Date: 1/22/98 11:02:49 AM From: "Cintron, Jose J." Subject: [NTSEC] Re: Registry Security To: ("""NT Security Mailing List \(E-mail\)"" "@LOCAL) TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net Contact ntsecurity-owner@iss.net for help with any problems! --------------------------------------------------------------------------- In few words, Asmodeus (or any scanning utility for that matter) opens a NULL connection to the target machine and uses the permissions granted to the Everyone group (which is not listed in User Manager). To do this on an NT machine type the following... net use \\ComputerName\ipc$ "" /user:"" That's all you need, after this you have a connection to the remote machine and you have the same permissions that are granted to the Everyone group... I hope this answers your question, let me know if you need any more information. >> Date: Wed, 21 Jan 1998 10:33:06 -0600 (CST) >> From: Freak >> Subject: [NTSEC] Registry Security >> >> TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net >> Contact ntsecurity-owner@iss.net for help with any problems! >> - --------------------------------------------------------------------------- >> >> I recently ran Asmodeus, which is free at www.asmodeus.com, and I scanned >> my network. Every NT machine that was scanned returned a value that the >> registry security was weak, and to increase security on this. >> >> My question is, how can a person, without any user account whatsoever, get >> access to the registry? I ran this from a machine not participating in >> that domain. I know about pwdump and several other tricks but I thought >> it required a user account. Does anyone know how a person can get access >> across the internet to the registry? >> >> Thanks in advance, >> Will //------------------------------------------------------ // Jose J. Cintron - // Integrated Management Services, Inc. // 2101 Wilson Boulevard, Suite 916 // Arlington, VA 22201 // // Phone: 703.528.0334 x 323 // FAX: 703.528.9527 //------------------------------------------------------