subject:"\[Full\-disclosure\] Possible RDP vulnerability"

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-27 Thread wicked clown

, 2010 8:31 AM *To:* Full-Disclosure@lists.grok.org.uk *Subject:* Re: [Full-disclosure] Possible RDP vulnerability Thank you for your comment. What I was referring to it being scary is that if you create a locked down group policy that is tighter than a ducks bum and you forget that single

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-27 Thread Dan Kaminsky

-boun...@lists.grok.org.uk] On Behalf Of wicked clown Sent: Friday, March 26, 2010 8:31 AM To: Full-Disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Possible RDP vulnerability Thank you for your comment. What I was referring to it being scary is that if you create a locked down group

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-27 Thread Thor (Hammer of God)

: Saturday, March 27, 2010 4:39 AM To: Thor (Hammer of God) Cc: Full-Disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Possible RDP vulnerability I think we are two different pages :) what I was trying to show if you have a group policy that will only run a certain applications for example

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-27 Thread Thor (Hammer of God)

, March 26, 2010 3:33 AM To: Full-Disclosure@lists.grok.org.ukmailto:Full-Disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Possible RDP vulnerability Cheers for that, I take it back that I haven't found an vulnerability :(, but by default this isn't enabled which is scary !! On Fri, Mar 26

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-27 Thread Mr. Hinky Dink

: devise a Group Policy that will prevent users from attaching their local drives to a remote RDP server. - Original Message - From: wicked clown To: Thor (Hammer of God) Cc: Full-Disclosure@lists.grok.org.uk Sent: Saturday, March 27, 2010 7:39 AM Subject: Re: [Full-disclosure] Possible

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-27 Thread Thor (Hammer of God)

Of Mr. Hinky Dink Sent: Saturday, March 27, 2010 8:51 AM To: Full-Disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Possible RDP vulnerability As far as RDP is concerned, it's much simpler (and more fun!) to host an Evil RDP Server than it is to hack into one. There is no end

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-27 Thread Thor (Hammer of God)

, March 27, 2010 8:51 AM To: Full-Disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Possible RDP vulnerability As far as RDP is concerned, it's much simpler (and more fun!) to host an Evil RDP Server than it is to hack into one. There is no end to the shenanigans you can create

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-27 Thread Dan Kaminsky

...@lists.grok.org.uk [mailto:full- disclosure-boun...@lists.grok.org.uk] On Behalf Of wicked clown Sent: Friday, March 26, 2010 8:31 AM To: Full-Disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Possible RDP vulnerability Thank you for your comment. What I was referring to it being scary

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-27 Thread Thor (Hammer of God)

-Disclosure@lists.grok.org.ukmailto:Full-Disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Possible RDP vulnerability So it's a super common thing for schools to have 'locked down' Windows desktops, and even more common for even slightly nerdy kids to take the lockdown as a challenge

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-27 Thread Mr. Hinky Dink

Vis7a and Server 2008, but I really haven't kept up with the tech). - Original Message - From: Thor (Hammer of God) t...@hammerofgod.com To: Mr. Hinky Dink d...@mrhinkydink.com; Full-Disclosure@lists.grok.org.uk Sent: Saturday, March 27, 2010 12:09 PM Subject: RE: [Full-disclosure] Possible

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-27 Thread Benji

...@hammerofgod.com To: Mr. Hinky Dink d...@mrhinkydink.com; Full-Disclosure@lists.grok.org.uk Sent: Saturday, March 27, 2010 12:09 PM Subject: RE: [Full-disclosure] Possible RDP vulnerability Oh, sorry I read the question wrong. Just don't allow them to attach their local drives. Simple. Still, what

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-27 Thread Thor (Hammer of God)

- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Mr. Hinky Dink Sent: Saturday, March 27, 2010 11:48 AM To: Full-Disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Possible RDP vulnerability In your case, had you answered

[Full-disclosure] Possible RDP vulnerability

2010-03-26 Thread wicked clown

Hi Guys, I think I possible may have found a vulnerability with using RDP / Terminal services on windows 2003. If you lock down a server and only allow users who connect to your RDP connection to run certain applications, users can bypass this and run ANY application they want. You can do

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-26 Thread Mr. Hinky Dink

: [Full-disclosure] Possible RDP vulnerability Hi Guys, I think I possible may have found a vulnerability with using RDP / Terminal services on windows 2003. If you lock down a server and only allow users who connect to your RDP connection to run certain applications, users can bypass

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-26 Thread wicked clown

an initial program to be launched. Always show the desktop. - Original Message - *From:* wicked clown wickedclow...@googlemail.com *To:* Full-Disclosure@lists.grok.org.uk *Sent:* Friday, March 26, 2010 5:04 AM *Subject:* [Full-disclosure] Possible RDP vulnerability Hi Guys

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-26 Thread Thor (Hammer of God)

...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of wicked clown Sent: Friday, March 26, 2010 3:33 AM To: Full-Disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Possible RDP vulnerability Cheers for that, I take it back that I haven't found an vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-26 Thread wicked clown

for Do not allow an initial program to be launched. Always show the desktop. - Original Message - *From:* wicked clown wickedclow...@googlemail.com *To:* Full-Disclosure@lists.grok.org.uk *Sent:* Friday, March 26, 2010 5:04 AM *Subject:* [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

2010-03-26 Thread Thor (Hammer of God)

26, 2010 8:31 AM To: Full-Disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Possible RDP vulnerability Thank you for your comment. What I was referring to it being scary is that if you create a locked down group policy that is tighter than a ducks bum and you forget that single tick (I

Re: [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

[Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

Re: [Full-disclosure] Possible RDP vulnerability

18 matches

Site Navigation

Mail list logo

Footer information