Home page logo

basics logo Security Basics mailing list archives

Re: Unwanted programs on Win2K
From: Gedi <gediintheuk () yahoo co uk>
Date: Wed, 5 Feb 2003 20:16:58 +0000 (GMT)

You can never fully secure a machine locally unless
you remove all the drives, pad lock it up, put it in a
sealed room with motion sensors in there.

Cracking the SAM file will only give you passwords
locally. That is they will give you full access to the
machine but not the network.

This topic is far to deep to start looking into all
the different methods of elievting privilidges, but if
all you want is the local admin rights the SAM will
provide you with that.

The repair file could be old or may not contain the
info you require.....as I said, you are lucky to be
able to get what you want from there...however, I have
done this a few times before when auditing some places
so it shows that some admins don't take care when
backing up

The SAM in /WINNT/system32/config will contain the
local passwords. However, if the machine is Win2K SP2
it will become much more difficult due to a few extra
security measures microsoft introduced. A bit of
research will reveal all.

There are many other ways.....you can extract from the
registry, you can set up sniffers capturing encripted 
logon packets...you can set up holes via scripts to
run on an unsuspecting admin. You can expoloit current
software running on the machine and spawn root shells
from there....the list goes on and on and is changing

I can't tell how to break into a particular system,
they are all different...I can guide you towards the
right way of thinking, and material to read up on.


*apologies chris, the reply was acidentally sent to
you instead of the list*

 --- Chris Berry <compjma () hotmail com> wrote: > >From:

Haven't heard of this one before.  I have a SAM file
in C:\winnt\repair but 
the permissions look ok, pretty much only the admin
can get in there.  I 
read a few NT webpages that say the solution to this
security hole is to 
change the permissions.  Does this mean I'm safe
after all, or do I have a 
vulnerability here?  (I'm using win2k)

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"For Sys Admins paranoia isn't a mental health
problem, its a marketable job 

Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]