|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alberto Aragones (quimeras
QUIMERAS.COM)Date: Wed Jul 18 2001 - 12:55:13 CDT
I though that changing passwords in NT/2000 was a privileged operation only
available for administrators or account operators from trusted computers.
Bring up the change password dialog from the secured screen that appears
pressing CTRL+ALT+DEL in any NT/2000 computer, by default, from this dialog
you can change the password of any account on any pingable domain or
computer that has netbios active. This could allow for guessing accounts
names and brute force attacks, since it will report detailed information on
the error if an invalid request is made, "user not found", "invalid
password" and so on.
A demostration command line utility is also available from
http://www.quimeras.com/free/chpasswd.exe
Alberto Aragones
The Quimeras Company
http://www.quimeras.com
----------------------------------------------------------------------------
Delivery co-sponsored by Trend Micro
============================================================================
TREND MICRO REAL-TIME VIRUS ALERTS
If you would like to know about a virus outbreak before CNN and ZDNet get
Trend Micro Virus Info Feed FREE. Simply copy and paste a small piece of
code to give your visitors a real-time top 10 list and the latest virus
advisories. Setup takes just 10 minutes and requires no server-side code on
your Web site. All content is updated automatically from Trend Micro's Web
site.
http://www.antivirus.com/banners/tracking.asp?si=8&bi=237&ul=/syndication/
vinfo/
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]