Re: the microsoft hack & windows 2000

[Lincoln Yeoh <lyeoh () POP JARING MY>]

At 02:13 AM 30-10-2000 -0500, Masial wrote:
> while having absolutely no rights on the source safe servers. Is it possible
> that Windows2000 will bring new shades in accounts hacking? How do you get
> out of a partial-admin account? Where can you elevate your privileges?

Just get the correct passwords? W2K has IE. And IE has the autocomplete
flaw for passwords. You can also sniff or keylog.

All you need to do is to write a custom trojan, test it on the publicly
available antivirus stuff out there, making sure it passes. Then figure out
a way of delivering it to the target site- I'm sure there are many ways,
Microsoft has conveniently provided many of them. Microsoft Lookout/Lookout
Express come to mind.

For communications the trojan just has to make outbound http connections,
utilizing the default internet proxy settings, and proxy passwords from the
autocomplete cache (or sniff for the passwords first if necessary). The
worm could then download further instructions/modules from 3rd party
guestbooks, web accessible USENET news archives or mailing list archives.

A bit of work to do it, but it doesn't look impossible.

Cheerio,
Link.