Crackers Break in as Administrator
As we look around Oldguy further, we see that
there's not much else an anonymous user can do to it. We know
that there is a user named Administrator. What can we do if we
can convince Oldguy that we are Administrator?
note: in Windows NT, 2000 and XP, the Administrator user has
total power over its computer, just as root has total power
over a Unix/Linux type computer. However, it is possible to
change the name of Administrator so an attacker has to guess
which user has all the power.
Let's try to log in as Administrator by guessing
the password. Give the command:
\\10.0.0.2\ipc$ * /user:Administrator
Type the password for
System error 1219 has occurred.
Multiple connections to
a server or shared resource by the same user, using more than
one user name, are not allowed. Disconnect all previous
connections to the server or shared resource and try again.
This means that someone else is currently logged
onto this server who has Administrator rights. Furthermore,
this person is probably watching me on an IDS and thinking up
terrible things to do to me. Eeep! Actually this is all going
on inside my hacker lab - but you get the idea of what it could
be like when trying to invade a computer without permission.
I discover that whether I guess the password
correctly or not, I always get the same error message. This is
a good safety feature. On the other hand, one of the users is
named Administrator. This is a bad thing for the defender. When
you first set up a Windows server, there is always a user
called Administrator, and he or she has total power over that
computer. If you know the all-powerful user is named
Administrator, you can try guessing the password whenever no
one is logged on with Administrator powers.
Computer criminals don't waste time guessing by
hand. They use a program to guess passwords, and it can guess
so fast that it has a good chance of eventually finding the
right one. These programs are why smart Windows administrators
rename their Administrator accounts and choose hard to guess
passwords. Also, this kind of persistent attack will be
detected by an intrusion detection system, making it easy to
catch criminals at work.
can get expelled warning: What if you are a student and you
want to save your school from malicious code kiddies who steal
tests and change grades? It is important to get permission *in
writing* before you test the school's network. Even then, you
still must be careful to be a model student. If you act up, cut
classes - you know what I mean - the first time a cracker
messes up the network, who do you think they will suspect? Yes,
it's unfair, and yes, that is the way the world
How to Scan for Computers Using NetBIOS -->