Re: Anonymous Access - NOTHING ABOUT IIS
From: Steven L Umbach (n9rou@attbi.com)
Date: 01/22/03
- Next message: mac: "W2K Poweruser needs to install software"
- Previous message: Karl Levinson [x y] mvp: "Re: Unable to access FTP directory"
- In reply to: Karl Levinson [x y] mvp: "Re: Anonymous Access - NOTHING ABOUT IIS"
- Next in thread: Karl Levinson [x y] mvp: "Re: Anonymous Access - NOTHING ABOUT IIS"
- Reply: Karl Levinson [x y] mvp: "Re: Anonymous Access - NOTHING ABOUT IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Steven L Umbach" <n9rou@attbi.com> Date: Wed, 22 Jan 2003 16:18:10 GMT
Here is another good one dumpsec. Set up a null session and it can
give all kinds of tabulated reports. --- Steve
http://www.somarsoft.com/somarsoft_main.htm
"Karl Levinson [x y] mvp" <jamescagney90210@excite.com> wrote in message
news:eGox1KiwCHA.2472@TK2MSFTNGP12...
> PS download GETACCT from www.securityfriday.com to see how a hacker can
get
> a list of the login IDs, user names and share names etc. on your computers
> anonymously. Consider searching www.google.com or
www.microsoft.com/support
> for RestrictAnonymous [or RestrictAnonymousSam for XP] to learn how to
> harden Netbios null sessions. And be sure you're using a firewall on your
> internet connection.
>
> http://securityadmin.info/faq.htm#harden
> http://securityadmin.info/faq.htm#firewall
>
>
> "Steven L Umbach" <n9rou@attbi.com> wrote in message
> news:eCwX9.1566$nK6.1051@rwcrnsc53...
> > Here is a link that helped me understand it better. --- Steve
> >
> > http://www.sans.org/rr/win/null.php
> >
> > "Ondřej Ševeček" <ondrej.sevecek@centrum.cz> wrote in message
> > news:ePmTE5fwCHA.616@TK2MSFTNGP11...
> > > Hello,
> > > I don't understand the term "anonymous access" and the way one can
> reach
> > > this credentials on windows2000.
> > >
> > > I already know this:
> > >
> > > - built-in group "everyone" CONTAINS "anonymous user"
> > > - built-in group "authenticated users" DOESN'T CONTAIN "anonymous
user"
> > > - "...\LSA\RestrictAnonymous" is registry key for disabling membership
> in
> > > "everyone" for "anonymous user"
> > > - there are some other GPO settings about "anonymous user" such as
> > "Disable
> > > anonymous access to registry keys", "Disable anonymous SAM
enumeration",
> > ...
> > >
> > > My question is:
> > >
> > > - when, why, where and which way one can gain this credentials and
will
> > > therefore act as "anonymous user".
> > > - what services, programs, and systems use this method for access to
> > > resources.
> > > - how can one create program to impersonate with this credentials.
> > >
> > > Many thanks in advance.
> > > Ondrej Sevecek.
> > >
> > >
> > >
> > >
> >
> >
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.443 / Virus Database: 248 - Release Date: 1/10/2003
>
>
- Next message: mac: "W2K Poweruser needs to install software"
- Previous message: Karl Levinson [x y] mvp: "Re: Unable to access FTP directory"
- In reply to: Karl Levinson [x y] mvp: "Re: Anonymous Access - NOTHING ABOUT IIS"
- Next in thread: Karl Levinson [x y] mvp: "Re: Anonymous Access - NOTHING ABOUT IIS"
- Reply: Karl Levinson [x y] mvp: "Re: Anonymous Access - NOTHING ABOUT IIS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
