Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Ben Greenbaum (bgreenbaumSECURITYFOCUS.COM)
Date: Wed May 02 2001 - 17:41:06 CDT
There is a very good paper on RestrictAnonymous, and some related tools,
RestrictAnonymous doesn't help as much as you might think...
> -----Original Message-----
> From: michaelvogtABCSYSTEMS.CH
> Sent: Tue 5/1/2001 12:30 AM
> To: FOCUS-MSSECURITYFOCUS.COM
> Subject: Re: Port 135
> hey steve
> i wrote a little tool to get all userinfos(name, rights,
> groups...), all accounts (user, workstation), all shares
> and a pw check.. you can also try to crack all user pw
> with the bf method.
> you can disable anonymous connection (null
> connect) in the registry, when you work in a single
> domain envoirement. the nunn connection is used
> when you admin. multible domains (with trust), afaik.
> > Hi list!
> > Working on an NT box running IIS 4.0 (seems
> to be patched).
> > Certain tell-tale ports are open
> (25,80,135,5800,5900) TCP.
> > After doing more research on NT RPC
> protocol, and searching
> > documented vulnerabilities, I have the ability to
> dump the contents of the
> > endpoint mapper, and can connect to this port.
> What could the dumped
> > information be used for? Obviously other
> connections are displayed, but
> > after scouring Vuln and mailing list archives, the
> only risk RPC seems to
> > pose is denial of service problems.
> > So... my question(s):
> > 1. Is there a way to authenticate through
> RPC, or potentially
> > brute force for weak passwords?
> > 2. Is there a way to execute server side
> commands using RPC?
> > finally...
> > 3. Are there any RPC vulnerabilities out
> there? (besides denial of
> > service)
> > TIA!
> > Steve