Re: more info on a hopefully unsuccessful compromise

From: Sergey Latkin (slatkinat_private)
Date: Mon Jul 14 2003 - 12:29:52 PDT

Next message: Deus, Attonbitus: "RE: more info on a hopefully unsuccessful compromise"

Previous message: sgt_b: "www.google.com reference in directory-traversal attack"
In reply to: LiNERROR: "Re: more info on a hopefully unsuccessful compromise"
Next in thread: Dial Joe: "RE: more info on a hopefully unsuccessful compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

LiNERROR

Several questions

What type of logon do you use - network, interactive? Is it a local or domain 
admin account? NT domain or AD?
What events are generated in the security log when you are logging in whith 
those accounts?
Do file sizes/timestamps/checksums of logon and security DLLs (like 
msgina.dll) are different among your Win2000proSP3 systems?

On Monday July 14 2003 01:04, LiNERROR wrote:
> yes i have, i just posted a little more information to better facilitate
> the constant barrage of questions and answers, and to present an actual set
> of questions that i am looking for answers to rather than continue with the
> "your too stupid to now what your doing" answers that i have received.
>
> the difference between the accounts is almost none... 1 is the default
> admin account with a strong password that shows up in the user manager. the
> other three should not be there, and are not in the user manager, yet, you
> can still access the system with the use of one of the three "ghost"
> accounts.
>
> it's a little of setting to come in one day and find two systems on the
> back waters of your network with the ability to be connected to with 3
> passwords you never set.
>
> I tried to disable the default admin account in an attempt to perhaps lock
> out the "ghost" accounts. however when i tried to i was presented with a
> lovely message that the admin account can not be diabled.
>
> presently there are 4 sets of login/password  that can login to the systems
> admin with my password
> admin with admin reversed
> admin with admin and
> admin with nothing...
>
> i am not aware of 2k having the ability to have one account with multiple
> passwords... and if i am mistake how would i disable the other passwords.
>
> LiNE
> ---
>

-- 
Sergey Latkin
Chief Technology Officer
Pinnacle Health Group
1-(800)-492-7771
http://www.phg.com


----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
----------------------------------------------------------------------------

Next message: Deus, Attonbitus: "RE: more info on a hopefully unsuccessful compromise"
Previous message: sgt_b: "www.google.com reference in directory-traversal attack"
In reply to: LiNERROR: "Re: more info on a hopefully unsuccessful compromise"
Next in thread: Dial Joe: "RE: more info on a hopefully unsuccessful compromise"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 14 2003 - 13:42:23 PDT