Security Basics mailing list archives

Re: Unwanted programs on Win2K

From: Gedi <gediintheuk () yahoo co uk>
Date: Wed, 5 Feb 2003 20:16:58 +0000 (GMT)

You can never fully secure a machine locally unless
you remove all the drives, pad lock it up, put it in a
sealed room with motion sensors in there.

Cracking the SAM file will only give you passwords
locally. That is they will give you full access to the
machine but not the network.

This topic is far to deep to start looking into all
the different methods of elievting privilidges, but if
all you want is the local admin rights the SAM will
provide you with that.

The repair file could be old or may not contain the
info you require.....as I said, you are lucky to be
able to get what you want from there...however, I have
done this a few times before when auditing some places
so it shows that some admins don't take care when
backing up

The SAM in /WINNT/system32/config will contain the
local passwords. However, if the machine is Win2K SP2
it will become much more difficult due to a few extra
security measures microsoft introduced. A bit of
research will reveal all.

There are many other ways.....you can extract from the
registry, you can set up sniffers capturing encripted 
logon packets...you can set up holes via scripts to
run on an unsuspecting admin. You can expoloit current
software running on the machine and spawn root shells
from there....the list goes on and on and is changing
everyday.

I can't tell how to break into a particular system,
they are all different...I can guide you towards the
right way of thinking, and material to read up on.

Gedi

*apologies chris, the reply was acidentally sent to
you instead of the list*


 --- Chris Berry <compjma () hotmail com> wrote: > >From:


Haven't heard of this one before.  I have a SAM file
in C:\winnt\repair but 
the permissions look ok, pretty much only the admin
can get in there.  I 
read a few NT webpages that say the solution to this
security hole is to 
change the permissions.  Does this mean I'm safe
after all, or do I have a 
vulnerability here?  (I'm using win2k)

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"For Sys Admins paranoia isn't a mental health
problem, its a marketable job 
skill."



__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

Current thread:

RE: Unwanted programs on Win2K, (continued)
- - - RE: Unwanted programs on Win2K dave (Feb 06)
- RE: Unwanted programs on Win2K Harris Samuel W PORT (Feb 04)
  - Re: Unwanted programs on Win2K Meritt James (Feb 05)
- RE: Unwanted programs on Win2K Chris Berry (Feb 04)
- RE: Unwanted programs on Win2K Mike Heitz (Feb 05)
  - RE: Unwanted programs on Win2K Simon Taplin (Feb 05)
- RE: Unwanted programs on Win2K Chris Berry (Feb 05)
  - Re: Unwanted programs on Win2K Meritt James (Feb 05)
- RE: Unwanted programs on Win2K H C (Feb 05)
  - RE: Unwanted programs on Win2K James Kelly (Feb 06)
- Re: Unwanted programs on Win2K Gedi (Feb 05)
- RE: Unwanted programs on Win2K Tim Donahue (Feb 05)
- RE: Unwanted programs on Win2K Tim Donahue (Feb 07)