The simple answer is find out how it was put on there, and block off that
avenue. Then do a security audit on that machine... that Might go a long way
to protecting you from this in the future. Though this all depends on
weither the proxy was installed by a remote or local user.
More info
Question: How can someone bypass restrictions in
Win2k
to install software when he doesn?t have proper
privileges?
Privilege escalation is pretty trivial these
days...assuming that the user doesn't already have
local admin privileges on the system. Not too long
ago, a worm used the
Hi Ahaly
There are many ways to do get the result you want.
However, the easiest is to crack the .SAM file.
The .SAM file is locked under operating running
conditions. If your admins are usless you may be lucky
and find a backup copy in the repair folder
(c:\WINNT\repair)
However, the .SAM file
I disagree. Security is everybody's problem. The user can be a big help in
notifying the IT department of things going on that might have escaped their
eyes. The more eyes, the better.
Amor Patriae
Samuel Harris
A+, MCP, Networking Certificate, Phi Theta Kappa
Portsmouth Naval Shipyard
Does anyone have suggestions of software that can do a detailed probe of a
workstation or server. From time to time it's possible a system is placed on
the network that isn't supposed to be there, I'd love to be able to target
it and externally probe it for whatever info can be gathered. We
I used the Linux version. The CIS audit tools will just report and not make
any changes. In so far, I don't think that they will crash your server.
Like all similar tools I have used so far, the CIS tools have to be
adapted to your own organization. Don't just apply them blindly.
The tool will
From: Gedi [EMAIL PROTECTED]
There are many ways to do get the result you want.
However, the easiest is to crack the .SAM file.
The .SAM file is locked under operating running
conditions. If your admins are usless you may be lucky
and find a backup copy in the repair folder
(c:\WINNT\repair)
Also check www.ngssoftware.com they have some handy tools for Db scanning.
My experience with AppDetective was great. The false positives were almost
negligible.
Murat
-Original Message-
From: bsec [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 31, 2003 1:57 PM
To: [EMAIL
Bill,
Who and what did the server hardening?
Was is just the OS, or did you have specific applications that were also
hardened?
Your description sounds like someone did it for you.
There could be hundreds of holes/exploits that may have been missed in the
OS or the applications you have
Hello Ahaly
As an admin working in a uni enviroment, I have seen this before.
It depends on what the admins have set up. Some accounts may be Part of the
Power Users group which gives them rights to install for that user only.
Your's might be part of the more restricted Users group. Also, some
10 matches
Mail list logo
