Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Access a remote registry

Re: Access a remote registry

From: H Carvey <keydet89_at_yahoo.com>
Date: 18 May 2001 16:39:26 -0000



> I'm checking the security of a Windows NT
server. I have first used Retina
> to get a general overview of the server, and
it has discovered that the
> Guest user has access to the registry.

This post brings up another issue...validation.
Retina reports that the Guest account is
allowed access to the Registry remotely...but
how is this validated.

ISS's Internet Scanner used (v5.8,v6.0) used to
report that the AutoAdminLogon functionality
existed if the value was set to '0', which
according to Microsoft is incorrect.
Rebooting the system proved this.

The point is...if a commercial tool reports a
vulnerability, and it's not able to be
replicated, then whom do you believe?
Received on May 18 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos