Re: Unwanted programs on Win2K
From: Gedi (gediintheuk@yahoo.co.uk)
Date: 02/05/03
- Previous message: Pez Mohr: "Re: Unwanted programs on Win2K"
- Maybe in reply to: ahaly@softhome.net: "Unwanted programs on Win2K"
- Next in thread: Tim Donahue: "RE: Unwanted programs on Win2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 5 Feb 2003 20:16:58 +0000 (GMT) From: Gedi <gediintheuk@yahoo.co.uk> To: security-basics@securityfocus.com
You can never fully secure a machine locally unless
you remove all the drives, pad lock it up, put it in a
sealed room with motion sensors in there.
Cracking the SAM file will only give you passwords
locally. That is they will give you full access to the
machine but not the network.
This topic is far to deep to start looking into all
the different methods of elievting privilidges, but if
all you want is the local admin rights the SAM will
provide you with that.
The repair file could be old or may not contain the
info you require.....as I said, you are lucky to be
able to get what you want from there...however, I have
done this a few times before when auditing some places
so it shows that some admins don't take care when
backing up
The SAM in /WINNT/system32/config will contain the
local passwords. However, if the machine is Win2K SP2
it will become much more difficult due to a few extra
security measures microsoft introduced. A bit of
research will reveal all.
There are many other ways.....you can extract from the
registry, you can set up sniffers capturing encripted
logon packets...you can set up holes via scripts to
run on an unsuspecting admin. You can expoloit current
software running on the machine and spawn root shells
from there....the list goes on and on and is changing
everyday.
I can't tell how to break into a particular system,
they are all different...I can guide you towards the
right way of thinking, and material to read up on.
Gedi
*apologies chris, the reply was acidentally sent to
you instead of the list*
--- Chris Berry <compjma@hotmail.com> wrote: > >From:
>
> Haven't heard of this one before. I have a SAM file
> in C:\winnt\repair but
> the permissions look ok, pretty much only the admin
> can get in there. I
> read a few NT webpages that say the solution to this
> security hole is to
> change the permissions. Does this mean I'm safe
> after all, or do I have a
> vulnerability here? (I'm using win2k)
>
> Chris Berry
> compjma@hotmail.com
> Systems Administrator
> JM Associates
>
> "For Sys Admins paranoia isn't a mental health
> problem, its a marketable job
> skill."
>
>
__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
- Next message: Jason Casey: "RE: VPN using Redhat Linux 8.0"
- Previous message: Pez Mohr: "Re: Unwanted programs on Win2K"
- Maybe in reply to: ahaly@softhome.net: "Unwanted programs on Win2K"
- Next in thread: Tim Donahue: "RE: Unwanted programs on Win2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
