PHWinfo - Afficher un message

15/02/2007, 16h18

Since you're on NT 4, you're wasting your time. If I wanted to take over
your network, here's what I would do:

Plug my personal laptop into an unused jack and get an address by DHCP.

Ping scan the local subnet looking for computer names with PDC or BDC in
them. Make sure my chosen target does not have port TCP 445 open, which
would indicate Windows 2000 or higher.

After I find one, I fire up Metasploit and point it at the target server.
Execute the exploit for MS06-040 for Windows 2000, which works perfectly on
NT 4 computers (ain't code re-use a wonderful thing?). Install a VNC shell
(remote command prompt)

From my remote command prompt. run "rdisk /s". After it completes, go to the
\Repair folder where a nice, fresh copy of your SAM database now resides.
Copy it across the network to my personal laptop. Delete the new files from
the \Repair subfolder.

Disconnect my laptop from your network. Go to my network and submit the
interesting entries from the SAM database to www.rainbowcrack-online.com or
use Cain & Able to submit them.

I now have ALL of your user names and passwords, probably in less than an
hour, regardless of their length or complexity. No muss, no fuss, no event
log entries. Stealing your SAM database takes under ten minutes, about the
same length of time as a good bathroom break.

And since you're on NT 4, there are no patches for you to apply.

Ray

"dt" <daytues@yahoo.com> wrote in message
news:1171480319.105746.155350@m58g2000cwm.googlegr oups.com...
>I tried Googling, but couldn't find the info about what I will ask. I
> am new to this field, can someone tell me where I can read more about
> the problem I am thinking about, to see if I am actually right.
>
> Basically, as far as I have read, PDC is the computer that wins the
> "broadcast" battle to become the PDC. What would stop someone coming
> to the network (e.g. private LAN), plugging into it and becoming the
> PDC for it? How the workstations know which is the legitimate PDC? Am
> I wrong about the "broadcast battle" process of selecting the PDC?
> What will happen if there are more computers claiming the PDC role?
>
> I am sure this is a basic question (i.e. I am assuming I am not
> reinventing the hot-water here - someone must have asked this question
> before), that is why I think the best would be to supply me with a
> (better brief) text about this and maybe a quick answer(s).
>

15/02/2007, 16h18	#4
Ray Messages: n/a Hébergeur:	Re: PDC & hackers Since you're on NT 4, you're wasting your time. If I wanted to take over your network, here's what I would do: Plug my personal laptop into an unused jack and get an address by DHCP. Ping scan the local subnet looking for computer names with PDC or BDC in them. Make sure my chosen target does not have port TCP 445 open, which would indicate Windows 2000 or higher. After I find one, I fire up Metasploit and point it at the target server. Execute the exploit for MS06-040 for Windows 2000, which works perfectly on NT 4 computers (ain't code re-use a wonderful thing?). Install a VNC shell (remote command prompt) From my remote command prompt. run "rdisk /s". After it completes, go to the \Repair folder where a nice, fresh copy of your SAM database now resides. Copy it across the network to my personal laptop. Delete the new files from the \Repair subfolder. Disconnect my laptop from your network. Go to my network and submit the interesting entries from the SAM database to www.rainbowcrack-online.com or use Cain & Able to submit them. I now have ALL of your user names and passwords, probably in less than an hour, regardless of their length or complexity. No muss, no fuss, no event log entries. Stealing your SAM database takes under ten minutes, about the same length of time as a good bathroom break. And since you're on NT 4, there are no patches for you to apply. Ray "dt" <daytues@yahoo.com> wrote in message news:1171480319.105746.155350@m58g2000cwm.googlegr oups.com... >I tried Googling, but couldn't find the info about what I will ask. I > am new to this field, can someone tell me where I can read more about > the problem I am thinking about, to see if I am actually right. > > Basically, as far as I have read, PDC is the computer that wins the > "broadcast" battle to become the PDC. What would stop someone coming > to the network (e.g. private LAN), plugging into it and becoming the > PDC for it? How the workstations know which is the legitimate PDC? Am > I wrong about the "broadcast battle" process of selecting the PDC? > What will happen if there are more computers claiming the PDC role? > > I am sure this is a basic question (i.e. I am assuming I am not > reinventing the hot-water here - someone must have asked this question > before), that is why I think the best would be to supply me with a > (better brief) text about this and maybe a quick answer(s). >