NetOP School Admin Vulnerability for Windows 2000 Terminal Services and NT4

[Jesse Smythe <trick0rdaddy () hotmail com>]

NetOp School, a program for screen broadcast and 
remote
control of Windows 3.1x, Windows 9x, Windows NT 
and Windows 2000 PCs
(including support for Windows 2000 Terminal 
Services and NT4
Terminal Server Edition) across NetBIOS, IPX and 
TCP/IP.

The problem arises in the way that netOP handles no 
authorised users. When netop school is installed on 
a local area network, Full control of the network and 
all work stations can be taken.

The method is as follows...

By default when a user logs into a workstation the 
student version of netop is run. If a user (student) 
attempts to execute the admin version of NetOP then 
the required password dialog will appear and the user 
will need to know that password if they wish to run 
the program. The flaw is in the way the program 
reacts when the student version isnt running. For 
example a student can use any type of task manager 
to kill the student version and when he or she goes to 
open the admin version all security checks and 
password dialogs are bypassed.

This gives the student or non-authorised user full 
access to any workstation loged in to the network. It 
also allows users to "spy" on anybody in the network.

This has huge implications for System Administrators 
who need to protect data, and for students and 
teachers that require privacy.




This hole has been tested on the Latest version, 
NetOp School, version 1.5

Regards Jesse Smythe