RE: Hacked NT/2K box

From: Pidgorny, Slav (pidgorns@anz.com)
Date: 07/25/01


Message-ID: <CDEBAB5BBFE0024AABEAF438FB2A4D07692FC0@exgau100qsm00.oceania.corp.anz.com>
From: "Pidgorny, Slav" <pidgorns@anz.com>
To: 'Nichola Veitch' <veitchn@hotmail.com>, ryan@eEye.com, keydet89@yahoo.com, lynch00@msn.com, focus-ms@securityfocus.com
Subject: RE: Hacked NT/2K box
Date: Wed, 25 Jul 2001 19:07:45 +1000

Administrator can install drivers? :)

I don't have an answer but I do have a question: why the customer's running
IIS under admin account, not just user account?

Kindest,

Svyatoslav Pidgorny

> -----Original Message-----
> From: Nichola Veitch [mailto:veitchn@hotmail.com]
> Sent: 25 July 2001 18:16
> To: ryan@eEye.com; Pidgorny, Slav; keydet89@yahoo.com;
> lynch00@msn.com;
> focus-ms@securityfocus.com
> Subject: Re: Hacked NT/2K box
>
>
> A customer of mine is running IIS (not sure yet if 4 or 5).
> the IIS service
> account is using the domain admin account. can anyone tell me the
> implications of changing this account to one with less
> priviledges (should
> it be using the system account???)
>



Relevant Pages

  • Re: Running a script from an ASP page
    ... calling aspexec or an IIS setting or something else? ... >> or of the account given to the anonymous user to access cmd.exe. ... >> admin account is used for the anonymous user, but it does not work if I ...
    (microsoft.public.inetserver.iis.security)
  • OWA 2000
    ... wenn ich auf mein Postfach zugreifen möchte. ... Das wäre auch nicht weiter schlimm, allerdings erkennt er meinen Account ... Gebe ich den Admin Account an, ... IIS ebenfalls. ...
    (microsoft.public.de.exchange)
  • RE: SOME Users cannot access OWA others do, error HTTP 500
    ... I understand that some account access OWA ... IIS 6.0 compression corruption causes access violations ... compressed copy of the affected files on the SBS server: ...
    (microsoft.public.windows.server.sbs)
  • Re: Basic Authentication fails with Error 401.2 where Integrated s
    ... On the IIS directory security tab, anonymous access is disabled, digest ... authentication is disabled, integrated authentication is disabled and basic ... account created has full permissions for the folder and the file that's in it. ...
    (microsoft.public.inetserver.iis.security)
  • Re: so if you wnat to handle page not found links that are not aspx
    ... When i publish the site to a windows 2000 sp4 box running IIS, ... Sub Application_Error ... Make sure the ASPNET account in the W2K server ...
    (microsoft.public.dotnet.framework.aspnet)