Re: Hacked NT/2K box

From: EPiC (epic@hack3r.com)
Date: 07/23/01 

Message-ID: <003701c11392$03822ba0$d2e714d8@hack3r.org>
From: "EPiC" <epic@hack3r.com>
To: "H Carvey" <keydet89@yahoo.com>, <focus-ms@securityfocus.com>
Subject: Re: Hacked NT/2K box
Date: Mon, 23 Jul 2001 10:10:38 -0600

I have been in encounters with many windows boxes that have been compromised
in my line of work. From win98 to win2k, not leaving out NT.

what all do you want to know, in most instances the machine was used as a
simple defacement.. however I have seen some backdoors, and a few created
accounts.

What are you looking for exactly, and I may be able to help

EPiC
hack3r.com

----- Original Message -----
From: "H Carvey" <keydet89@yahoo.com>
To: <focus-ms@securityfocus.com>
Sent: Monday, July 23, 2001 5:14 AM
Subject: Hacked NT/2K box

> When I was at BlackHat and DefCon recently, I was
> having discussions with some folks regarding an
> article I'd written on NT incident response. I'd
> written the article along the same lines as a
> Linux or Solaris incident response procedure, but
> with NT in mind.
>
> The discussion centered around this...having your
> hands on an NT or 2K box that was 'hacked' in much
> the same way as a Linux or Solaris box. I wasn't
> able to find anyone who has seen such a thing. I
> work on an all-NT infrastructure, with 2K systems
> providing web hosting in the data center. Many
> others have similar infrastructures.
>
> When a Linux box is 'hacked' (generally speaking,
> of course), the attacker puts on a rootkit and
> uses that box to step off an attack other systems.
> This isn't something you see with NT. The
> 'sadmin/IIS' (poisonbox) worm is another good
> example.
>
> So, my question to the group is this...has anyone
> seen a 'hacked' NT or 2K box? If so, what did you
> find out about it? What technique did the attacker
> use? How did they establish a foothold on the box,
> what tools did they load, and what did they do
> from there? I've already read through JD Glaser's
> BlackHat presentation from '99.
>
> It's been said that NT boxes are easy to hack b/c
> of vulnerabilities to services, but not easy to
> hack b/c you can't 'get on the box' the same way
> you can with Linux or Solaris.
>
> Input is appreciated.
>

Relevant Pages

  • RE: Hacked NT/2K box
    ... Subject: Hacked NT/2K box ... lots of cool trojan code ... |the same way as a Linux or Solaris box. ... What technique did the attacker ...
    (Focus-Microsoft)
  • RE: Hacked NT/2K box
    ... Subject: Hacked NT/2K box ... Also along the lines of remote control...all you need is an administrator ... |the same way as a Linux or Solaris box. ... What technique did the attacker ...
    (Focus-Microsoft)
  • Re: Whats with the KDE exploit? Is Fedora patched?
    ... On Linux one normally has a choice of browsers, ... The attacker has to get you to visit their site. ... > Port scanning is easy, and you don't have to find Linux users - your ... > Linux users comprise about 5% of the universal set, ...
    (Fedora)
  • Re: Parallel Print Server
    ... I had to do this because our Win/xplaptops would lose their ... connections to the samba printer every time they reboot. ... Is it possible for my linux box to print to this ... Or you could have had the windows boxes run a script from their ...
    (linux.redhat)
  • Re: Hey windows lusers, if M$ is so secure, why does it hide behind LINUX?
    ... "Ken Schaefer" wrote in message ... > Microsoft doesn't "hide behind Linux" - Akamai uses Linux. ... > the world, and lots of distributed bandwidth, an attacker can't overwhelm ... > Open Source Now, Open Source Forever! ...
    (microsoft.public.inetserver.iis.security)
Loading