Penetration Testing mailing list archives

RE: Remote access and automatize user account creation (Windows XP)

From: "Paul Griggs" <Paul.Griggs () cadre net>
Date: Thu, 6 May 2010 15:25:03 -0400

Common local accounts on Windows workstations are absolutely AWESOME for
pen testing!  For security, they are a terrible idea.  Don't do it.

If you need an account to access the workstation, use an AD account.

(You're not storing LANMan hashes, right?)

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of sbesson () ymail com
Sent: Wednesday, May 05, 2010 1:53 PM
To: pen-test () securityfocus com
Subject: Remote access and automatize user account creation (Windows XP)

Hello everybody,



One of my client who has great needs in security, is asking me two
questions which I wasn't able to answer to :





1. My client is looking for a remote access software (such as VNC) which
could allow 2 simultaneous sessions on Windows XP SP3. Are you aware of
any software like this ? Also, which one is the best regarding security
?



2. The support/exploitation IT department has been complaining about
having to enter credentials during the installation of an XP image. They
are asking my client to automatize the creation of 2 local accounts w/o
having to enter any credentials.

This means that the credentials used in order to create both account
have to be stored somewhere right ? (ie, in a script). What are the best
security practice regarding this ? How to automatize the creation of a
ressource (user account, etc.) which require authentication w/o having
to enter password ? 



Thanks in advance for your help.



Best regards,



S. AIBI


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


-----------------------------------------
Notice: This e-mail message, together with any attachments,
contains information of Cadre Computer Resources, Co. that may be
confidential, proprietary, copyrighted and/or legally privileged,
and is intended solely for the use of the individual or entity
named on this message.  If you are not the intended recipient, and
have received this message in error, please immediately return this
by e-mail and then delete it.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Remote access and automatize user account creation (Windows XP) sbesson (May 06)
- RE: Remote access and automatize user account creation (Windows XP) Paul Griggs (May 06)
- Re: Remote access and automatize user account creation (Windows XP) Shreyas Zare (May 06)
- Re: Remote access and automatize user account creation (Windows XP) TAS (May 06)
- Re: Remote access and automatize user account creation (Windows XP) Susan Bradley (May 06)
- Re: Remote access and automatize user account creation (Windows XP) aryasheel.pradhan (May 07)