Re: hacking win2kPro out of the box

[H Carvey <keydet89 () yahoo com>]

In-Reply-To: <285472c90412030724661edaf9 () mail gmail com>


> Does anyone have any information on common attacks for local
> priviledge escalation, and ways to secure against these?

Google is your friend:
http://www.google.com/search?hl=en&q=%22Windows+2000%22+OR+%22Win2K%22+AND+%22privilege+escalation%22

Also, Google for "ntpasswd".  

> The sort of thing I'm looking for is a detail of an attack, followed
> by the procedure(s) I would use to:
>
> a) recover from it if neccessary
> b) thwart future attacks of it's type.

The answer for "b" is easy...secure local access, in particular, physical access to the system.

Also, follow the configuration steps put forth over the ages:
1.  Minimalization - if you don't need it, don't run it.
2.  Principle of Least Privilege - If you have to run, run it as securely as possible.
3.  Patch.
4.  Monitor.

> I basically want to swap roles between hacker and sysadmin so I can
> learn more about the best of both worlds.

Again, start w/ Google. 

H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com