Penetration Testing mailing list archives
RE: Remote access and automatize user account creation (Windows XP)
From: "Paul Griggs" <Paul.Griggs () cadre net>
Date: Thu, 6 May 2010 15:25:03 -0400
Common local accounts on Windows workstations are absolutely AWESOME for pen testing! For security, they are a terrible idea. Don't do it. If you need an account to access the workstation, use an AD account. (You're not storing LANMan hashes, right?) -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of sbesson () ymail com Sent: Wednesday, May 05, 2010 1:53 PM To: pen-test () securityfocus com Subject: Remote access and automatize user account creation (Windows XP) Hello everybody, One of my client who has great needs in security, is asking me two questions which I wasn't able to answer to : 1. My client is looking for a remote access software (such as VNC) which could allow 2 simultaneous sessions on Windows XP SP3. Are you aware of any software like this ? Also, which one is the best regarding security ? 2. The support/exploitation IT department has been complaining about having to enter credentials during the installation of an XP image. They are asking my client to automatize the creation of 2 local accounts w/o having to enter any credentials. This means that the credentials used in order to create both account have to be stored somewhere right ? (ie, in a script). What are the best security practice regarding this ? How to automatize the creation of a ressource (user account, etc.) which require authentication w/o having to enter password ? Thanks in advance for your help. Best regards, S. AIBI ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ----------------------------------------- Notice: This e-mail message, together with any attachments, contains information of Cadre Computer Resources, Co. that may be confidential, proprietary, copyrighted and/or legally privileged, and is intended solely for the use of the individual or entity named on this message. If you are not the intended recipient, and have received this message in error, please immediately return this by e-mail and then delete it. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Remote access and automatize user account creation (Windows XP) sbesson (May 06)
- RE: Remote access and automatize user account creation (Windows XP) Paul Griggs (May 06)
- Re: Remote access and automatize user account creation (Windows XP) Shreyas Zare (May 06)
- Re: Remote access and automatize user account creation (Windows XP) TAS (May 06)
- Re: Remote access and automatize user account creation (Windows XP) Susan Bradley (May 06)
- Re: Remote access and automatize user account creation (Windows XP) aryasheel.pradhan (May 07)