RE: w2k server compromised

From: Laura A. Robinson (larobins@bellatlantic.net)
Date: 01/24/03

  • Next message: Laura A. Robinson: "RE: Bypass Traverse Checking?"
    From: "Laura A. Robinson" <larobins@bellatlantic.net>
    To: "'Dan Uscatu'" <duscatu@lunatech.ro>, <focus-ms@securityfocus.com>
    Date: Fri, 24 Jan 2003 02:59:16 -0500
    
    

    LDIFDE or CSVDE, although they just do text dumps of the configuration and
    accounts and won't maintain SIDs. You could use ADMT v2 to migrate from the
    infected domain into a clean domain, and it does migrate passwords.

    Laura

    > -----Original Message-----
    > From: Dan Uscatu [mailto:duscatu@lunatech.ro]
    > Sent: Thursday, January 23, 2003 3:17 AM
    > To: focus-ms@securityfocus.com
    > Subject: w2k server compromised
    >
    >
    > hey all
    >
    > i just found one of the w2k servers to be infected and acting
    > very strangely. unfortunately it is a domain controller and
    > it has all the users/computers lists.
    >
    > how can i export these before reinstall in order to keep the
    > exact same configuration (everything except passwords of
    > course) ? i suppose this could be usefull to be done on a
    > regular basis too...
    >
    > TIA
    >
    >



    Relevant Pages

    • [NEWS] Weak Password Protection in WebSphere XML Configuration Export
      ... Passwords in WebSphere XML configuration export are not sufficiently ... WebSphere Advanced Server Edition 4.0.4 offers a management functionality ... The obfuscation algorithm is as follows: ...
      (Securiteam)
    • Re: Debian default ssh configuration problem with public/private key checking
      ... This is a vanilla sshd configuration. ... What changes should I make to enable the public/private key Authentication? ... # To enable empty passwords, ... debug1: Server accepts key: pkalg ssh-rsa blen 277 ...
      (Debian-User)
    • [opensuse] Authentication Question Cyrus-Imap / Postfix
      ... after reading several posts and websites, I finally got stuck with my configuration on a openSUSE 11.4 box and help in any form is highly appreciated. ... I want to make sure that both SMTP and IMAPs services are working with encryption, so that no clear text passwords are send over the wire. ... If I configure my Thunderbird mail client to work with Postfix on port 587, STARTTLS and non encrypted passwords, everything seems to work fine. ... sasl_mech_list: PLAIN LOGIN ...
      (SuSE)
    • Re: Merge forests and rename with Server 2003 and Server 2008 Enterpri
      ... The current configuration was obtained from domainlist.xml after running ... You use ADMT to migrate the domain. ... Exchange can not be migrated. ... the contents of the mail boxes from the old to the new with ExMerge (Ex2003 ...
      (microsoft.public.windows.server.active_directory)
    • Re: Weak password protection in WebSphere 4.0.4 XML configuration export
      ... indeed are aware of the encoded passwords. ... Several of the WebSphere configuration files contain user IDs and ... Weak password protection in WebSphere 4.0.4 XML configuration ...
      (Bugtraq)