lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: randallm at fidmail.com (RandallM)
Subject: XP Remote Desktop Remote Activation

Would access to command shell be accomplished via the recent ZoneID hole if
such Administration password access is not available? Or perhaps even with
the launching
Of the MS04-028 exploit? Of course any Terminal usage on home pc's are
noticed because users
are locked out. Now terminal servers are a differnet story but user
intervention is still needed.

thank you
Randall M
 
 

<|>--__--__--
<|>
<|>Message: 3
<|>Date: Fri, 1 Oct 2004 23:50:45 -0500
<|>From: Fixer <fixer907@...il.com>
<|>Reply-To: Fixer <fixer907@...il.com>
<|>To: full-disclosure@...ts.netsys.com
<|>Subject: [Full-Disclosure] XP Remote Desktop Remote Activation
<|>
<|>------=_Part_505_31077403.1096692645033
<|>Content-Type: text/plain; charset=US-ASCII
<|>Content-Transfer-Encoding: 7bit
<|>Content-Disposition: inline
<|>
<|>XP Remote Desktop Remote Activation
<|>
<|>
<|>Information
<|>____________________________________________________________________
<|>Windows XP Professional provides a service called Remote Desktop,
<|>which allows a user to remotely control the desktop as if he or she
<|>were in front of the system locally (ala VNC, pcAnywhere, etc.).
<|>
<|>By default, Remote Desktop is shipped with this service 
<|>turned off and
<|>only the Administrator is allowed access to this service.  It is
<|>possible, however, to modify a series of registry keys that may allow
<|>a malicious user who has already gained a command shell to activate
<|>Remote Desktop and add a user they have created for 
<|>themselves as well
<|>as to hide that user so that it will not show up as a user in the
<|>Remote Desktop user list.  The instructions for this are attached. 
<|>Additionally, I have listed a sample .reg file of the type that is
<|>discussed in the instructions below.
<|>_____________________________________________________________________
<|>

<SNIP>

<|>--__--__--
<|>
<|>Message: 6
<|>From: "Dominick Baier" <seclists@...stprivilege.com>
<|>To: "'Fixer'" <fixer907@...il.com>, 
<|><full-disclosure@...ts.netsys.com>
<|>Subject: RE: [Full-Disclosure] XP Remote Desktop Remote Activation
<|>Date: Sat, 2 Oct 2004 17:43:11 +0200
<|>
<|>if you have an administrator password for the machine you 
<|>can just use WMIC
<|>to turn remote desktop on.
<|>
<|>wmic /NODE:Server /USER:administrator RDTOGGLE WHERE 
<|>ServerName="Server"
<|>CALL SetAllowTSConnections 1
<|>
<|>End of Full-Disclosure Digest
<|>


Powered by blists - more mailing lists