Date: Tue, 18 May 1999 16:07:31 -0600 From: Brett Glass <brett@lariat.org> To: Steve Price <sprice@hiwaay.net>, freebsd-chat@FreeBSD.ORG Subject: Re: how secure is NT? Message-ID: <4.2.0.37.19990518160037.040a0450@localhost> In-Reply-To: <Pine.OSF.4.10.9905181322250.8039-100000@fly.HiWAAY.net>
next in thread | previous in thread | raw e-mail | index | archive | help
If he's done the default install of IIS, you can break in via the sample asp's. (They're analogous to the old "phf" scripts in early versions of Apache, but Microsoft's programmers are apparently so wet behind the ears that they don't even have a good knowledge of their competitors' history.) These asp's will generally let you view any file on the server. See http://www.zdnet.com/zdnn/stories/news/0,4586,2255919,00.html The nice thing about this particular exploit is that it is trivial to execute from any client. It makes for a compelling "white hat" hacking demonstration but doesn't risk damaging anything. --Brett At 01:51 PM 5/18/99 -0500, Steve Price wrote: >I just got the strangest request. Today while at a customer's >facility I was given the IP address of an NT box and was asked >to try to break into it. All he told me about the box was that >it was using NT 4.0 and was running a VPN. Does anyone have any >ideas or pointers to known NT exploits? > >I know this is a very bizarre request and not directly related >to FreeBSD, so please keep all replies to me and only on -chat >if you _must_ reply to the list. Thanks. > >-steve > >PS: Please don't ask me for the IP address. My customer expressly >forbade me to give it to anyone. They don't want to end up >having 1000s of people trying to break in. Just me. :) > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-chat" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.37.19990518160037.040a0450>