Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Microsoft Outlook

  • 22-01-2004 2:07pm
    #1
    Closed Accounts Posts: 5


    Ok guys, i really need your help here...!
    So, im doing my dissertation on digital security and my project supervisor has asked me to demonstrate an attack on a network for the presentation part of it. So I was thinking it would be pretty cool if i could hack into the lecturer's email account! All i no is that they are Outlook accounts.
    Basically, what i need is someone, to explain to me (in plain english) exactly how to do this. I no its a lot to ask but im really desperate!!
    Or alternatively, if anyone could come up with any suggestions of other easier attacks i could demonstrate, this would be great.

    Please help!!


Comments

  • Closed Accounts Posts: 6,601 ✭✭✭Kali


    I really wouldnt advise that as a "cool thing to do"... instead simply play around with a few network sniffers (ethereal or the like) and display the fact that the vast majority of information transmitted is in plain text, and that the data load of any particular packet could contain passwords or important information.

    Easiest way to demonstrate this is to have three computers connected to a hub, one acting as a test mail server, one as a client, and run the packet sniffer on the third machine.. client checks his mail and hey presto youve got his password...

    but dont go actually trying to hack any real network or mail accounts. not a good idea and your lecturers will NOT be impressed.


  • Registered Users, Registered Users 2 Posts: 11,987 ✭✭✭✭zAbbo


    What kinda email server, i think they(dkit) use OWA, which i assume they havent changed over to the squrrel mail that the students use. First things first find out what version they`re using linky here
    throws up " Version 5.5 SP4", search for any vulnerabilities on this version.

    Anyway thats seems quite high level if you never messed with "security" before.

    Easier attacks would be DoS attacks of some sort. I`m sure all of this would have to be done in a controlled environment


  • Closed Accounts Posts: 5 HackWannabe


    The problem with a DoS attack Baz is that i really dont want to make some website crash. At least with a hacking attack, i can go in and out without any real harm done. You see my problem?


  • Registered Users, Registered Users 2 Posts: 11,987 ✭✭✭✭zAbbo


    Originally posted by HackWannabe
    The problem with a DoS attack Baz is that i really dont want to make some website crash.
    website/server whatever ;)

    I dont think the merit will be on "hey look at what i can do" but more so on the vulnerabilities that exist and the methods that can be used to achieve the information that would allow an attack, so they have an email server, you can show how easy it is to find the IP address, then run a port scan on the server....etc.

    Im not sure what aspect you`re taking this project from, but im sure the college has adaquate intrusion detection to trace/track any hax attempts(well the *nix machine will). Maybe tou could run something like Kali mentioned, more of a controlled environment.


  • Closed Accounts Posts: 1,006 ✭✭✭theciscokid


    DoS attacks are so low, the scum of the internet.. zombies controlling zombies

    boy i hate them :rolleyes:


  • Advertisement
  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,583 Mod ✭✭✭✭Capt'n Midnight


    Dissertations - that's your cover story ??

    Hacking into someones email account - especially when it could contain sensitive correspondence like results / requests etc. - I'd reckon it's the sort of thing you could easily and justifiably get expelled for.

    And even if the Lecturer agreed you would still have to get an OK from IT and HR..

    BTW: you KNOW(SP) very little if you say it's outlook
    Outlook express
    Outlook / SMTP
    Outlook Exchange or other LADP etc. etc.

    Thin Ice mate - if you haven't thought the implications through. Find out from you lecturer what is acceptable before going any further - a test environment is needed - you DON'T want to succede in a hack attack on a production network.


  • Registered Users, Registered Users 2 Posts: 2,243 ✭✭✭zoro


    yeah i agree with MC here .... if anything, see if it'd be possible to have an account setup for this purpose

    or even better do it on your own machine!


  • Registered Users, Registered Users 2 Posts: 1,714 ✭✭✭Ryaner


    The packet sniffer would work wonders if the Outlook account is moveable. Ie they can log into multiple pc and get their full inbox. If this is the case, you can, in effect, sniff all the packets going to an email inbox and get outlook on your machine to open them. There is programs for doing this thru a kind of site mirror as such but it will really depend on how the log in for outlook takes place.
    I agree with Kali tho. Setup a test network and send email and sniff them. It's alot easier and safer. Collages have a very very big backlash at people who try to hack them or abuse their systems


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,583 Mod ✭✭✭✭Capt'n Midnight


    BTW Exchange server can use secure connections.


  • Registered Users, Registered Users 2 Posts: 1,714 ✭✭✭Ryaner


    Originally posted by Capt'n Midnight
    BTW Exchange server can use secure connections.

    Std outlook connections on roaming outlook account (ie ones that the login details are kept with the system login) tend to be mainly plain text with no security


  • Advertisement
Advertisement