Vulnerability Development mailing list archives
Re: Plain text password for Microsoft (icwip.dun)
From: "Roland Postle" <mail () blazde co uk>
Date: Tue, 9 Jul 2002 18:53:22 +0100
When a user wishes to access the internet but doesn't have a specific ISP in mind a user a can use microsofts connection wizzard to download a list of ISPs. This wizzard dials to a free phone number stored in phone.icw and then uses one of the icw*.dun files to authenicate itself to the network (depending on where in the world you are depends on which icw*.dun dile is used) Under normal circumstances the connection wizzard connects to ispreferals.microsoft.com (207.46.152.15) and downloads a list of local ISP's via series of cab files stored in various 4 letter directories on the server. The username stored in the icw*.dun file is "icw5 () gn microsoft com" and the password is "icw5". One of the dial up servers connected to was tnt59.lnd1.uk.uudial.net. As you can see this is not a microsoft machine but it does allow you to access various microsoft machines. (If you are in the UK you connect to the science park in Cambridge, one of Microsofts research centers). Recommendations --------------- Store passwords in an encrypted form
I investigated this a couple of years back. If I remember correctly the freephone connection you get is extremely limited. I could access about 3 hosts, do a DNS lookup and download the cab files you mention. I couldn't find any way to break out of it, (though I was a bit clueless back then). If anyone's poked around with some more success I'd love to hear about it. As for storing the plain text passwords of regular .ins files, I agree it's not ideal. But, given that ISPs love to give you a personalised .ins file with your username/password in it, and it's not a mamoth task to extract them from the registry, or from the connect dialog box, it doesn't seem worth worrying about. - Blazde
Current thread:
- Plain text password for Microsoft (icwip.dun) Steven Jones (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Roland Postle (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Knud Erik Højgaard (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Roland Postle (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Knud Erik Højgaard (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) hellNbak (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Valdis . Kletnieks (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) hellNbak (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Blue Boar (Jul 09)
- Palladium dullien (Jul 10)
- Malicious COM Surrogates Jason Coombs (Jul 29)
- Re: Plain text password for Microsoft (icwip.dun) Roland Postle (Jul 09)
- Re: Plain text password for Microsoft (icwip.dun) Joerg Mayer (Jul 09)