Windows NT Security Holes - PowerPoint PPT Presentation

About This Presentation
Title:

Windows NT Security Holes

Description:

Windows NT Security Holes. Windows NT is getting more popular. ... shared by system manager, you can run REGEDIT.EXE,then you can access NT Sever ... – PowerPoint PPT presentation

Number of Views:37
Avg rating:3.0/5.0
Slides: 12
Provided by: anv2
Category:

less

Transcript and Presenter's Notes

Title: Windows NT Security Holes


1
Windows NT Security Holes
  • Windows NT is getting more popular. More
    and more companies use NT as their platform of
    the Internet.They also use NT as the platform of
    Intranet solution.Today we will discusses the
    most serious security holes of Windows NT
    operation system.

2
Two Parts
  • 1.The first part is about security holes existing
    in NT server and workstation
  • 2. the second part talks about two security holes
    existing in browser and NT machine.


3
Part 1.Hole 1. How to get Administrator
  • Step 1. Rename c\winnt\system32\logon.scr to
  • logon.old
  • Step 2. Rename usrmgr.exe to logon.scr
  • Step 3. Restart your NT machine
  • Because logon.scr is existed in NT Startup
    Utility.It will be executed when Windows NT
    restart.And you will not be required to input
    your password.Usrmgr.exe can be executed,then you
    can join Administrator group.

4
Part 1.Hole 2.The second way to get
Administrator right
  • Reinstall Windows NT operating system,
  • The new operating system will cover the old
    operating system.Then you can config new system
    at your pleasure so that get Administrator right.
  • The situation will happen when somebody come in
    your Sever Center Room unlawful.

5
Part 1.Hole 3. How to get Password
  • In Windows NT workstation,anybody can use some
    special tools to read ADMINST.PWD
  • (ADMINST.PWD is a encrpytion file)
  • In Windows9X.X Client,anybody can use some
    special tools to read ADMINST.PWL (ADMINST.PWL
    is a encrpytion file)
  • After you get password,you can get the right
    of Default Manager, especially it is easy to get
    in Windows9X.X Client.

6
Part 1.Hole 4. Remote access Registry
  • In Windows 9X.X Client and the source which can
    be shared by system manager, you can run
    REGEDIT.EXE,then you can access NT Sever
    alternately and remotely.
  • Because Registrys default setting allow anybody
    create and full control it. So somebody can
    delete and change Registry.

7
Part 1.Hole 5.Anybody can access a resource in
NT Domain
  • In command mode,anybody just enter
  • ..\\IPaddress\C OR
  • ..\\IPaddress\D OR
  • ..\\IPaddress\WINNT
  • then you can contact any shared resource in
    Windows NT Domain.

8
Part 1.Hole 6.How to kill a NT machine
  • You can use Ping command to kill a NT
    machine.NT cant accept a large ICMP
  • (Internet Control Messages Protocol) Package.If
    a Package is 64K,NTs TCP/IP Stack will not work
    good and System will work offline until
    restart.So system will refuse some service.
  • Try this command,see what happen
  • ping -l 65524 host.domain.com

9
Part 2.Hole 1.Browsers Hole
  • There is a hole about all of browsers in NT
    Win9X.X.When you want to view a HTML page,your
    browser will look for the page in your local
    drive at first-time.If your NT machine just is a
    SMB Sever,it will send username and password
    automatically.
  • But you will never know what happen.
  • SMB is Service Message Block

10
Security Countermeasures.
  • Authenticating Users
  • Resource Access Control
  • Block unwanted TCP/IP Ports
  • Auditing and logging
  • Firewalls
  • Packet filters
  • Physical isolation
  • Etc,.

11
Thank you
  • Author BoYong Jiang
  • Student ID 103016
  • Date 06/03/2000
Write a Comment
User Comments (0)
About PowerShow.com