how can one breach a Win 2k DC using only NetBIOS?

G

Guest

'How can an intruder using only NetBIOS engage in an enumeration
activity against a Windows 2000 Server that is functioning as a domain
controller'?

Assumptions already made- :

· IP address of the Windows 2000 Advanced Server is
192.168.204.13

·The Windows 2000 Server is not making use of IP-Sec or
Kerberos.

·No service packs have been applied to the Windows 2000
Advanced Server.
 
?

.

No one would do that when there are much more attractive alternatives with
TCP/IP, like www.metasploit.org and you cannot disable TCP/IP and still have
the server function.

No service packs = dead duck. Use Metasploit to get local admin access and
then make yourself a domain admin.

Ray
 
G

Guest

though it may not be the most attractive option,but cosider that this is the
only option for the breach to occur.how do u think the intruder will achieve
this?
 
R

Roger Abell [MVP]

not to discount the prior valid comments . . .

Are we confusing "breach" with "enumeration" of the SAM ??
You state a W2k DC that is not using Kerberos.
That configuration cannot exist.

Anonymous enumeration of the SAM is easily possible if the
system has been weakened in its policy setting (at least I think,
it is quite hard to recall the default settings for W2k Gold).
If one has access to any account in the forest of the DC then
enumeration is even more simple and without regard to the
configured setting for anonymous enumeration.

Now, turning a SAM enumeration into a breach, now we have
a different story. If the W2k Gold has been in a connected state,
rather than an truely isolated network, then your biggest problem
may be in getting past the hidden/defensive measure implaced by
the current (illicit) "owners" of the box, as it is virutally certain that
it is compromised.
 
K

karl levinson, mvp

How? Just by asking the server.

Google for the winfingerprint tool that shows you different information
about the server [instead of about the user] that can be enumerated via
Netbios. [Be careful, I can't remember if everything in Winfingerprint is
gotten only through NetBIOS.]

Also, go to www.securityfriday.com to read some information on how user
account enumeration can be done, as well as the getacct tool to test.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

NetBIOS 1
80 and 88 4
Netbios names with IP 6
LDAP 1
Is NetBIOS Over TCP Required For Authentication? 15
Removing a Crashed win 2000 DC 0
Remote Desktop Connection does not encrypt with ipsec 3
NetBIOS over TCP disabled 4

Top