Vulnerability Development mailing list archives
Re: is this something?
From: ghandi <ghandi () DOPESQUAD NET>
Date: Wed, 17 Jan 2001 14:35:45 -0700
I did some testing on a Win2k Pro machine (same version numbers as in the
original post) with NTLM authentication turned off. It seems that the
telnet server ignores any backslashes. I could log in with 'ghandi',
'\ghandi', '\\ghandi', '\\\ghandi', etc. I then disabled the account and
couldn't log in with/without slashes. So it doesn't allow access to
disabled accounts.
I then started playing with the guest account. Once I set a password and
enabled the account, I wasn't able to log in with 'guest' ("Login through
Guest account not allowed"), but I WAS able to log in with '\guest',
'\\guest', '\\\\guest', etc. It seems that the telnet server disallows
any logins with username == "guest", but because '\' characters are
skipped or ignored in the username, with the correct password, the guest
account can be used through telnet.
I guess someone should notify MS (Ron?) if this isn't already known.
On Wed, 17 Jan 2001, George Milliken wrote:
Do you have a server named \\guest ? George Milliken www.farm9.com -----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of sween Sent: Tuesday, January 16, 2001 10:29 PM To: VULN-DEV () SECURITYFOCUS COM Subject: is this something? I usually just browse through the messages on this list to play with peoples neat sploits and such...im going to get brave and post something I found playing around this evening... your thoughts on this: WINDOWS 2000Pro, Telnet service started with NTLM turned off... $ telnet 192.168.0.1 Trying 192.168.0.1... Connected to 192.168.0.1. Escape character is '^]'. Microsoft (R) Windows (TM) Version 5.00 (Build 2195) Welcome to Microsoft Telnet Service Telnet Server Build 5.00.99201.1 login: guest Login through Guest account not allowed login: \\guest password: *=============================================================== Welcome to Microsoft Telnet Server. *=============================================================== C:\> UNC dealy? misconfig? lack of config? lack of coffee? Thank you for your time. Ron Sweeney -sween --- | M | http://www.modelm.org --- "clickity, clack."
--
ghandi / ghandi () dopesquad net / www.dopesquad.net
"Bein' Crazy is the least of my worries." - Jack Kerouac
C439 2B06 D8D2 A2D8 1ABB 0A55 A61D 9057 63F5 9B1F
Current thread:
- is this something? sween (Jan 17)
- Re: is this something? George Milliken (Jan 17)
- Re: is this something? ghandi (Jan 17)
- Re: is this something? Phil Cox (Jan 17)
- Re: is this something? Mike Sues (Jan 18)
- Re: is this something? Morten Johansen (Jan 17)
- Re: is this something? Korhan Gurler (Jan 17)
- Re: is this something? Philip Stoev (Jan 17)
- Re: is this something? Sven Michels (Jan 17)
- Re: is this something? Steve (Jan 18)
- <Possible follow-ups>
- Re: is this something? NetW3.COM Consulting (Jan 17)
- Re: is this something? Samuel festus Stover (Jan 17)
- Re: is this something? Samuel festus Stover (Jan 18)
(Thread continues...)
- Re: is this something? George Milliken (Jan 17)