[THIN] Re: Exploit
- From: "Trevor Fuson" <fuson@xxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 8 Dec 2004 10:59:16 -0800
Which ports are accessible through the firewall?
I believe you are referring to anonymous enumeration of accounts which
can be disabled through group policy, or the local security policy. I
doesn't show active accounts, that would require the terminal services
manager which you could simply look to see what ports it is connecting
through and block those. You can use TCP View by sysinternals to see
this information.
________________________________
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On
Behalf Of Bill Beckett
Sent: Wednesday, December 08, 2004 10:29 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Exploit
Hoping that someone can help me remember what this exploit was or how it
is run. I'm trying show my boss that this vulnerability exists but he is
skeptical and I know that I've done it before but it was a couple of
years back....
We are running W2K terminal server and this box is behind a firewall but
accessible from the internet. There is an exploit out there that can be
run against the machine's external IP that will return all local
accounts active on that server. Does anyone know what I'm referring to?
Other related posts:
