- This topic has 8 replies, 5 voices, and was last updated 11 years, 11 months ago by
.
-
Posts
-
-
ok so my university puts on cyber defense competitions and i was just wondering if people know of some security holes that administrators accidentally put into a system that would leave that system vulnerable to attack. I would love for these to be real life errors like the admin was lazy and left a copy of the password list in an obscure directory.
That system is a windows 2003 server SP1. When it is given to them it is not a part of a domain, but many decide to make it a part of one even though their only other windows system is a windows dns. The group of people that are trying to secure up their systems are high school students, but at the same time i want the attacking team to have to work at it to break into the system. The attackers come from professionals and some graduate students.
-
I’m unaware of an exploit that allows an attacker to bypass this but I have seen a video demonstration on how to use a tool called tsgrinder, you should look into it. The tool can be found on:
http://www.hammerofgod.com/
and the video can be watched on:
http://www.learnsecurityonline.com -
ok i guess i should rephrase this. I’m looking for some semi common things that administrators do that are unsecure. The teams are given roughly 2-3 weeks to setup their network, and fix any holes in their security. So this would kinda be real world where someone comes into a business and the computer administrator has left. So no knowledge of how or what they did to the system, but they can’t reinstall the os.
-
Aha, in that case you are looking at a long list LOL! Here are a few off the top of my head.
– Insecure passwords
– Forgetting or delaying security patching
– Installing VNC/LogMeIn/GoToMyPC for convenient remote access
– Using a domain admin account for routine access (this is especially bad when combined with local caching of passwords)
– Giving users local administrator rights on PC’s
– Not using an anti-virus or not updating anti-virusI hope these help.
-
Those are great. I also looked into setting the windows installer to run as the guest account, which is disabled. To help prevent users from updating their computers as this messes with the windows update. i also installed dreampack pl on the computers, but i don’t think thats gonna do a whole lot cause we don’t get physical access to computers.
-
Try running Nessus against it.
http://www.nessus.org/nessus/ -
If you are on the same LAN link as the server I would say run Cain & Able to and do a Man In The Middle Attack on it (If some one is running RDP you can get in the middle of it). Also look to Chris gates video here for some cool stuff: http://www.ethicalhacker.net/content/view/105/24/
If you are trying to defend against RDP types of attacks I think the best thing to do as a basic step is to change the RDP port number to something different.
Another basic step would be to make a new Admin account (with a name that is not anything like Admin and set a 14+ charter password on it) and change the old Admin account to Guest permissions or disable it.
My 2 cents 🙂
Brian
-
@slimjim100 wrote:
If you are trying to defend against RDP types of attacks I think the best thing to do as a basic step is to change the RDP port number to something different.
Another basic step would be to make a new Admin account (with a name that is not anything like Admin and set a 14+ charter password on it) and change the old Admin account to Guest permissions or disable it.
My 2 cents 🙂
Brian
It sounds like they are trying to attack one system (“that system”) so moving the RDP port (not a bad idea) would only stop the laziest of attackers who never ran nmap.
I usually rename the admin account, but Brian’s idea is a little better since the admin SSID is not 500.
I would suggest trying a quick null session enumeration with enum. It should give you lots of juicy info.
-
Here is a link to a portion of Hacking Exposed describing null sessions.
http://books.google.com/books?id=-bkRryv377QC&pg=PA85&lpg=PA85&dq=windows+2003+null+session+default&source=web&ots=3MKuwM-N5C&sig=XBCU-Fy4AqDUJ4tpa8g1G7Latwc&hl=en&ei=DxaXSfzxAZCCNae8tfML&sa=X&oi=book_result&resnum=2&ct=result#PPA85,M1
-
- You must be logged in to reply to this topic.
