
165.198.4.188 CPORTER.cork.intl.pepsi.com
165.198.4.189 DCROWLEY.cork.intl.pepsi.com
165.198.4.190 NTDRYAN.cork.intl.pepsi.com
165.198.4.192 MLEAHY.cork.intl.pepsi.com
165.198.4.193 NTENORTON.cork.intl.pepsi.com
165.198.4.194 JKENNEDY.cork.intl.pepsi.com
165.198.4.195 FMAGUIRE.cork.intl.pepsi.com
165.198.4.196 FINLPTOP.cork.intl.pepsi.com
165.198.4.197 MSHAUGHN.cork.intl.pepsi.com
165.198.4.198 NTCWALSH.cork.intl.pepsi.com
165.198.4.200 SWARD2.cork.intl.pepsi.com
165.198.4.201 TODONOVAN.cork.intl.pepsi.com
165.198.4.202 TMCCANN.cork.intl.pepsi.com
165.198.4.203 NTCHIGGINS.cork.intl.pepsi.com
165.198.4.204 POCALLAG.cork.intl.pepsi.com
165.198.4.205 LABEL_PC.cork.intl.pepsi.com
165.198.4.207 LAB_PC.cork.intl.pepsi.com <- ih laboratoriya
Aziatskij otdel PepsiCo
165.198.101.5 asiantu2.asia.intl.pepsi.com
165.198.101.10 asiantw1.asia.intl.pepsi.com
165.198.101.15 asiantc1.asia.intl.pepsi.com
165.198.101.21 asiantx1.asia.intl.pepsi.com
165.198.101.22 asiantx2.asia.intl.pepsi.com
165.198.106.7 hongntp1.hongkong.intl.pepsi.com
165.198.106.8 hongntp4.hongkong.intl.pepsi.com
165.198.106.9 hongntp3.hongkong.intl.pepsi.com
165.198.106.10 hongntp2.hongkong.intl.pepsi.com
165.198.106.91 ASIAHUB_NTSR1.hongkong.intl.pepsi.com
165.198.106.99 TRAIN03.hongkong.intl.pepsi.com
165.198.106.106 TRAINING.hongkong.intl.pepsi.com
165.198.106.142 ABOSE2.hongkong.intl.pepsi.com
165.198.106.179 MNAMI.hongkong.intl.pepsi.com
165.198.106.191 WINTAP.hongkong.intl.pepsi.com
Moscow
165.197.240.0 ?
165.197.240.2 ?
165.197.240.10 ?
165.197.240.11 ?
165.197.240.63 ?
165.197.240.64 ?
165.197.240.68 ?
165.197.240.127 ?
Oni yasno ne skupilis' na domejny dlya svoih podchinennyh....
Teper' stalo ponyatno, chto mozhet sushchestvovat' web-server, obsluzhivayushchij ves'
PepsiCola Intranet. Samoe interesnoe, chto tak vse i bylo :) Glavnyj server
imel adres http://www.intl.pepsi.com/ Zajdya lyubimym Netscapom po etomu urly,
udalos' vyyasnit', chto set' Pepsi est' i v Moskve, no shnurok tam tonkij - 64
kb i ip adresa ne ukazany
NETWORK SEGMENT INFORMATION Somers / Moscow
moscow.somers.intl.pepsi.com
SEGMENT NAME Somers / Moscow DIVISION PCI MEDIA MCI IPL BANDWIDTH 64 Kbps
CATEGORY Remote Link NETWORK ID GCI - 18232-00100 IP Address
Udalos' vyyasnit', kakim bokom Pepsi dostupny po h.25 ... Sushchestvuet tak
nazyvaemyj proekt WorldOne Profile, pro zaklyuchenii dogovorov po kotoromu
lokal'nym podrazdeleniyam daetsya vyhod na h.25:
http://www.emea.intl.pepsi.com/Somers/Depts/IT/WorldOne/netinfo.htm "The
WorldOne project is managed out of the Telecommunications Department of
Pepsi-Cola Company International. PCCI is centrally managing the project for
all of PepsiCo's International Divisions. WorldOne works with
telecommunications providers around the world to provide PepsiCo with the
best services. WorldOne can supply data and voice solutions for both
in-country and country-to-country. WorldOne has chosen Concert
Communications, the joint venture between MCI Communications and BT
Communications (British Telecom), as our primary global network provider."
Vot i vsplyla SITA iz gonkongovskogo podrazdeleniya
Dalee byl najdet zabavnyj ftp server ftp.somers.intl.pepsi.com. Pod anonymous
tam byla dostupna vse auditnaya informaciya o dohodah i tehnologicheskih
sekretah Pepsi :), naprimer, kak iz @#$%XX sdelat' napitok i chipsy Lays. Tam
my i obnaruzhili konfigi routerov, paroli v kotoryh uspeshno byli raskriptovany
s pomoshch'yu cisco.c Tak, po neponyatnym prichinam tam lezhal fajl s nomerami,
udivitel'no pohozhimi na AMEX ... no eto uzhe drugaya istoriya....
Pol'zuyas' intellektual'nym cgi-searchem na
http://www.emea.intl.pepsi.com/Somers/Search.htm udalos' najti eshche neskol'ko
ftp, s polnym dostupom k chuzhim diskam. Hastalo vremya routerov, v pervuyu
ochered' posetili hong-kong
User Access Verification
Password: gustav
hkonr1#show x25 ? map Show x25 map table pad X25 pad connection status
remote-red X25 REMOTE-RED table route Show x25 routing table vc Show x25
virtual circuit parameters and statistics
hkonr1#show x25 route
Number X.121 CUD Forward To
1 2852376 translation, 148 uses
hkonr1#show hosts Default domain is intl.pepsi.com Domain list:
INTL.PEPSI.COM, SOMERS.INTL.PEPSI.COM Name/address lookup uses domain
service Name servers are 165.198.151.29, 165.198.151.28
Teper', obladaya parolyami k routeram, my mogli perenastroit' ves' rouming,
vpolne mozhno bylo vnedrit' lozhnyj router \ dns server dlya perehvata vseh
paketov, prohodyashchij cherez intranet.
K sozhaleniyu, na tot moment ya ne znal pro vozmozhnost' podklyuchat' rassharennye
diski win95/NT po Netbiosu cherez tcp/ip. Togda my pozhivilis' by eshche bol'shim
..
V zaklyuchenie my vyyasnili, chto set' otdelyaet ot interneta prodvinutyj firewall
po
adresu
157.146.100.6, odnako paru dnej s nashih akkauntov byl neogranichennyj dostup v
internet.
Izuchaya router, ya vspomnil, chto videl podobnuyu veshch' na moskovskom dialape,
kotoryj nashel skanirovaniem 095-258-hhhh ats
2587465 po etomu telefonu raspolagalsya nezaparolennyj router toj zhe samoj
Pepsi !
moscr1>termianl Translating "termianl"...domain server (165.198.151.29)
(165.198.151.28) % Unknown command or computer name, or unable to find
computer address
moscr1>ppp
Po neponyatnym prichinam ( no kazhetsya ya nachal ponimat' :) etot telefon
prikryli.
Hizhe prilagaetsya fajl hosts so vsemi dnsami hostov v PepsiCola Intranet
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#[cek01] HOSTS, September 8, 1995 9:51:39, Edit by Chris Kalish
# Pepsi-Cola International Global /etc/hosts file.
#
# The Master Copy of this file is currently in \\CKalish\c$\etc\hosts.
# When making changes to the HOSTS file, ALWAYS edit it in this
# location. To propogate the file, use the command file:
# \\CKalish\C$\NewHost.CMD.
#
# This file is the master hosts file that gets replicated onto the
# primary PCI WINS server (165.198.151.10).
#
127.0.0.1 localhost
#PCNA
157.146.85.109 SomL01 #PCNA Notes Server
157.146.99.2 Mainframe
157.146.100.4 Pepsi.com
157.146.100.5 PCNA
157.146.100.5 PCNA
157.146.100.6 Internet #DNS
157.146.104.24 DevUX2
157.146.104.27 HRUx2
#PCNA - Remedy
#Cathy Urbano Request 157.146.160.12 PmnTUx2 #Remedy
#PCNA - Remedy System
157.146.161.92 ArSux1 #Remedy System
#Oslo
165.197.1.10 Oslo
165.197.1.10 PCIOsloNT01 #DOM:OSLO
165.197.1.11 OsloNT02 #Oslo
#Bussum
165.197.2.10 BussNTP01 #NT Bussum
#DEC
165.197.4.194 PenM01
#Warsaw
165.197.6.1 WarsR1 #Router Warsaw, Poland
165.197.6.70 pciwar06 #Novell Gateway Warsaw, Poland
165.197.6.71 pciwar05 #SCO UNIX server Warsaw, Poland
165.197.6.72 pciwar04 #Novell office server Warsaw, Poland
165.197.6.73 pciwar03 #Novell A/R server Warsaw, Poland
165.197.6.74 pciwar02 #DOMAIN: WARSAWNT
165.197.6.75 pciwar01 #Novell Database server Warsaw, Poland
#Poland
165.197.7.1 pnier1 #Router Pniewy, Poland
165.197.7.8 pcipni03 #Novell Gateway Pniewy, Poland
165.197.7.9 pcipni01 #Novell Pniewy, Poland
165.197.7.10 pcipni02 #DOMAIN:PNIEWNT
#Milan
165.197.10.140 MilaNTP1 #Milan SQL Server
#Athens
165.197.14.10 PCIAth01 #Athens SQL Server
165.197.14.10 PCIAth03 #Athens SQL Server
#Istanbul
165.197.18.1 Istanbul #Istanbul (NAME)
165.197.18.10 IstaNTP1 #Istanbul (NAME)
#Dubai
165.197.20.2 PciDxbMakt01
165.197.20.160 DubaNTT1
#Jeddah
165.197.24.130 PCIJed01 #DOMAIN:JEDDAHNT
#Cairo
165.197.28.2 PciCair002
#Budapest
165.197.30.9 BudaNTP1 #DOMAIN:BUDAPROD
165.197.30.10 PCI-Bud4
165.197.30.202 Budapest
#Frankfurt
165.197.35.10 NeuiNTP1
#Paris
165.197.40.10 PariNTP1
#Madrid
165.197.47.10 MadrNTP1
#Boca Raton
165.197.51.10 PCILAD #Boca Raton
#Rio
165.197.89.10 PCIRio2
#Beunos Aires, Argentina
165.197.90.14 PCIArg4 #Beunos Aires
#Mexico City
165.197.91.11 PCIMex3 #Mexico City
165.197.91.12 PCIMex1 #Mexico City
#Caracas
165.197.92.10 PCIVen01 #Caracas
#Cidra
165.197.92.138 CidrNTP2
#Colonia
165.197.93.11 ColoNTP0
#Lahore
165.197.116.11 PCILhe001
#Singapore
165.197.121.10 PFISin01
#Valhalla
165.197.151.10 BQIS01 #DOM:ValhallaNT
165.197.151.250 ValUXTst #Valhalla SCO Unix Test Server
#Valhalla
165.197.152.5 Val400 #Valhalla AS400
#Somers Lab
165.197.160.10 SomeNTW1 #Temporary HTTP server
165.197.160.10 WWW.Somers #Temporary HTTP server
165.197.160.10 FTP.Somers #Temporary HTTP server
165.197.160.10 News.Somers #Temporary HTTP server
165.197.160.70 SomeNTML1 #DOM:MLLAB
#Dublin, Ireland
165.197.254.21 DublR1 #Router Dublin, Ireland
#Bussum
165.197.254.67 BussR1 #Router Bussum
#Richmond
165.198.1.7 PFIEurNT01
165.198.1.8 RichTestNT #DOM:Rich Test Domain
165.198.1.9 NTSql01 #DOM:EIS
165.198.1.9 Richmond01 #DOM:EIS
165.198.1.12 RichNTP3
165.198.1.60 PCIEurope #DOM:RICHMONDNT
165.198.1.60 Richmond
#Cork, Ireland
165.198.4.10 PCICork03 #Cork, Ireland
165.198.4.20 Cork400 #Cork, Ireland
#Richmond
165.198.5.10 RichNTT1
#New Malden
165.198.11.4 PCIAfr02 #DOM:NEWMALDENNT
165.198.11.10 NewMNTP1 #DOM:NEWMALDENNT
165.198.11.10 News.NewMalden
#Prague
165.198.18.6 PCIPrag2
#Vienna
165.198.21.11 Vienna
165.198.21.12 EmeaUXP1 #SCO Machine
165.198.21.16 VienNTT1 #DOM:VIENTEST
165.198.21.17 VienNTP1 #DOM:VIENPROD
165.198.21.100 EmeaNTP1 #DOM:EMEAMAIL
#LAD STC
165.198.51.24 LADSNTP1
165.198.51.25 stc-server
#Brenden's Ring
165.198.64.10 AmerNTP1 #DOM:AMERMAIL
165.198.64.21 AmerNTX1 #DOM:AMERMAIL
165.198.64.22 AmerNTX2 #DOM:AMERMAIL
#NOLA
165.198.64.46 PCINolaNT #NOLA
#Singapore
165.198.101.1 SingR1 #Router
165.198.101.2 AsiaNTD2 #NT
165.198.101.3 AsiaNTP2 #NT
165.198.101.5 AsiaNTD1 #NT
165.198.101.6 SingR2 #Router
165.198.101.8 HPSing
165.198.101.9 PCISinPepsi #HP UX
165.198.101.10 AsiaNTP1 #NT
#165.198.101.12 PCISin18 #SCO Unix
165.198.101.13 PCISin13 #SCO Unix
165.198.101.16 PCISin16 #NT
165.198.101.17 AsiaUXR1
165.198.101.19 PCISin19 #SCO Unix
165.198.101.20 AsiaNTS1
165.198.101.18 SCOSing
165.198.101.19 PCISin19
165.198.101.64 PCISin02 #DOM:SIN04
165.198.101.65 PCISin03 #OS/2
165.198.101.67 PCIFin04 singapore
165.198.101.67 PCISin04 #DOM:SIN04
165.198.101.68 PCISin05 #NT
165.198.101.70 PCISin07 #NT
#Asia Development Centre
165.198.101.9 AsiaUXD3
165.198.102.10 AsiaNTD4
165.198.102.11 AsiaUXD1
165.198.102.12 AsiaUXD2
165.198.102.20 AsiaNTD3
#165.198.103.10 AsiaUXT1
#Hong Kong
165.198.106.7 HongNTP1 #DOM:HONGPROD
165.198.106.20 HongUXP1 #DOM:HONGPROD
#Japan
165.198.111.10 TokyNTE1 #DOM:PCJ
165.198.111.11 TokyNTJ1 #DOM:PCJ
165.198.111.12 TokyNTE2 #DOM:PCJ
165.198.111.13 SCOPcj #Tokyo SCO Unix
165.198.111.15 PcjPLM #Tokyo SCO Unix
165.198.111.17 NPCSd17 #Tokyo SCO Unix
#New Delhi
165.198.121.10 NDelNTS1
#Manilla
165.198.126.10 PCIMnl02
#Somers Backbone
165.198.151.1 1914BB
165.198.151.1 7gateway
165.198.151.10 NTRas #DOM:WINDOWSNT
#WINS Resolved: 165.198.151.21 SomeNTX1 #DOM:SOMEMAIL
#WINS Resolved: 165.198.151.22 SomeNTX2 #DOM:SOMEMAIL
#WINS Resolved: 165.198.151.23 SomeNTX3 #DOM:SOMEMAIL
#WINS Resolved: 165.198.151.24 SomeNTX4 #DOM:SOMEMAIL
165.198.151.26 SomeNTGW1 #DOM:SOMETCOM
165.198.151.27 SomeNTGW2 #DOM:SOMETCOM
165.198.151.28 SomeNTC1 #DOM:SOMETCOM
165.198.151.29 SomeNTC2 #DOM:SOMETCOM
165.198.151.31 SomeNTU1 #DOM:SOMEMAST
165.198.151.32 SomeNTU2 #DOM:SOMEMAST
154.198.151.49 SomeNTP2 #DOM:SOMESMS
154.198.151.59 SomeNWBR1
165.198.151.193 Valhalla
#Somers
165.198.152.1 19146A
#Somers Hotline
165.198.153.1 19146B
165.198.153.6 NTAS_Test
165.198.153.20 SomeNTD5 #DOM:SOMEDEV
#Somers Developers
165.198.154.1 19146BD1
165.198.154.1 DEVGateway
165.198.154.19 SomeNWQ1
#WINS Resolved: 165.198.154.23 PCILunch02 #DOM:NTTEST
#Somers Development Backbone
165.198.155.1 19146BD2
165.198.155.1 PRDgateway
165.198.155.9 SomeNWT1
165.198.155.21 SomeNTD1 #DOM:SOMEDEV
165.198.155.22 SomeNTP1 #DOM:SOMEPRD
165.198.155.23 SomeNTD2 #DOM:SOMEDEV
165.198.155.24 SomeNTT1 #DOM:SOMETST
165.198.155.26 SomeNTT2 #DOM:SOMETST
165.198.155.27 SomeNTR1 #DOM:SOMEPRD
165.198.155.28 SomeNTS1 #DOM:SOMESYS
165.198.155.29 SomeNTD4 #DOM:SOMEDEV
165.198.155.30 SomeNTT3 #DOM:SOMETST
165.198.155.31 SomeNTS5 #DOM:SOMESYS
165.198.155.32 SomeUXM2 #Unix Maintenance Box
165.198.155.33 SomeNTQ1 #DOM:SOMEQA
#WINS Resolved: 165.198.155.50 CKalish #DOM:NTTEST
#WINS Resolved: 165.198.155.51 PCILunch01 #DOM:NTTEST
#WINS Resolved: 165.198.155.51 PCILunch95 #DOM:NTTEST
165.198.155.89 SomeUXD1
165.198.155.89 "SomeUXD1.pfbi.com"
165.198.155.90 Backup_NWS
165.198.155.91 NPTestLab #Printer for SCO
165.198.155.92 NPTestLab1 #Parallel Port #1
165.198.155.93 NPTestLab2 #Parallel Port #2
165.198.155.94 NPTestLab3 #Serial Port
#Functional Leader Area
165.198.156.20 "Progress_7_Printer"
#Somers Novell Rings
165.198.156.1 19147A
165.198.157.1 19147B
165.198.158.1 19147C
165.198.159.1 19147D
165.198.160.1 19147E
165.198.161.1 19147F
165.198.165.1 13
#Systems Lab
165.198.160.20 SomeNTB1 #DOM:SOMEBKP
165.198.160.21 SomeUXD2
165.198.160.22 SomeUXS2
165.198.160.23 SomeUXM1
165.198.160.24 SomeUXT1
165.198.160.25 SomeUXT2
165.198.160.26 SomeUXS1
165.197.160.70 SomeNTML1 #DOM:MLLAB
165.198.160.200 SomeNTD3 #DOM:SOMEDEV
165.198.160.253 SomeUXR1 #DOM:SOMEPRD
#Wilson's Lab
165.198.163.20 SomeNTR2 #DOM:SOMEPRD
165.198.163.21 MailNTX1 #DOM:MAILTEST
#Mike's Lab
165.198.166.2 SomeMS1 #ATM Media Switch (Server room)
165.198.166.3 SomeMS2 #ATM Media Switch (6B)
165.198.166.8 SomeMGS #ATM to ISDN gateway
165.198.166.9 SomeMSS #ATM Media Storage Server
165.198.166.10 Pepsi_Online
#KFC Woking
168.242.142.165 KFC_001 #LNeus Request 10/2/96
#PFI Mexico
190.90.56.120 UXMal #LNeus Request 10/2/96
#PFA Brazil
192.1.100.8 IPS_Server #LNeus Request 10/2/96
#PRI Mexico
194.1.1.9 IPS-Mexico #LNeus Request 10/2/96
#Purchase
198.180.222.14 PurProd
198.231.25.84 HRUx1
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Bolee drugoj vzglyad na etu set' by Mix ( nu on
nemnogo putaet :)
Delo bylo tak ... ZHil-byl Lirik, i so skuki voz'mi on i daj mne odin pad v
site,
i pri etom skazal on
: -Ha ! daryu, toka vse ravno tam ty tol'ko k lokal'noj setke prikonektishsya, da
i
to hren znaet, chto eto
za setka, ya proboval i nichego ne vyshlo - tam firewall, skazal Lirik :) Hu ya
so skuki vzyal i prikonektilsya...
Po privychke moya ICQ, kak tol'ko pochuvstvovav, chto poshli pakety po TCP-IP,
voz'mi i davaj so svoim servakom konektit'sya . He uspel ya i glazom morgnut',
kak ICQ skonektilas' :-( ) . "He ponyal" - voskriknul ya :) Ho zagruziv
netscape navigator 3.0 gold i napisav : www.cnn.com^M ya okonchatel'no i
bezpovorotno ubedilsya - ya v inete .
Hmm - stranno ?! Lirik stareet :) ili oni otkryli gejt posle togo, kak on
etot pad proboval ? Het - nemozhet byt', podumal ya, skoree vsego vtoroe . Hu
ladno, ne budem ob etom. Hu davaj ya znachit etot akkount yuzat' :) a tut i
Lirik podvalil v ICQ contact list, i mne messagu srazu "Ty gad, ty, chto mne
ne skazal, chto tot pad rabotaet !!! :( " Hu ya davaj emu obyasnyat', chto ya sam
toka toka ponyal eto :)
Hu vrode, kak mne pokazalos', on menya ponyal. Hu znachit Lirik vremya darom ne
teryaya, stal skanit' tamashnie IP na domajnovye imena . I cherez 5 minut my byli
na servere (---). Poputeshestvovav tam eshche nemnogo my ponyali, chto imeem dostup
v set' GlobalOne. Kak potom vyesnyalos' - eta set' prinadlezhit kompanii PEPSI.
Dostupa na servera etoj setki iz ineta konechno nebylo . My srazu ponyali, chto
eti servera ne dlya vseh (ya imeyu vvidu tol'ko dlya sotrudnikov kompanii). Ham s
legkost'yu udalos' probrat'sya na imeyushchiesya u seti servery FTP. My byli
porazheny kogda uvideli, chto kak Anonymous mozhno vojti pochti na lyuboj ih FTP.
YA byl prosto schastliv, kogda uvidel chto dlya anonymous tam polnyj dostup. YA
imeyu vvidu chto mozhno i zapisyvat' i stirat' i t.d. Teper' nashi poslednie
somneniya propali - My zabralis' tuda, gda nas ne zhdali. Ponyav eto, Lirik
podklyuchil svoyu golovu na vse 100% i tut nachalos' ! Pervoe, chto on nashel, byl
fajl hosts - fajl v kotorom vse IP adresa ih routerov ! potom - tak nevznachaj
on natknulsya na 100 kilobajtnyj fajl s dannymi kreditnyh kartochek American
Express :-( )!
YA dumayu, chto eto kakaya-to tochka kompanii Pepsi zapisala vse dnevnye
Transactions v etot fajl i zakinula na ftp. potom okazalos', chto tam nebylo
exp.dates no sam fakt - ostavalsya faktom ! Konechno - eto bylo by ochen' prosto
:) YA nashel reklamnyj videoklip, kotoryj mne ponravilsya, kstati ! eto byl
tol'ko proekt kompanii, poluchaetsya, chto ya uvidel ego pervym :) Posle etogo my
nashli fajl, gde lezhat zashifrovannye paroli ih routerov. paroli bylo legko
uznat' imeya pod rukoj rasshifrovshchik parolej dlya cisco :) . I vot on ! etot
perelomnyj moment ! ya na golovnom xxx.xxx.1.1 routere seti globalone ! wow !
kruto !!! vot eto hak podumali my ! U nas poyavilsya plan, nuzhno dat' routeru
nash IP v seti i on budet roitit' ih narod ne na secute server a k nam v ruki
:). Hastupilo temnoe vremya sutok... Ha sleduyushchij den', horoshen'ko vyspavshis'
ya nabral situ, vvel nomer pada i s uzhasom obnaruzhil, chto nashu lazejku
prikryli :-( ) ! neeeet voskriknul ya ! ne mozhet byt' . no kak ya ne proboval -
pad byl zakryt.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Zaklyuchenie.
Vozmozhno u vas poyavitsya zakonnyj vopros - Kakogo hrena rasskazyvat' pro
Pepsi, kogda vse uzhe prikryli ?
Ha etom primere ( ya nadeyus' ) my sumeli pokazat', chto
1) dazhe intranety interesny dlya issledovaniya
2) skanit' seti na predmet adresov stOit
3) pravil'naya zashchita lokal'noj seti sostoit ne tol'ko v tom, chtoby kupit'
super-navorochennyj firewall kompleks, no i predprinyat' mery ogranicheniya
dostupa v samom seti. 3a) kazhdomu predstavitelyu lokal'nogo podrazdeleniya nado
vydelyat' akkaunt na central'nom ftp servere ( na ftp.somers.intl.pepsi.com
vsya informaciya zakachivalas' pod anonymous i razmeshchalas' v /incoming/russia,
/incoming/hong) 4) vse mozhno vpolne udobno izuchat' iz windowz 95 :) 5)
polezno posmotret', kak ustroen rouming v bol'shih intranet ( esli povezet, v
sleduyushchij raz budet obzor po Microsoft Intranet :), na Pepsi on ustroen vot
tak 6) adminy lenivy i dayut sebya lomat'
www.hackzone.ru
Last-modified: Fri, 15 May 1998 08:57:41 GMT