Vulnerability Development mailing list archives
Re: [Fwd: 22 *potential* Windows 2000 holes]
From: Symon Thurlow <sthurlow () ATL CO NZ>
Date: Mon, 21 Aug 2000 17:15:48 +1200
12. Is it possible to write a program (like looking for MX records in DNS) to get a mail server, ldap server, etc. Then, it could be put in a nice graphical interface.
nslookup, or an ldap query
22. With Remote Installation Services, how does it know the computer is *really* on the network when it downloads the information to a new
machine?
There are 4 things that are needed, this is a possible way of getting around this. DNS Records - do a full zone transfer mentioned above DHCP - Steal an IP or hijack an address. Active Directory - Can install it on the machine Answer file - make your own on a floppy and trojan it into the network (if it's downloading from the network).
You need to authenticate yourself against the AD before you can install an image. The .sif file for each image has ACL's attached which is how you can control who see's what to install. As for DHCP, you can tell WIN2k dhcp to only accept requests from managed pc's, that is computer accounts that you have entered the GUID for into the AD. It will ignore requests from non-managed devices. Symon
Current thread:
- [Fwd: 22 *potential* Windows 2000 holes] Blue Boar (Aug 17)
- Re: [Fwd: 22 *potential* Windows 2000 holes] Timothy J. Miller (Aug 18)
- <Possible follow-ups>
- Re: [Fwd: 22 *potential* Windows 2000 holes] Symon Thurlow (Aug 21)