There is a very good paper on RestrictAnonymous, and some related tools,
at:

http://www.securityfocus.com/focus/microsoft/nt/restrict.html

RestrictAnonymous doesn't help as much as you might think...

Ben Greenbaum
Product Director
SecurityFocus
http://www.securityfocus.com

> -----Original Message-----
> From: michaelvogtABCSYSTEMS.CH
> Sent: Tue 5/1/2001 12:30 AM
> To: FOCUS-MSSECURITYFOCUS.COM
> Cc:
> Subject: Re: Port 135
>
>
>
> hey steve
>
> i wrote a little tool to get all userinfos(name, rights,
> groups...), all accounts (user, workstation), all shares
> and a pw check.. you can also try to crack all user pw
> with the bf method.
>
> http://www.clicknet.ch/chscene
>
> you can disable anonymous connection (null
> connect) in the registry, when you work in a single
> domain envoirement. the nunn connection is used
> when you admin. multible domains (with trust), afaik.
>
> greets
>
> michael
> > Hi list!
> >
> > Working on an NT box running IIS 4.0 (seems
> to be patched).
> > Certain tell-tale ports are open
> (25,80,135,5800,5900) TCP.
> >
> > After doing more research on NT RPC
> protocol, and searching
> > documented vulnerabilities, I have the ability to
> dump the contents of the
> > endpoint mapper, and can connect to this port.
> What could the dumped
> > information be used for? Obviously other
> connections are displayed, but
> > after scouring Vuln and mailing list archives, the
> only risk RPC seems to
> > pose is denial of service problems.
> >
> > So... my question(s):
> >
> > 1. Is there a way to authenticate through
> RPC, or potentially
> > brute force for weak passwords?
> >
> > 2. Is there a way to execute server side
> commands using RPC?
> >
> > finally...
> >
> > 3. Are there any RPC vulnerabilities out
> there? (besides denial of
> > service)
> >
> >
> > TIA!
> >
> > Steve
> >
> >
>
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]