Re: more info on a hopefully unsuccessful compromise
From: Sergey Latkin (slatkin_at_phg.com)
Date: 07/14/03
- Previous message: sgt_b: "www.google.com reference in directory-traversal attack"
- In reply to: LiNERROR: "Re: more info on a hopefully unsuccessful compromise"
- Next in thread: Dial Joe: "RE: more info on a hopefully unsuccessful compromise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: LiNERROR <linerror@stx.rr.com>, incidents@securityfocus.com Date: Mon, 14 Jul 2003 15:29:52 -0400
LiNERROR
Several questions
What type of logon do you use - network, interactive? Is it a local or domain
admin account? NT domain or AD?
What events are generated in the security log when you are logging in whith
those accounts?
Do file sizes/timestamps/checksums of logon and security DLLs (like
msgina.dll) are different among your Win2000proSP3 systems?
On Monday July 14 2003 01:04, LiNERROR wrote:
> yes i have, i just posted a little more information to better facilitate
> the constant barrage of questions and answers, and to present an actual set
> of questions that i am looking for answers to rather than continue with the
> "your too stupid to now what your doing" answers that i have received.
>
> the difference between the accounts is almost none... 1 is the default
> admin account with a strong password that shows up in the user manager. the
> other three should not be there, and are not in the user manager, yet, you
> can still access the system with the use of one of the three "ghost"
> accounts.
>
> it's a little of setting to come in one day and find two systems on the
> back waters of your network with the ability to be connected to with 3
> passwords you never set.
>
> I tried to disable the default admin account in an attempt to perhaps lock
> out the "ghost" accounts. however when i tried to i was presented with a
> lovely message that the admin account can not be diabled.
>
> presently there are 4 sets of login/password that can login to the systems
> admin with my password
> admin with admin reversed
> admin with admin and
> admin with nothing...
>
> i am not aware of 2k having the ability to have one account with multiple
> passwords... and if i am mistake how would i disable the other passwords.
>
> LiNE
> ---
>
-- Sergey Latkin Chief Technology Officer Pinnacle Health Group 1-(800)-492-7771 http://www.phg.com ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
- Previous message: sgt_b: "www.google.com reference in directory-traversal attack"
- In reply to: LiNERROR: "Re: more info on a hopefully unsuccessful compromise"
- Next in thread: Dial Joe: "RE: more info on a hopefully unsuccessful compromise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
