23

Windows NT - ???????? ????????????

NT: ???????? ????????????

???? ???? ?????? - ????????? ????????? ??????? ???????????? Windows NT ? ???????? ?? ??????????. ???? ???????????? ?????????? ?? ????????? ??????????:

Bill Stout. Known NT Exploits.

Microsoft Technical Support

The Unofficial NT Hack FAQ

????????? ???????

???????????? NTWS4.0 ? NTS4.0 ???????? ??????? rollback.exe, ??????????????? ??? ????????? ?????????????? ????????????????? ???????. ?? ?????? ???????? ? ??????? ??????? (??? ??????????????) ? ???????? ? ????? Character Based Setup (????? ????????? ?? ????????? GUI). ?????? ?? ??-??? ??????? ??????? ???????? ? ??? ?? ????????? ??????????? (?????? ?????????, ???????? ??????????, ???????????????? ???????? ? ?.?.). ????? ?? ????? ?? CD-ROM ? NT ? ???????? Support\Deptools\<system>\
???????????: http://support.microsoft.com/support/kb/articles/Q149/2/83.asp

???????? %systemroot% ? %systemroot%\system32 ????? ?? ????????? ????? ??????? Change ??? Everyone. ??? ????? ???????? ? ????? ????????????? ???????????? ???? ????????? ????? ????????? dll "??????????" ? ?.?. ??? ???? ??? ????? ???? ??????? ?? ????? ?????? ???????? - ? ??? ?????, ?? ????????, ?????????? ? ?????????? ??????? ???????.
??? ?????? ?????????? ???????? ?????????? ????? ???????. ??????, ????????? DumpAcl ????????? ??????? ????? ??????? ??? ????????? ???????? - ??????, ???????, ????????? ? ?.?. ? ????? ??????, ??????? ??? ?????????.

? ??????? ???? ????
<HKLM\SYSTEM\CurrentControlSet\Control\Lsa>
?? ?????????
<Notification Packages: REG_MULTI_SZ: FPNWCLNT>

??? DLL ?????????? ? ?????, ????????? ? Netware. ?????????? FPNWCLNT.DLL ? ???????? %systemroot%\system32 ?????? ????? ?????????? ??? ??????. ????? ??????????? ? ???????????? ??? ????????? ??????? ? ???????? ????? ????????????? ????? ????????????? ???? dll ? ???????????? (???????? ???????) ? ???? c:\temp\pdwchange.out.
??? ?????? ?????????? ??????? ???? ???? ? ???????? ??? ????? ??????? ?? ??????.

???????????? ????? ????? ???? ????????????? ? ????? ? ????? ??????????? (??? ??? ??????????), ?? ??? ??? ????? ?????????? ?? ????????? ?????? (????????, ???????????? notepad.exe ? notepad.doc ? ????????? "start notepad.doc"). ?? ? ???, ???????? ?? ? ????? ?????????? ??????????? ??????? ????????? ????? rollback.exe, ???????????????? ? readme.doc. ????? ??????????.

??????? ????? ??????? ???????? ??? ?????? ?????? Everyone. ??? ?? ????????? ? ? ?????????? ??????? ? ???????. ????? ????????? ???????, ???????? ? ????????? ? ?????????????? ???????? reg-??????. ? ??????? NT4.0 ???????? ????
<HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg>
??? ??????? ???????? ?????? ? ??????? ????? ?????? ???????????????. ? NT Server ???? ???? ?????????? ?? ?????????, ? NTWS ????? ???? ????????.
???????????: http://support.microsoft.com/support/kb/articles/Q155/3/63.asp

???????? ??????????

? FrontPage 1.1 ???????????? IUSR_* ????? ????? ??????? Full Control ? ???????? _vti_bin ? Shtml.exe. ???? ???????? ????? ?????? IUSR_<hostname> (?????? ?????????? ???????), ?? ?? ????? ???????? ?????? ? ???????? ? ???????????? ???????. ? FrontPage'97 ??? ???????? ??????????.
???????????: http://support.microsoft.com/support/kb/articles/Q162/1/44.asp

??? ??????? ??????????????? ? Windows NT 3.51 File Manager ?? ?????? MS Office 7.0, ?? ???????? ?????? ? ????????, ?? ??????? ? ???? ??? ???? ???????. ??? ??????? ? ???, ??? File Manager ????????? ????? 'backup and restore permissions' ?? ?????? Office, ??????? ???????????? ?????? ??? ?????? ???????????????? ???????? ? ??????. ?????? ?????????? ??????? ? Office7.0a
???????????: http://support.microsoft.com/support/kb/articles/Q146/6/04.asp

?????? FTP ????????? ????????????? ????????? ?????????? ?? ?????? ?????? ?????, ?????????? ????????. ??? ????? ???? ???????????? ?????????? ??? ?????? ??????? ?????? ?????? FTP.
?????? ???????? ????
<HKLM\System\CurrentControlSet\Services\MSFTPSVC\Parameters>
?? ?????????
<EnablePortAttack: REG_DWORD: >
?????????, ??? ???????? ??????????? ? '0', ? ?? '1'.
???????????: http://support.microsoft.com/support/kb/articles/Q147/6/21.asp

??????????????????? ??????

??????? ntfsdos.exe ????????? ?????? ?????? ? NTFS ?? DOS,Windows,Windows'95. ????? ??????? ??? ???? ????????????. ???????? ??? ?????? ??????? ???????? ? ???????????? ??????.
??????????? ??????? (read only) ?????????? ??? Linux: http://www.informatik.hu-berlin.de/~loewis/ntfs/

???? ?? ?????????? ??????? ????????????? ? ??????? - ?????? ??????. ??? ?????? ? ???? ?????? ????????????? ?????????? ??????? ?????? ???????????? ????? ????????????? ????? ????????? ??????? ?????. ???????? ??????????? ???????? ??????? ?????? ??????????????. ? ???? ?? ????? ????? ??????? ?? ???? ????? ????, ??? ????????? ??????? ??? ?????????? ?????????? ??????.
??? ?????? ????????????? ????????????? ???????????? Administrator, ?????????? ?????????? ??????? ???????, ????????? ????????????? ???? ? ??????? ????? ????, ????????? ???????? SMB ??????? ????? TCP/IP (????? 137,138,139), ?????????? ???????????????? ????????? ??????.
???????????: http://somarsoft.com/ntcrack.htm

??? ???? ?????? - ???????? ?????????? ?? ???? ??????????.
???????????:

IP-Watcher http://www.engarde.com/software/ipwatcher/watcher.html

MS SMS Netmon http://www.microsoft.com/smsmgmt/

???????? IIS

???????????? Anonymous ????? ???????? ? IIS ????? ????????????? ?????? ??? ????????? IIS ?? ?????????? ?????? (PDC)
???????????: http://www.microsoft.com/kb/articles/q147/6/91.htm

Internet Information Server 1.0 (IIS) ????????? ????????????? batch-?????? ? ???????? CGI-???????????. ??? ?????? ??????, ????????? batch-????? ??????????? ? ????????? ?????????? ?????????? (cmd.exe).
???????????:
http://www.microsoft.com/kb/articles/q155/0/56.htm
http://www.microsoft.com/kb/articles/Q148/1/88.htm
http://www.omna.com/iis-bug.htm

? IIS 1.0 ????? ???? 'http://www.domain.com/..\.." ????????? ????????????? ? ????????? ????? ??? ????????? ???????? web-???????.
????? 'http://www.domain.com/scripts..\..\scriptname" ????????? ????????? ????????? ??????.
?? ????????? ???????????? Guest ??? IUSR_WWW ????? ????? ?? ?????? ???? ?????? ?? ???? ?????????. ??? ??? ??? ????? ????? ???? ???????????, ??????? ? ????????.
????? "http://www.domain.com/scripts/exploit.bat>PATH\target.bat" ??????? ???? 'target.bat'. ???? ???? ??????????, ?? ????? ???????.
? ??? ?? ???????????? ???????? ?????
"http://www.domain.com/scripts/script_name%0A%0D>PATH\target.bat".
???????????: http://www.omna.com/iis-bug.htm

???? ??????????? ????? telnet ? ?????? 80, ??????? "GET ../.." <cr> ???????? ? ????? IIS ? ????????? "The application, exe\inetinfo.dbg, generated an application error The error occurred on date@ time The exception generated was c0000005 at address 53984655 (TCP_AUTHENT::TCP_AUTHENT"

????? ???? Denial of Service

Ping of Death

????????????????? ICMP-????? ???????? ??????? ????? ???????? ? ????????? ???????. ???, ??????? PING -l 65527 -s 1 hostname ?? NT 3.51 ???????? ? "?????? ??????" ? ??????????.

STOP: 0X0000001E
KMODE_EXCEPTION_NOT_HANDLED - TCPIP.SYS
-???-
STOP: 0x0000000A
IRQL_NOT_LESS_OR_EQUAL - TCPIP.SYS

???????????: http://www.microsoft.com/kb/articles/q132/4/70.htm
???????????: 3-? Service Pack c ??????????? ?????????? ICMP-fix

SYN-?????.

?????? ??????? ?????????? ???????? ?? TCP-?????????? (SYN) ? ??????????? ???????? ???????, ??????? ????????? ?????????:
??? ????????? ??????? ??????? ???????? ??????? ??? ?????? ??????????, ????? ???? ???????? ???????? ?? ?????? (??????? "SYN-ACK") ?? ???????????? ??????. ?? ????????? NT ?????? 3.5-4.0 ????? ???????? ????????? ????????????? 5 ??? - ????? 3, 6, 12, 24 ? 48 ??????. ????? ????? ??? 96 ?????? ??????? ????? ??????? ?????, ? ?????? ????? ????? ????????? ???????, ?????????? ??? ???????? ??????????. ????? ????? ????????? ???????? - 189 ??????.

???????????: http://www.microsoft.com/kb/articles/q142/6/41.htm
???????????: 3-? Service Pack

WinNuke
??????? ?????? ? 139-? ???? ???????? ? ???????????? NT 4.0, ???? ????? "?????? ?????? ??????" ? ????????????? 2-? Service Pack'??.
???????????: 3-? Service Pack c ??????????? ?????????? OOB fix. ??? ??????????? ???????? ????? ? ICMP-fix.

??????????? ??????? ?????? ? 135 ? ????????? ?????? ????? ???????? ? ???????????? ???????? ?????????? RPCSS.EXE. ?? NTWS ??? ???????? ? ????????????? ?????????? ??????, NTS ??????????? ??????????????.
???????????: 3-? Service Pack

Service Pack 3

?????? ???????? ???????????? NT4.0 ???? ????????? ? 3-? Service Pack'?. ?????? ??????????? ?????? ??????????. ? ?????? ??????? ??? ????? ???? Denial of Service - WinNuke, ?????? ?? 135-? ??????, ???????? ????????? SMB ("man-in-the-middle attack") ? ?.?. ???????????? ????????????? ?????????? SP3, ???? ??? ??????? ?????? ???????????? ????? ???????. ? ??????? ?????? SP3 ????? ??? ????????? ?????????? (hot-fixes), ????????? ??
ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postSP3.

asp-fix ?????????? ??????? ?????????????????? ? Active Server Pages 1.0b, ????????????? ?? IIS3.0

dblclick-fix ????????? ????????? (????????, Visio Professional 4.x) ????? ????????? SP3 ????? ??????????? ?? ??????? ?????? ???? ??? ?? ?????????. ??????? ? ?????? getadmin-fix.

dns-fix ????????? ????????? ????????, ????????? ? ???????? DNS

getadmin-fix ?????? ????????, ????????? ? ?????????? getadmin.exe, ??????? ????????? ????????????? (????? Guest) ???????? ???? ? ?????? Administrators ????????? ??????. ????? ???????? dblclick-fix ? java-fix.

icmp-fix ??????? ??????? ? ?????????? ??????? ??? ????????? ?????????????????? ICMP-?????? ???????? ???????. ???????? ????? oob-fix.

iis-fix ????????? IIS 2.0 ?3.0 ??? ????????? ???????? CGI-??????? (?? 4 ?? 8k)

java-fix ????????? IE3.02 ??? ???????? ??????? ? Java ????? ????????? SP3. ??????? ? ?????? getadmin-fix.

lm-fix ????????? ????????? ?????????????? Lan Manager (LM). ????????? ? ?????? ????? ???????? ? ?????????? ?????: HKLM\System\CurrentControlSet\control\LSA
Value: LMCompatibilityLevel
Value Type: REG_DWORD - Number
????????? ????????: 0,1,2, ?? ????????? - 0

0 - ???????????? ?????????????? LM ? Windows NT authentication (default).
1 - ???????????? ?????????????? Windows NT, ?LM - ?????? ?? ??????? ???????.
2 - ??????? ?? ???????????? ?????????????? LM.

? ????????? ?????? ?????????? ?????????? ? Windows'95 ? Windows for Workgroups

lsa-fix ????????? ?????? ??????? ? Lsass.exe, ??????????? ??? ???????? ????????????? ??????? ?????? ????????? ???????? ??? ?????????? ? LSA (Local Security Authority) ????? ??????????? ????? (named pipe).

ndis-fix ????????? ??????, ?????????? ?????? ?????? ? ????? ????? ? ?????????? ? ???????? ??????? ? ndis.sys ??? ????????????? ????????????? ????????? NDIS.

oob-fix ??????? "Out of Band" - ?????? ? 139-? ???? ????????? ? ????????? ??? ???????????? ??????? (????? WinNuke). ?????????????? ??????? ???????????, ?????????? ? SP3, ?? ????? ??? ????????. ??????? ? ?????? icmp-fix.

scsi-fix ?????????? ?????? ??? ?????? ? ????????? ?????? ?? ????? (Fault Tolerant Systems)

simptcp-fix ????? Denial of Service, ????????? ? ??????? ???????? ?????????? UDP-?????????? ? ??????? ?????? ?? 19-? ????, ??? ????????????? Simple TCP/IP services, ????????? ? ??????????? UDP-????????.

winsupd-fix ??????????? ?????? ? WINS, ?????????? ? ??? ?????????? ??? ????????? ???????? ??????? UDP

zip-fix ?????????? ??????? ? ATAPI-??????? Iomega ZIP

IP-Watcher	http://www.engarde.com/software/ipwatcher/watcher.html
MS SMS Netmon	http://www.microsoft.com/smsmgmt/

asp-fix	?????????? ??????? ?????????????????? ? Active Server Pages 1.0b, ????????????? ?? IIS3.0
dblclick-fix	????????? ????????? (????????, Visio Professional 4.x) ????? ????????? SP3 ????? ??????????? ?? ??????? ?????? ???? ??? ?? ?????????. ??????? ? ?????? getadmin-fix.
dns-fix	????????? ????????? ????????, ????????? ? ???????? DNS
getadmin-fix	?????? ????????, ????????? ? ?????????? getadmin.exe, ??????? ????????? ????????????? (????? Guest) ???????? ???? ? ?????? Administrators ????????? ??????. ????? ???????? dblclick-fix ? java-fix.
icmp-fix	??????? ??????? ? ?????????? ??????? ??? ????????? ?????????????????? ICMP-?????? ???????? ???????. ???????? ????? oob-fix.
iis-fix	????????? IIS 2.0 ?3.0 ??? ????????? ???????? CGI-??????? (?? 4 ?? 8k)
java-fix	????????? IE3.02 ??? ???????? ??????? ? Java ????? ????????? SP3. ??????? ? ?????? getadmin-fix.
lm-fix	????????? ????????? ?????????????? Lan Manager (LM). ????????? ? ?????? ????? ???????? ? ?????????? ?????: HKLM\System\CurrentControlSet\control\LSA Value: LMCompatibilityLevel Value Type: REG_DWORD - Number ????????? ????????: 0,1,2, ?? ????????? - 0 0 - ???????????? ?????????????? LM ? Windows NT authentication (default). 1 - ???????????? ?????????????? Windows NT, ?LM - ?????? ?? ??????? ???????. 2 - ??????? ?? ???????????? ?????????????? LM. ? ????????? ?????? ?????????? ?????????? ? Windows'95 ? Windows for Workgroups
lsa-fix	????????? ?????? ??????? ? Lsass.exe, ??????????? ??? ???????? ????????????? ??????? ?????? ????????? ???????? ??? ?????????? ? LSA (Local Security Authority) ????? ??????????? ????? (named pipe).
ndis-fix	????????? ??????, ?????????? ?????? ?????? ? ????? ????? ? ?????????? ? ???????? ??????? ? ndis.sys ??? ????????????? ????????????? ????????? NDIS.
oob-fix	??????? "Out of Band" - ?????? ? 139-? ???? ????????? ? ????????? ??? ???????????? ??????? (????? WinNuke). ?????????????? ??????? ???????????, ?????????? ? SP3, ?? ????? ??? ????????. ??????? ? ?????? icmp-fix.
scsi-fix	?????????? ?????? ??? ?????? ? ????????? ?????? ?? ????? (Fault Tolerant Systems)
simptcp-fix	????? Denial of Service, ????????? ? ??????? ???????? ?????????? UDP-?????????? ? ??????? ?????? ?? 19-? ????, ??? ????????????? Simple TCP/IP services, ????????? ? ??????????? UDP-????????.
winsupd-fix	??????????? ?????? ? WINS, ?????????? ? ??? ?????????? ??? ????????? ???????? ??????? UDP
zip-fix	?????????? ??????? ? ATAPI-??????? Iomega ZIP