From owner-freebsd-chat  Tue May 18 15: 7:50 1999
Delivered-To: freebsd-chat@freebsd.org
Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2])
	by hub.freebsd.org (Postfix) with ESMTP id 8AB3414C93
	for <freebsd-chat@FreeBSD.ORG>; Tue, 18 May 1999 15:07:44 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2])
	by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id QAA08081;
	Tue, 18 May 1999 16:07:38 -0600 (MDT)
Message-Id: <4.2.0.37.19990518160037.040a0450@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.37 (Beta)
Date: Tue, 18 May 1999 16:07:31 -0600
To: Steve Price <sprice@hiwaay.net>, freebsd-chat@FreeBSD.ORG
From: Brett Glass <brett@lariat.org>
Subject: Re: how secure is NT?
In-Reply-To: <Pine.OSF.4.10.9905181322250.8039-100000@fly.HiWAAY.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

If he's done the default install of IIS, you can break in via
the sample asp's. (They're analogous to the old "phf" scripts
in early versions of Apache, but Microsoft's programmers are
apparently so wet behind the ears that they don't even have a
good knowledge of their competitors' history.) 

These asp's will generally let you view any file on the server. 
See

http://www.zdnet.com/zdnn/stories/news/0,4586,2255919,00.html

The nice thing about this particular exploit is that it is trivial 
to execute from any client. It makes for a compelling "white hat"
hacking demonstration but doesn't risk damaging anything.

--Brett

At 01:51 PM 5/18/99 -0500, Steve Price wrote:
>I just got the strangest request.  Today while at a customer's
>facility I was given the IP address of an NT box and was asked
>to try to break into it.  All he told me about the box was that
>it was using NT 4.0 and was running a VPN.  Does anyone have any
>ideas or pointers to known NT exploits?
>
>I know this is a very bizarre request and not directly related
>to FreeBSD, so please keep all replies to me and only on -chat
>if you _must_ reply to the list.  Thanks.
>
>-steve
>
>PS: Please don't ask me for the IP address.  My customer expressly
>forbade me to give it to anyone.  They don't want to end up
>having 1000s of people trying to break in.  Just me. :)
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-chat" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message