[THIN] Re: Exploit
- From: Bill Beckett <Bill.beckett@xxxxxxxxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Wed, 8 Dec 2004 14:36:12 -0500
Sorry wrong use of the word active. Local accounts that are not disabled is
better worded but in any event, I believe anon enumeration of accounts is
correct.
-----Original Message-----
From: Trevor Fuson [mailto:fuson@xxxxxxx]
Sent: Wednesday, December 08, 2004 1:59 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Exploit
Which ports are accessible through the firewall?
I believe you are referring to anonymous enumeration of accounts which can
be disabled through group policy, or the local security policy. I doesn't
show active accounts, that would require the terminal services manager which
you could simply look to see what ports it is connecting through and block
those. You can use TCP View by sysinternals to see this information.
_____
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Bill Beckett
Sent: Wednesday, December 08, 2004 10:29 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Exploit
Hoping that someone can help me remember what this exploit was or how it is
run. I'm trying show my boss that this vulnerability exists but he is
skeptical and I know that I've done it before but it was a couple of years
back....
We are running W2K terminal server and this box is behind a firewall but
accessible from the internet. There is an exploit out there that can be run
against the machine's external IP that will return all local accounts active
on that server. Does anyone know what I'm referring to?
Other related posts:
