Re: [Fwd: 22 *potential* Windows 2000 holes]

[Symon Thurlow <sthurlow () ATL CO NZ>]

> 12. Is it possible to write a program (like looking for MX records in DNS)
> to get a mail server, ldap server, etc. Then, it could be put in a nice
> graphical interface.

nslookup, or an ldap query

> 22. With Remote Installation Services, how does it know the computer is
> *really* on the network when it downloads the information to a new
machine?
> There are 4 things that are needed, this is a possible way of getting
> around this.
> DNS Records - do a full zone transfer mentioned above
> DHCP - Steal an IP or hijack an address.
> Active Directory - Can install it on the machine
> Answer file - make your own on a floppy and trojan it into the network (if
> it's downloading from the network).

You need to authenticate yourself against the AD before you can install an
image. The .sif file for each image has ACL's attached which is how you can
control who see's what to install.

As for DHCP, you can tell WIN2k dhcp to only accept requests from managed
pc's, that is computer accounts that you have entered the GUID for into the
AD. It will ignore requests from non-managed devices.

Symon