Bugtraq mailing list archives
un-removable user custom user managment tool
From: John Lange <lists () DARKCORE NET>
Date: Thu, 7 Sep 2000 12:01:51 -0500
Several people have asked me for the tool I used to add user names with invalid characters so here it is. Unzip it and put both files in an IIS directory with "execute" permissions and then open the html page in your browser. While the tool shows several buttons, the only one that works is the portion for adding users. It will give an error after it adds the user but it does work. Just hit back on your browser and refresh the page. Do NOT try this on a server that needs to be secure. Credit for this code goes to Jeff Also. I should also like to point out that the "un-removable user vulnerability" as I originally posted it is really more of a bug with some possible security implications. Some people seem to have gotten very upset with the use of the word "vulnerability" so perhaps it wasn't the best choice of words. Just to clarify, this "bug" in WindowsNT allows users to be added which can not be removed using the regular WindowsNT GUI User Management tool. Other people have reported that the user can be removed using "net user <username> /delete", but I have not been able to reproduce this in my testing. I want to make it clear that I have a very limited ability to test these things since we don't run WindowsNT servers. I only have a single machine that runs WindowsNT workstation for testing. In my original post I stated that unless you have special tools, you would have to rebuild the machine to remove the user. I still believe this to be true but others have said this is not true and I hope they are correct. As far as I'm aware, the only 2 ways to add users (without custom tools) on NT is via the GUI, or the "net user command". Neither of these will allow you to remove users with special characters in their names. Let me say again, "using the normal WindowsNT User Management Interface". There is a multitude of other ways to do this so please don't email me telling me about them because that is exactly the point of this post; You have to resort to special methods to remove (or add) users. That can potentially be a problem for NT administrators. John Lange johnl () clearoption com Clear Option Technologies
Attachment:
webadmin.zip
Description:
Current thread:
- un-removable user custom user managment tool John Lange (Sep 07)