Penetration Testing mailing list archives
Re: Remote Desktop/Term. Serv information leakage
From: Joachim Schipper <j.schipper () math uu nl>
Date: Sat, 2 Jul 2005 03:03:08 +0200
On Fri, Jul 01, 2005 at 01:25:54PM -0500, Terry Vernon wrote:
write a daemon to run on the windows box that won't allow renaming the file extensions of .txt to anything else. do it for every type of file you can paste text in. Set up better controls for traffic going to the remote desktop so only trusted people can access it. if you could access it from outside the private net and your computer had internet access then that network is accessible from the internet just not directly. It would take some doing but if a network has one wire going to any number of other networks that have one wire that touches the internet you can bet that it is crackable however improbable it seems. Terry Vernon CTO Sprite Technologies
Preventing renaming of .txt is not very useful, as notepad will gladly save it as whatever you please, including .exe. And if notepad, by some leap of logic on MS' part, lost this ability since I last used Windows, there are literally hundreds of other tools that won't complain. In the worst case, just use DOS' edit, which has a lot less compunctions about 'proper' file types. Copying binary files accross the clipboard may or may not work; in the worst case, compile yourself a Win32 exploit and do a manual byte-by-byte copy using your hex editor of choice. Copying stuff from the secured network is still remarkably easy; in the worst case, open a document, take a snapshot of your (remote) desktop, and repeat until bored. Then compress the images and mail them off. I wholly agree with you on the 'indirectly connected' comment, though. With the addition that properly secured machines *aren't* crackable. Or at least, not easily. I'm still not sure what the original poster is trying to guard against, though... Joachim
Current thread:
- Remote Desktop/Term. Serv information leakage kuffya (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Joachim Schipper (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Eric Smith (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Kyle Maxwell (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Terry Vernon (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Joachim Schipper (Jul 01)
- RE: Remote Desktop/Term. Serv information leakage Paul Fields (Jul 01)
- Re: Remote Desktop/Term. Serv information leakage Thor (Hammer of God) (Jul 01)
- <Possible follow-ups>
- RE: Remote Desktop/Term. Serv information leakage Andre Protas (Jul 01)
- RE: Remote Desktop/Term. Serv information leakage Ha, Jason (Jul 02)
- Re: Remote Desktop/Term. Serv Information leakage kuffya (Jul 02)
- RE: Remote Desktop/Term. Serv Information leakage Paul Fields (Jul 05)
- RE: Remote Desktop/Term. Serv information leakage Salvador.Manaois (Jul 04)
- Providers blocking portscans - bad news for pentest? Petr . Kazil (Jul 04)
- RE: Providers blocking portscans - bad news for pentest? Erin Carroll (Jul 04)
- RE: Providers blocking portscans - bad news for pentest? Alexander Klimov (Jul 05)
- Providers blocking portscans - bad news for pentest? Petr . Kazil (Jul 04)