Re: anti Windows XP SP2 firewall trick

From: Ansgar -59cobalt- Wiechers (bugtraq_at_planetcobalt.net)
Date: 09/08/05

  • Next message: Rohit: "Serious Security issue with broken - Microsoft's .Net XML Serialization API"
    Date: Thu, 8 Sep 2005 15:00:47 +0200
    To: bugtraq@securityfocus.com
    
    

    On 2005-09-07 crusoe@alexandria.cc wrote:
    [...]
    > #c:\bugg.exe Server running on port 2001
    >
    > connect to server with :
    >
    > #telnet localhost 2001
    [...]
    > Our Registry path is
    >
    > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    >
    > and there you can create string value
    >
    > Value name Value
    >
    > C:\chat.exe ........ C:\chat.exe:*:Enabled:chat

    Being able to create that value means that you have admin privileges on
    that box, thus you can do whatever you want anyway (including completely
    shutting down the Windows-Firewall). So this is by no means a trick or
    flaw, but simply expected behaviour.

    Regards
    Ansgar Wiechers

    -- 
    "Another option [for defragmentation] is to back up your important files,
    erase the hard disk, then reinstall Mac OS X and your backed up files."
    --http://docs.info.apple.com/article.html?artnum=25668
    

  • Next message: Rohit: "Serious Security issue with broken - Microsoft's .Net XML Serialization API"

    Relevant Pages

    • SQL Connection Problem
      ... An error has occurred while establishing a connection to the server. ... database location within the applications App_Data directory. ... Boolean& failoverDemandDone, String host, String failoverPartner, String ... user, String password, Boolean trusted, String connectionString) +68 ...
      (microsoft.public.dotnet.framework.aspnet)
    • server-side JavaScript: Prototypes of built-in classes, objects and functins
      ... Session object (disk-based session variables for data persistence ... File class (manipulation of files on server, ie. open, close, read, ... //Methods Cgi.queryCgi.postCgi.anyby default return an empty string if requested var not found ...
      (comp.lang.javascript)
    • Re: SSP backup
      ... 2)MOSS_SETUP_FARM is a dbo on the config database. ... Application Server Administration job failed for service instance ... name, ApplicationPoolIdentityType identityType, String userName, SecureString ... password, TimeSpan idleTimeout, TimeSpan periodicRestartTime) at ...
      (microsoft.public.sharepoint.windowsservices)
    • Re: App_data - ASPNETDB.MDF
      ... is only because I want my site work, without exception. ... Server Error in '/' Application. ... serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 ...
      (microsoft.public.dotnet.framework.aspnet)
    • RE: SQL Connection Problem
      ... sites do not have a dedicated database or web server for them to run on. ... > Boolean& failoverDemandDone, String host, String failoverPartner, String ... > user, String password, Boolean trusted, String connectionString) +68 ...
      (microsoft.public.dotnet.framework.aspnet)