Hacking Windows 2K, XP课件.PPT

精品文档 Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP - uses UDP port 137., if only port 139 responds, probably is Win 9x, but if port 445 responds, then is Win 2k,XP. See also this paper on C IFS – Common Internet File System and SMB vulnerabilities. Close these ports! 2K, XP basic security: Net logon, no bypass of BIOS (HAL), No remote access to console (default), requires admin privileges for interactive login (Server), and has object-based security model: a security object can be any resource in the system: files, devices, processes, users, etc. server processes impersonate the clients security context (key for file servers) Win2k,XP are windows NT updated, with more security tools and patches . Quest for administrator Privilege Escalation Consolidation of power, and Covering tracks. 精品文档 Quest for Administrator Remote password guessing. Net use can help. Nat guesses passwords using user and password lists (Brutus is similar). Countermeasures: close ports, in 2k,XP use Disable NBT to disable 139 and File and Printer Sharing to disable 445. Use Account Policies to setup password length, lock, expiration, etc. Passfilt implements stronger passwords in NT, in 2k,XP just activate. Use Passprop to lock the Administrator account. Use Audit. Read good and bad passwords and see how to reduce other password vulnerabilities. Note: use kaHt2.exe to exploit MSRPC vulnerabilities at your own risk (some versions are a disguised Trojan). Eavesdropping on network password exchange and obtaining password hash values: Sniff tools and NT user authentication. If possible disable (Q299656) LanMan authentication (Win 9x problems). Remote buffer overflows: local (interactive login users), LASS, and remote using Web, FTP, DB servers and many others. Use BOWall to fix or detect. Basic countermeasure: download and run Microsoft Baseline Security Advisor.to check for setup and patch vulnerabilities. Us