Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hacking Windows 2000. What to do first?  Patch : of course the first thing to do is apply SP3 and the critical updates. More will come …critical updates.

Published byPauline Stone Modified over 9 years ago

Similar presentations

Presentation on theme: "Hacking Windows 2000. What to do first?  Patch : of course the first thing to do is apply SP3 and the critical updates. More will come …critical updates."— Presentation transcript:

1 Hacking Windows 2000

2 What to do first?  Patch : of course the first thing to do is apply SP3 and the critical updates. More will come …critical updates  Null session countermeasure : RestrictAnonymous using the Local Security Policy applet.Local Security Policy  Disable NetBIOS over TCP/IP:  open Network and Dial-Up Connections, select Local Area Connections, Internet Protocol (TCP/IP) Properties, Advanced, Select the WINS tab and disable NetBIOS over TCP/IP. This disables connection to port 139Network and Dial-Up Connectionsdisable NetBIOS over TCP/IP  again in Network and Dial-Up Connections, select Advanced from the toolbar, Advanced settings and de-select File and Printer sharing as shown here. This disables connection to port 139 and 445.here  Close ports: TCP 389 - LDAP and 3268 - Global Catalog (Active Directory) at the firewall. See table 6.1 for 2k ports. Terminal Server TCP 3389.  Disable: Zone Transfers, SNMP service in Servers (see next chart).

3 Zone transfers, SNMP, etc (3)  Check that NetBios enumeration is closed: use nat xxx.xxx.xxx.xxx.nat  Change SNMP from public to private community name to prevent SNMP enumeration.public  Block Win 2000 DNS Zone Transfer (AD and DNS). Computer Mgmt, Services and Applications, DNS, only for specified servers not all as default (WS not vulnerable).  Check security settings in Domain Controller ports 389 and 3268 (Active Directory). Filter these ports at the network border router (firewall). Remove Everyone group from access.  Lock BIOS setup, boot from HD only, otherwise vulnerable to NTFSDOS combined with l0phtcrack.NTFSDOSl0phtcrack

4 What else?  Set IP Sec : block ping, filters host-based port filtering. You can use command prompt (Ipsecpol.exe -- see book for examples) or graphical dialogs from the Local Security Policy applet. graphical dialogs  Passfilt : enable Passfilt to strength password as shown in this image.this image  Kerberos V5: only Win2K machines have it, downgrades to NT and LAN Manager authentication if Win 9x/NT are involved.  DoS : only gateway/firewall can actually prevent, but Win2k provide registry keys you can tinker with when under attack (to help, not solve the problem).  AD vs SAM: AD in domain controllers, SAM in WS and ordinary servers, with the same NT vulnerabilities, but uses SYSKEY by default. See this article on how SYSKEY can be by-passed (use NTFSDOS) and hashes added to the SAM.this article  EFS attack: deleting the SAM blanks the Administrator password!!! Set BIOS password and C: drive boot only. This allows to login as Administrator (the recovery agent) and decrypt the content of the files (just open and save in a regular folder). It is possible to backup the recovery keys.backup the recovery keys runas.exe.  Others: LSA secrets, AD replication, Terminal Server(3389), Use runas.exe.LSA secrets

Download ppt "Hacking Windows 2000. What to do first?  Patch : of course the first thing to do is apply SP3 and the critical updates. More will come …critical updates."

Similar presentations

Ethical Hacking Module IV Enumeration.

Ethical Hacking Module IV Enumeration.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Windows 2003 SP1 Member Server in ASU Active Directory WNUG/CCC February 2, 2006 Sharon Bushart CLAS Information Technology.

Windows 2003 SP1 Member Server in ASU Active Directory WNUG/CCC February 2, 2006 Sharon Bushart CLAS Information Technology.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Chapter 13 Chapter 13: Managing Internet and Network Interoperability.

Chapter 13 Chapter 13: Managing Internet and Network Interoperability.
Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.

Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost 127.0.0.1 (loopback address)  Internal networks 

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Windows Assessment Vulnerability Assessment Course.

Windows Assessment Vulnerability Assessment Course.
Network Client Configuration By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.

Network Client Configuration By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.

VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.

Similar presentations

Ads by Google