的 任 何 人), 或 者 在 访 问 ERD 更 新 盘 时 执 行 (缺 省 地, 包 括 任 何 人)。 例 如, 如 果 一 个 用 户 是 Administrator 组 的 成 员, 当 他 在 系 统 上 工 作 时, 特 洛 伊 木 马 可 能 做 出 任 何 事 情。
减 小 风 险 的 建 议: 所 有 具 有 Administrator 和 备 份 特 权 的 帐 户 绝 对 不 能 浏 览 Web。 所 有 的 帐 户 只 能 具 有 User 或 者 Power User 组 的 权 限。
(原加贴日期7月8日)
Rdisk是NT提供的紧急修复磁盘工具,对于Administrator来说,It's a good tool。但是对于系统而言,这个漏洞也实在??实在??
用户可利用Rdisk将所有的安全信息(口令和注册信息)放在c:\\winnt4\\repair中 由此,攻击者用一些工具在几个小时之内就可以获得口令
你的系统可就??嘿嘿
至于破NT口令的工具嘛,很多,以后再介绍吧
你可以自己运行一下Rdisk /s,然后去你的c:\\winnt4\\repair目录下看看。
NT安全技术Tips之五
关键词:NT, 计算机安全
(原文加贴于1999年7月5日CHINA ASP安全技术版) COMMAND
LSASS (or WinLogon)
SYSTEMS AFFECTED
WinNT
PROBLEM
Martin Wolf found following. He has discovered what seems to be a
bug in Windows NT, with possible security consequences. Specifically, it would allow any user with local access to a machine, as long as they have write access to the root directory of the boot partition, to install a Trojan horse which is then
executed whenever someone logs on locally. The problem is that when this partition (the one containing %systemroot%) contains a
file such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or
TASKMGR.EXE, that file will be executed instead of the one in the
%systemroot% or %systemroot%\\system32 directory. This can be easily demonstrated:
1. Copy an executable file (CALC.EXE will do) to the rootdir. 2. Rename the file to NDDEAGNT.EXE.
3. Log off, and log on again as the same or a different user.
The Calculator program will now start immediately, using the security privileges of the logged-on user (OK, bad example..).
This behaviour seems to occur on any out-of-the-box NT4 installation, even with SP4, although obviously it can only be exploited by someone with write access to the specified location.
It also works with TASKMGR.EXE, but only when the task manager is started using Ctrl-Alt-Del, not when it is started from the taskbar. This suggests the problem lies with Winlogon or the LSASS subsystem.
SOLUTION
Surely, use NTFS and set up permission. MS responded that the system should be configured so that ordinary users do not have write access to the root directory. This is obviously true; however, it still seems to be a bug, as in \ expected behaviour\ Also, it does not work on all machines even when the attacker does have write access to the system boot partition, but not yet sure exactly where the problem lies.
NT安全技术Tips之六
关键词:NT, 计算机安全
(原文加贴于1999年7月6日CHINA ASP安全技术版)
For those of you that have too many IIS machines to yank this off by hand here is some vb code to set your IIS metabase remotely... VB 5.0 sp3 IIS Resource kit installed -- Metabase editor utility from resource kit needs to be installed.
Have fun! You can set all of you metabase up with the tools mentioned above. :-)
--------------------------------------------------------------------------------
'The subs I put in Modules handles the App Mappings tab of the 'application configuration screen Sub AppMappings(ByRef IIS)
'delete all existing script paths
Call DeleteAllLowerProperties(IIS, \
'the only thing changed on scripts maps is htm & html mapped to 'asp.dll and removed the ism.dll mapping newscriptmaps =
Array(\\\\\\\\
\\
\\\
IIS.PutEx 2, \
IIS.SetInfo
End Sub
Sub DeleteAllLowerProperties(ByRef IIS, ByVal PropertyName)
'delete all existing script paths
PathList = IIS.GetDataPaths(PropertyName, 1)
If Err.Number <> 0 Then
For Each Path In PathList
Set objScriptPath = GetObject(Path)
objScriptPath.PutEx 1, PropertyName, True Next End If
End Sub
' Start form1 here
Function GetServerArray()
GetServerArray = Array(\
End Function
Private Sub Form_Load()
ServerArray = GetServerArray() For Each Server In ServerArray
Set globalW3svc = GetObject(\ Call AppMappings(globalW3svc)
Next End Sub
这里是M$给的建议
http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind9906&L=ntbugtraq&F=P&S=&P=3267
NT安全技术Tips之七
关键词:NT, 计算机安全
(本部分原文加贴于1999年7月11日CHINA ASP安全技术版)
打印操作员组中的任何一个成员对打印驱动程序具有系统级的访问权。
不怀号衣的人可以利用这个安全漏洞,用一个Trojan Horse程序替换任何一个打印驱动程序,当被执行时,它不需要任何特权;或者在打印驱动程序中插入恶意病毒,具有相同效果。
解决办法:在赋予打印操作员权限时,要采取谨慎态度。要限制人数。进行系统完整性检查。适当配置和调整审计,并且定期检查审计文件。随时发现问题并解决问题。
(本部分原文加贴于1999年7月14日CHINA ASP安全技术版) 一个老话题,但是有一个新方法
关于忘记Administrator用户口令后的办法! 用L0pht Crack破Sam包是一个好办法
我现在推荐的是一个新方法,不知你有没有见过! 你首先要做一些准备工作 到这里来下载
metalab.unc.edu/pub/linux/system/install/rawrite/rawrite3.zip 里面会有一个rawrite.exe 然后你再下载一个东西
www.nmrc.org/files/snt/bootdisk.bin
你就可以把这个bin写到一张软盘上,然后用软盘启动你的服务器
会装入Linux系统,加载NTFS分区,并提供一个可以用来不知道口令的情况下更改任何帐号的口令的程序!
还有一点需要主意的地方:你改了口令重新登陆NT的时候要写 \不要写\Understand?
NT安全技术Tips之八
关键词:NT, 计算机安全
(原文加贴于1999年7月16日CHINA ASP安全技术版)
Here are 18 easy tips that can go a long way towards making your NT network a safer place. This list is meant to be used only as a brief reminder - it only covers a tiny part of what you may need to think about - but it won't hurt at all to make sure you've at least considered the following items in your environment:
1. Always use NTFS disk partitions instead of FAT. NTFS offers security features, and FAT doesn't. It's that simple. If you must use a FAT partition for any reason, do not place any system files on that partition, and be careful about putting sensitive information on that FAT partition as well - you won't be able to set any access
permissions for files and directories on that drive. And, if it's shared, it's open season on the shared tree.
2. Make sure that all of NT's password control features have been implemented. This includes requiring users to have strong passwords, forcing users to change their passwords at regular intervals, and hiding the last username to login (as seen in the logon dialog by default). NT can lock out accounts after so many bad password attempts. Be sure to enable this setting, as it greatly impairs an intruders ability to brute force guess your passwords. Force the use of strong and complex passwords -- and instruct users not to write them down anywhere unless they can be safely locked up afterwards. Cryptography experts say that as long as MS doesn't change the crypto system used for the SAM database (users and passwords, et al), the best choice for passwords lengths are between 6 and 8 characters. Without going into a ton of techno