[COMP] Security flaw in Windows 2000 (I think. Please advise)
- From: "Michael V. Franklin" <slavo@xxxxxxxxxxxx>
- To: "COMP Mailist (E-mail)" <computers@xxxxxxxxxxxxxx>
- Date: Mon, 12 Feb 2001 23:23:17 -0800
Hi everyone,
I just found out what appears to be a major security flaw in Windows 2000.
It sure seems like one to me as I was able to connect to my college's web
server and turn it off and on again. I think if the web server was a
windows 2000 server, I could actually add myself as a user and do whatever I
wanted. Someone check this out and respond. I know you Linux freaks are
going to love to tear this one apart.
At a command prompt type "net use \\server\IPC$" without the quotes of
course
Type "net use" again and verify that the server\IPC$ is listed.
Then, open up the Windows 2000 computer management console.
Choose action->connect to another computer
type "\\server" in the appropriate box
Now do whatever you want to the server.
I don't know if there is just something that isn't configured right on the
server's end, but it sure seems like there is a lot of damage that can be
done here. Please don't do anything illegal with this information (Yeah,
right!. Like everyone who's going to read this is honest).
Mike
========================================
Avenir Web's Computers Mailing List
List Modes, Subscription, and General Info:
Go to http://www.freelists.org/cgi-bin/webpage?webpage_id=11
List Archives: http://www.freelists.org/archives/computers
Administrative Contact: weez@xxxxxxxxxxxxxx
Get computer help: http://avenir.dhs.org
========================================
- Follow-Ups:
- [COMP] Re: Security flaw in Windows 2000 (I think. Please advise)
- From: John Madden
Other related posts:
- » [COMP] Security flaw in Windows 2000 (I think. Please advise)
- » [COMP] Re: Security flaw in Windows 2000 (I think. Please advise)
- [COMP] Re: Security flaw in Windows 2000 (I think. Please advise)
- From: John Madden