Security issue??

Well, he could have used a clever service (that runs as system which has compleate control) to run cmd, which would give him compleate access to every thing and could run the user management thing and then give him self admin rights, not exacly hard.
 >> Stay informed about: Security issue?? 

You ask how he could run a program via a service? well, he could have found a service exe that he can change stuff, and replace the exe. If this is not the case, it can be a bit more tricky, he would have had to find a way to run a program as system with out going though a service.
 >> Stay informed about: Security issue?? 

Could you give me an actual example of how this could have been done , using
an actual running service?? I'm just not sure how he could have run
"command" from within the service in order to run the managment console to
give himself admin rights...

My guess is he must have hacked the password but you never know...

"Sparda" wrote in message

> "Sparda" wrote:
> > Well, he could have used a clever service (that runs as system
> > which has compleate control) to run cmd, which would give him
> > compleate access to every thing and could run the user
> > management thing and then give him self admin rights, not
> > exacly hard.
>
> You ask how he could run a program via a service? well, he could have
> found a service exe that he can change stuff, and replace the exe. If
> this is not the case, it can be a bit more tricky, he would have had
> to find a way to run a program as system with out going though a
> service.
>
> Posted Via Usenet.com Premium Usenet Newsgroup Services
> ----------------------------------------------------------
> ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
> ----------------------------------------------------------
> http://www.usenet.com
 >> Stay informed about: Security issue?? 

Brad Pears wrote:

> Could you give me an actual example of how this could have been done ,
> using an actual running service?? I'm just not sure how he could have
> run "command" from within the service in order to run the managment
> console to give himself admin rights...
>
> My guess is he must have hacked the password but you never know...

Why bother to mess around with services or anything that elaborate?
Simply boot with NTpasswd and change the Administrator password to a
blank. Then log in and do whatever you want. Takes less than 5 minutes.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
 >> Stay informed about: Security issue?? 

Sparda wrote:
> *"Sparda" wrote:
> > Well, he could have used a clever service (that runs as system
> > which has compleate control) to run cmd, which would give him
> > compleate access to every thing and could run the user
> > management thing and then give him self admin rights, not
> > exacly hard.
>
> You ask how he could run a program via a service? well, he could
> have
> found a service exe that he can change stuff, and replace the exe.
> If
> this is not the case, it can be a bit more tricky, he would have had
> to find a way to run a program as system with out going though a
> service.
>
> Posted Via webservertalk.com Premium Usenet Newsgroup Services
> ----------------------------------------------------------
> ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
> ----------------------------------------------------------
> http://www.webservertalk.com *


Hi.
Dead easy, all he has to do is obtain a copy of the "system" & "sam"
files in the winnt/system32/config folder using a win98 boot disc & a
programme to copy the 2 files. He can then either extract the password
hashes & brute force them to get the password (takes a LONG time if a
strong password is used) or (much quicker) post the hashes onto a
certain site that has already decoded ALL possible hash combinations
(they use something called rainbow tables) then they compare your
hashes with the ones contained in the tables & tell you what the
corresponding password is).
OR... he could have logged into the admin account in safe mode.... you
DID put a password on it, didn't you??? (This account has no password
unless you set one.

Regards

CReWdog.



--
CReWdog
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message1836564.html
 >> Stay informed about: Security issue?? 

Well, the example that stuck in my mind was that at my High school, Nortan antivirus couldnt update because it couldnt write to the hard drive, so the school admins in all there wisedome allowed every one to write to that folder, in cluding the noroton system monitor. So as you do, it wrote a wee vb program thats soul pupose was to run cmd... as system, so replacing the system monitor with my vb program... you see where im going with this.
 >> Stay informed about: Security issue?? 

Never heard of booting with NTpasswd - is that some sort of utility ?? I
know you can boot to the recovery console etc.. but you need admin password
for that...

Please elaborate!

Thanks,

Brad

"Malke" wrote in message

> Brad Pears wrote:
>
>> Could you give me an actual example of how this could have been done ,
>> using an actual running service?? I'm just not sure how he could have
>> run "command" from within the service in order to run the managment
>> console to give himself admin rights...
>>
>> My guess is he must have hacked the password but you never know...
>
> Why bother to mess around with services or anything that elaborate?
> Simply boot with NTpasswd and change the Administrator password to a
> blank. Then log in and do whatever you want. Takes less than 5 minutes.
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
 >> Stay informed about: Security issue?? 

Brad Pears wrote:

> Never heard of booting with NTpasswd - is that some sort of utility ?? I
> know you can boot to the recovery console etc.. but you need admin password
> for that...
>
> Please elaborate!
>
Hi,

http://home.eunet.no/~pnordahl/ntpasswd/



--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx
 >> Stay informed about: Security issue?? 

Yes, I did put a password on the admin account. I have heard of what you
mentioned there regarding sending your files to a website and they'll tell
you what the password is... I tried that once before for a machine I could
not figure out the admin password on, had to run a utility that copied the
two files to floppy (likely the ones you mentioned) , then posted those two
files to the website and about a day later, I had the password. It worked
quite well actually!!!

Thanks for the input...

"CReWdog" wrote in message

>
> Sparda wrote:
>> *"Sparda" wrote:
>> > Well, he could have used a clever service (that runs as system
>> > which has compleate control) to run cmd, which would give him
>> > compleate access to every thing and could run the user
>> > management thing and then give him self admin rights, not
>> > exacly hard.
>>
>> You ask how he could run a program via a service? well, he could
>> have
>> found a service exe that he can change stuff, and replace the exe.
>> If
>> this is not the case, it can be a bit more tricky, he would have had
>> to find a way to run a program as system with out going though a
>> service.
>>
>> Posted Via webservertalk.com Premium Usenet Newsgroup Services
>> ----------------------------------------------------------
>> ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY **
>> ----------------------------------------------------------
>> http://www.webservertalk.com *
>
>
> Hi.
> Dead easy, all he has to do is obtain a copy of the "system" & "sam"
> files in the winnt/system32/config folder using a win98 boot disc & a
> programme to copy the 2 files. He can then either extract the password
> hashes & brute force them to get the password (takes a LONG time if a
> strong password is used) or (much quicker) post the hashes onto a
> certain site that has already decoded ALL possible hash combinations
> (they use something called rainbow tables) then they compare your
> hashes with the ones contained in the tables & tell you what the
> corresponding password is).
> OR... he could have logged into the admin account in safe mode.... you
> DID put a password on it, didn't you??? (This account has no password
> unless you set one.
>
> Regards
>
> CReWdog.
>
>
>
> --
> CReWdog
> ------------------------------------------------------------------------
> Posted via http://www.mcse.ms
> ------------------------------------------------------------------------
> View this thread: http://www.mcse.ms/message1836564.html
>
 >> Stay informed about: Security issue??