RE: NT4, IPC$, and password hashes
From: Mark L. Jackson (codewizard@hotpop.com)Date: 07/29/02
- Previous message: Garcia, Nicholas A: "RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?"
- In reply to: RUSSELL T. LEWIS: "NT4, IPC$, and password hashes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mark L. Jackson" <codewizard@hotpop.com> To: "RUSSELL T. LEWIS" <RUSSELL_T._LEWIS@spectralresponse.com>, <security-basics@securityfocus.com> Date: Mon, 29 Jul 2002 14:54:08 -0700
// I've got an NT 4 SP6a Workstation that I'm hardening and
// I've patched it all the
// way with HFNETCHK, and done ton of registry hacks, turned
// off services, etc.
...and they would be?
// However, if I type \\COMPUTERNAME on my network I can get a
// IPC$ and LoftCrack3
// can extract the password hash, which I've already cracked
// the lanman hash. The
// crack DID take forever (17days 5hrs 27min) on a p4 2.53GHz
// over clocked to 2.75
// GHz, but I don't like the fact that the hash can be obtained.
were you logged in as an admin?
//
// How do I prevent LC3, or anyone from getting the password hash?
// I did a few registry entries that were supposed to restrict
// remote registry, but
// it seems that didn't work, or isn't enough.
did you set 'enumerate shares' to restrict anon?
Did you also try to get the C$, ADMIN$, IPC$, LPT$ through 'net use'?
What does 'net share' show?
Have you tried using policy editor?
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/colum
ns/inside/12-20-99.asp (might break, go to the backtalk section)
- Previous message: Garcia, Nicholas A: "RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comments?"
- In reply to: RUSSELL T. LEWIS: "NT4, IPC$, and password hashes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
