Re: Creating file on login

From: Vishal (dhrakol_at_myrealbox.com)
Date: 11/27/03

  • Next message: Depp, Dennis M.: "RE: Samba" 
    Date: Thu, 27 Nov 2003 14:33:54 -0500
To: Fausto <security-basics@securityfocus.com>

    Hi Fausto

    Thursday, November 27, 2003, 6:34:46 AM, you wrote:

    F> I have a system that when one try to login it create a file with the
    F> name of the user that tried to log.
    F> The problem is that if the do not exists the system creates the file
    F> with the invalid user...
    F> Can we do some exploit in this case...??
    F> Is this problem dangerous...
    F> Fausto Catvalho

    Many questions spring to mind. To start with:

    1. What kind of system is it?
    2. What kind of file is created? text/binary..what format?
    3. Where is it created?
    4. What are the default access controls on this particular location? And on the file
    itself?
    5. Is the system connected to a network? What kind of network? Who can access
    this system?

    This problem could have many many answers depending on context...

    Cheers, 

    -- 
Vishal
 
---------------------------------------------------------------------------
----------------------------------------------------------------------------
  • Next message: Depp, Dennis M.: "RE: Samba"

    Relevant Pages

    • Re: priviledge escalation techniques
      ... you've all the tools you need, and you can install additional ones (to ... If I press that BEFORE login, a CLI as SYSTEM is started, I can launch ... If the network is switched, perhaps you need an ARP poisoning tool. ... switches) in such a way that you can fool an ARP poisoning attempt. ...
      (Pen-Test)
    • Re: Slow Login with Cached Credentials
      ... might relate to my issue of "Slow Login with Cached Credentials" ... Of course when they are on the network and there is a domain controller ... in the event log. ... REM Disconnect existing network mappings - do not prompt the user ...
      (microsoft.public.windowsxp.general)
    • Automatically Login to a Domain
      ... accessing network drives or print servers). ... after using the standard CE domain login dialog, ... The credential manager code is also shown at the bottom of this post: ... // setup the remote name which will be my domain name e.g. MYDOMAIN ...
      (microsoft.public.windowsce.app.development)
    • Re: Workstation Locked out!
      ... the domain Administrator account, ... Have you tried to log in with the local Administrator account using a blank ... When you go to the ctrl+alt+del login screen on the workstation and click ... I tried to connect an old XP pro box to the network using the connect ...
      (microsoft.public.windows.server.sbs)
    • Slow Login with Cached Credentials
      ... I am having an issue with many XP SP2 Dell Lattitude D6xx laptops. ... Of course when they are on the network and there is a domain controller ... All laptop users have both a login and logoff script (assigned via GPO to the ... REM Disconnect existing network mappings - do not prompt the user ...
      (microsoft.public.windowsxp.network_web)