Security Basics mailing list archives
Re: Unwanted programs on Win2K
From: Gedi <gediintheuk () yahoo co uk>
Date: Wed, 5 Feb 2003 20:16:58 +0000 (GMT)
You can never fully secure a machine locally unless you remove all the drives, pad lock it up, put it in a sealed room with motion sensors in there. Cracking the SAM file will only give you passwords locally. That is they will give you full access to the machine but not the network. This topic is far to deep to start looking into all the different methods of elievting privilidges, but if all you want is the local admin rights the SAM will provide you with that. The repair file could be old or may not contain the info you require.....as I said, you are lucky to be able to get what you want from there...however, I have done this a few times before when auditing some places so it shows that some admins don't take care when backing up The SAM in /WINNT/system32/config will contain the local passwords. However, if the machine is Win2K SP2 it will become much more difficult due to a few extra security measures microsoft introduced. A bit of research will reveal all. There are many other ways.....you can extract from the registry, you can set up sniffers capturing encripted logon packets...you can set up holes via scripts to run on an unsuspecting admin. You can expoloit current software running on the machine and spawn root shells from there....the list goes on and on and is changing everyday. I can't tell how to break into a particular system, they are all different...I can guide you towards the right way of thinking, and material to read up on. Gedi *apologies chris, the reply was acidentally sent to you instead of the list* --- Chris Berry <compjma () hotmail com> wrote: > >From:
Haven't heard of this one before. I have a SAM file in C:\winnt\repair but the permissions look ok, pretty much only the admin can get in there. I read a few NT webpages that say the solution to this security hole is to change the permissions. Does this mean I'm safe after all, or do I have a vulnerability here? (I'm using win2k) Chris Berry compjma () hotmail com Systems Administrator JM Associates "For Sys Admins paranoia isn't a mental health problem, its a marketable job skill."
__________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
Current thread:
- RE: Unwanted programs on Win2K, (continued)
- RE: Unwanted programs on Win2K dave (Feb 06)
- RE: Unwanted programs on Win2K Harris Samuel W PORT (Feb 04)
- Re: Unwanted programs on Win2K Meritt James (Feb 05)
- RE: Unwanted programs on Win2K Chris Berry (Feb 04)
- RE: Unwanted programs on Win2K Mike Heitz (Feb 05)
- RE: Unwanted programs on Win2K Simon Taplin (Feb 05)
- RE: Unwanted programs on Win2K Chris Berry (Feb 05)
- Re: Unwanted programs on Win2K Meritt James (Feb 05)
- RE: Unwanted programs on Win2K H C (Feb 05)
- RE: Unwanted programs on Win2K James Kelly (Feb 06)
- Re: Unwanted programs on Win2K Gedi (Feb 05)
- RE: Unwanted programs on Win2K Tim Donahue (Feb 05)
- RE: Unwanted programs on Win2K Tim Donahue (Feb 07)