Bugtraq mailing list archives
NT User List Exploit
From: webroot () WEBROOT COM (webroot)
Date: Mon, 21 Apr 1997 18:31:53 -0400
I have found an interesting Microsoft "feature" that allows anyone running NT server as a domain controller to obtain a complete user listing, including group memberships, of any other NT server on the same network. Here's how it is done: 1. Connect an NT server to the same network as the target NT server. 2. From the USER MANAGER, create a trusting relashionship with the target. When prompted for a password, enter whatever you want; it doesn't matter. You will get a response stating that NT couldn't verify the trust (this is because of the invalid password). However, the target will now be on your trusting list. 3. Launch NT Explorer and right click on any folder. 4. Select SHARING. 5. From the SHARED window, select ADD. 6. From the ADD menu, select your target NT server. 7. You will now see the entire group listing of the target. And if you select SHOW USERS, you will see the entire user listing, including full names and descriptions. I have tested this exploit on three target NT servers running on different networks, all with successful results. With a user listing (including full names, descriptions and group memberships) a hacker now has valid accounts to attack. Obviously, this is a very serious problem. Because I have not yet been able to find a fix for this issue, any help would be greatly appreciated. Microsoft's incompetence never ceases to amaze me. Steve Thomas, Vice President Innovative Protection Solutions http://www.ips-corp.com/ webroot () webroot com
Current thread:
- NT User List Exploit webroot (Apr 21)