110 likes | 191 Views
Windows NT Security Holes. Windows NT is getting more popular. More and more companies use NT as their platform of the Internet.They also use NT as the platform of Intranet solution.Today we will discusses the most serious security holes of Windows NT operation system. Two Parts.
Windows NT Security Holes Windows NT is getting more popular. More and more companies use NT as their platform of the Internet.They also use NT as the platform of Intranet solution.Today we will discusses the most serious security holes of Windows NT operation system.
Two Parts 1.The first part is about security holes existing in NT server and workstation; 2. the second part talks about two security holes existing in browser and NT machine.
Part 1.Hole 1. How to get Administrator • Step 1. Rename c:\winnt\system32\logon.scr to logon.old • Step 2. Rename usrmgr.exe to logon.scr • Step 3. Restart your NT machine *Because logon.scr is existed in NT Startup Utility.It will be executed when Windows NT restart.And you will not be required to input your password.Usrmgr.exe can be executed,then you can join Administrator group.
Part 1.Hole 2.The second way to get Administrator right • Reinstall Windows NT operating system, The new operating system will cover the old operating system.Then you can config new system at your pleasure so that get Administrator right. * The situation will happen when somebody come in your Sever Center Room unlawful.
Part 1.Hole 3. How to get Password • In Windows NT workstation,anybody can use some special tools to read ADMINST.PWD (ADMINST.PWD is a encrpytion file) • In Windows9X.X Client,anybody can use some special tools to read ADMINST.PWL (ADMINST.PWL is a encrpytion file) *After you get password,you can get the right of Default Manager, especially it is easy to get in Windows9X.X Client.
Part 1.Hole 4. Remote access Registry • In Windows 9X.X Client and the source which can be shared by system manager, you can run REGEDIT.EXE,then you can access NT Sever alternately and remotely. *Because Registry’s default setting allow anybody create and full control it. So somebody can delete and change Registry.
Part 1.Hole 5.Anybody can access a resource in NT Domain • In command mode,anybody just enter ..\\IPaddress\C$ OR ..\\IPaddress\D$ OR ..\\IPaddress\WINNT$ then you can contact any shared resource in Windows NT Domain.
Part 1.Hole 6.How to kill a NT machine • You can use “Ping” command to kill a NT machine.NT can’t accept a large ICMP (Internet Control Messages Protocol) Package.If a Package is 64K,NT’s TCP/IP Stack will not work good and System will work offline until restart.So system will refuse some service. * Try this command,see what happen : “ ping -l 65524 host.domain.com”
Part 2.Hole 1.Browser’s Hole • There is a hole about all of browsers in NT & Win9X.X.When you want to view a HTML page,your browser will look for the page in your local drive at first-time.If your NT machine just is a SMB Sever,it will send username and password automatically. But you will never know what happen. * SMB is Service Message Block
Security Countermeasures. • Authenticating Users • Resource Access Control • Block unwanted TCP/IP Ports • Auditing and logging • Firewalls • Packet filters • Physical isolation • Etc,.
Thank you Author : BoYong Jiang Student ID #: 103016 Date: 06/03/2000