📄 ntsec.html
字号:
a grave)</font><br>
<b><QX-Mat></b> Handy to track down what the school admin did wrong<br>
<b><QX-Mat></b> ;)<br>
<b><Cypher></b> QX-Mat, there are many log analyzers out there<br>
<font color="#ff0000">*** blindman`s_vision has joined #bsrf</font><br>
<b><Cypher></b> getting one would usually be a good idea<br>
<font color="#ff0000">*** snider has joined #bsrf</font><br>
<b><DigitalFallout></b> Hey all<br>
<b><ZipIt></b> What types of information do you (personally) audit...<br>
<b><Rockin_lad></b> me<br>
<b><Rockin_lad></b> but I think I'll ask it later , it may ne out of subject<br>
<b><QX-Mat></b> regex will meet your needs though<br>
<b><Cypher></b> hey blindman`s_vision, wb snider<br>
<b><Cypher></b> hey DF<br>
<font color="#ff0000">*** sanke has joined #bsrf</font><br>
<b><snider></b> stupid servers<br>
<b><blindman`s_vision></b> hey Cypher<br>
<b><snider></b> lecture still on?<br>
<b><QX-Mat></b> go....<br>
<b><Cypher></b> ZipIt, usually i audit logon attemps (failure/success)<br>
<b><Cypher></b> permittion changes<br>
<b><QX-Mat></b> We're all ears<br>
<font color="#ff0000">*** Olaf has quit IRC (Ping timeout)</font><br>
<b><Cypher></b> etc.<br>
<b><DigitalFallout></b> Can anybosy read the board?<br>
<b><Cypher></b> snider, yes<br>
<b><Cypher></b> lets continue<br>
<b><Cypher></b> NTFS is the flag file system of Microsoft, so it would be a pity
not to use it (they tried so hard :))<br>
<b><Cypher></b> if you're using NT => use NT File System<br>
<b><TTT></b> no, DF<br>
<b><Cypher></b> especially if you're running a server<br>
<b><Cypher></b> i think i don't need to explain the pros and cons of NTFS, right?<br>
<b><Cypher></b> or should i?<br>
<b><ZipIt></b> spare us<br>
<b><m0ded></b> do it<br>
<b><_quato_></b> nope<br>
<b><ZipIt></b> !<br>
<b><DigitalFallout></b> GO for it<br>
<b><sanke></b> yes<br>
<b><blindman`s_vision></b> do it<br>
<b><Cypher></b> NO - 2 | YES - 4<br>
<b><Cypher></b> ok ok :)<br>
<b><m0ded></b> yes do it ;p<br>
<b><ZipIt></b> damn<br>
<b><Cypher></b> NTFS .vs. FAT<br>
<b><DigitalFallout></b> God bless demoracy<br>
<b><Cypher></b> ZipIt, that's the request :)<br>
<b><Cypher></b> hehe<br>
<b><_quato_></b> ya right<br>
<b><ZipIt></b> Make it so... :(<br>
<b><Cypher></b> the biggest advantage of NTFS is its permittions control<br>
<font color="#ff0000">*** Rockin_lad has quit IRC (Ping timeout)</font><br>
<b><_caps></b> what does NTFS .vs. FAT has to do with a lecture about security
:><br>
<b><Cypher></b> which is the most important part of the permittion management
in a multi-user system (obviously)<br>
<b><ZipIt></b> caps - "permission control"<br>
<b><Cypher></b> _caps, of course (the part i'm talking about). besides i'll be
happy to tell about any other subject u ask :) (if i know it)<br>
<b><Cypher></b> permission!<br>
<b><Cypher></b> damn, why noone corrected me?<br>
<font color="#ff0000">*** Sub has quit IRC (Quit: ...)</font><br>
<b><m0ded></b> heh<br>
<b><Cypher></b> i kept saying "permittion " shame on me!<br>
<b><_caps></b> uhm, okay.. go on :> i'm not much informed on this topic.<br>
<b><_caps></b> heh, your forgiven<br>
<b><ZipIt></b> Cos were all nice... and besides it's piss funny!<br>
<b><Cypher></b> anyhow, set the permissions for the directories and assign proper
rights to your users<br>
<b><Cypher></b> and NTFS gives u that<br>
<b><Cypher></b> also, NTFS 5.0 (in win2k) has a Quota control<br>
<b><Cypher></b> letting u set space quotas for users on the disk<br>
<b><_quato_></b> Quota control????<br>
<b><Cypher></b> also, a useful feature - use it<br>
<b><ZipIt></b> User directory space<br>
<b><Cypher></b> _quato_, yes, u could limit users in disk space<br>
<font color="#ff0000">*** Raven has joined #bsrf</font><br>
<font color="#ff0000">*** ChanServ sets mode: +oa Raven Raven</font><br>
<b><m0ded></b> hey Raven<br>
<b><Raven></b> hey ho<br>
<b><Raven></b> sorry i'm late<br>
<b><DigitalFallout></b> Hello<br>
<b><Cypher></b> heya Raven<br>
<b><dr3x></b> my school needs that...somebody downloaded 3 gigs of mp3s and i
couldnt save my english report<br>
<b><Raven></b> just here to moderate<br>
<b><_quato_></b> hail raven<br>
<b><dr3x></b> Hi Raven<br>
<b><Raven></b> (it rhymes)<br>
<b><Slayer></b> hi Raven<br>
<b><Cypher></b> Raven, we are having lecture+questions structure<br>
<b><ZipIt></b> here we go again... another page full of hi's... damn yr popular
;))<br>
<b><Cypher></b> so u could +m on the lecture and -m on the questions, if u want<br>
<b><m0ded></b> yeah good idea<br>
<font color="#ff0000">*** Raven sets mode: +o Cypher</font><br>
<font color="#ff0000">*** ChanServ sets mode: -o Cypher</font><br>
<b><QX-Mat></b> Has it worked yet?<br>
<b><Raven></b> hmm, secureops<br>
<b><Raven></b> gimme a sec<br>
<b><Cypher></b> k<br>
<b><QX-Mat></b> Now?<br>
<font color="#ff0000">*** Raven sets mode: +o Cypher</font><br>
<b><QX-Mat></b> Nope<br>
<b><Raven></b> good<br>
<b><m0ded></b> +m<br>
<b><QX-Mat></b> ooh<br>
<b><Raven></b> did you start yet?<br>
<b><Cypher></b> Raven, an hour ago :)<br>
<b><m0ded></b> yeah<br>
<b><Raven></b> oops<br>
<b><Raven></b> :-)<br>
<b><Raven></b> are you in a break now or something?<br>
<b><ZipIt></b> zzzz<br>
<b><Rockin_lad></b> yeah I was late too<br>
<b><m0ded></b> set mode +m and lets continue..<br>
<b><Raven></b> or am i interrupting you?<br>
<b><_quato_></b> back to NTFS ...<br>
<b><Rockin_lad></b> damn oh damn analog dialups<br>
<b><Rockin_lad></b> okay NTFS <br>
<b><dr3x></b> yeah, on with the lecture<br>
<b><Cypher></b> k, lets move on then<br>
<b><Cypher></b> question time :)<br>
<b><Cypher></b> (was)<br>
<b><Cypher></b> _quato_ do u have any NTFS questions? i was thinking of moving
next<br>
<b><Cypher></b> another step to basic NT security is Audits<br>
<b><Cypher></b> try to break into your own system!<br>
<b><Raven></b> absolutely<br>
<b><Rockin_lad></b> how ?<br>
<b><_quato_></b> no questions....<br>
<b><Cypher></b> it will: 1. make u a better person ;-) and 2. make your system
a better system ;-)<br>
<b><_quato_></b> how secure is NTFS<br>
<b><_quato_></b> ??<br>
<b><snider></b> <b><_quato_></b> no questions....<br>
<b><Cypher></b> quato, pretty secure<br>
<b><_quato_></b> encryption??<br>
<b><Raven></b> the problem is that security holes arise from software itself<br>
<b><Raven></b> and not the file system<br>
<b><Raven></b> (usually)<br>
<b><Cypher></b> _much_more_ then all the other microsoft file systems<br>
<b><Cypher></b> quato, of course<br>
<b><_quato_></b> w2k - Kerberos <br>
<b><Cypher></b> encryption, compression, permissions, the whole pack<br>
<b><Cypher></b> Raven, yep... that's one of the probs<br>
<font color="#ff0000">*** Noon_Ghunna has joined #bsrf</font><br>
<b><Cypher></b> quato, also (but that's in win2k)<br>
<b><Raven></b> and we all know that microsoft isn't exactly security concious<br>
<b><QX-Mat></b> zzz<br>
<b><Cypher></b> Raven, Ce La Vi ;-)<br>
<b><Cypher></b> so, i was talking, Audits<br>
<b><Raven></b> they never do proper beta testing<br>
<b><Raven></b> :-)<br>
<b><DigitalFallout></b> Gee where have I heard that before.....<br>
<b><_caps></b> well, thing about microsoft products is that evntually you can't
secure something even if you want to :P<br>
<b><Cypher></b> there are great third-party software to test your shields<br>
<b><Cypher></b> the Security Scanners<br>
<b><Samcon></b> this is really strange cuse bill gates is a (retired?) hacker<br>
<b><Rockin_lad></b> Red Button is one of those <br>
<b><_caps></b> hacker? billy? ;><br>
<b><m0ded></b> he was<br>
<b><Cypher></b> Red button is to establish null sessions, no?<br>
<b><Samcon></b> sure, they kicked him out of his university for that<br>
<b><Cypher></b> eEye Retina (port scanner, but a good one), the ISS Internet
Scanner, the ISS RealSecure, WebTrends Sec Scanner, and more....<br>
<b><Rockin_lad></b> I dont know , I tried it , didnt work :)<br>
<b><Samcon></b> i think it was harvard<br>
<b><Slayer></b> i think its for getting admin<br>
<b><Cypher></b> Rockin_lad, u cannot always establish null sessions (then it
would be just too easy)<br>
<b><Slayer></b> dont know if it works<br>
<b><Rockin_lad></b> oh<br>
<font color="#ff0000">*** FrEEkY has quit IRC (Ping timeout)</font><br>
<font color="#ff0000">*** Samcon is now known as Samcon_watchin_flubber</font><br>
<b><Cypher></b> so, in conclusion, we had a NetBIOS intro, the IPC share and
Null Session, and the steps to secure NT station - questions?<br>
<b><DigitalFallout></b> (I was late) Did you cover local security?<br>
<b><Cypher></b> someone asked about passwords (the SAM, enryption, etc) - should
i explain on it?<br>
<b><m0ded></b> yeah<br>
<b><QX-Mat></b> Terry Parchett invented paged memory on his BBC clone<br>
<b><Rockin_lad></b> oh yes<br>
<b><Rockin_lad></b> plz<br>
<b><QX-Mat></b> he was a hacker too<br>
<b><Cypher></b> DF, local security? securing a machine from the admin? ;-))<br>
<b><DigitalFallout></b> :) No from people with access to the server<br>
<b><Cypher></b> DF, yes<br>
<b><Cypher></b> we discussed permissions<br>
<b><Cypher></b> NT uses an assymetric encryption algorithm (so does UNIX, btw)
to encrypt the passwords<br>
<b><DigitalFallout></b> Ok<br>
<b><Rockin_lad></b> what I really was woundering about , is how to break into
NT senmail version ?<br>
<b><m0ded></b> witch is?<br>
<b><DigitalFallout></b> I'l review the log when it is posted<br>
<font color="#ff0000">*** Raven has quit IRC (Quit: Cypher, you're on your own now. Good luck. :-))</font><br>
<b><Cypher></b> and it stores the hash (the encrypted password) in the SAM<br>
<b><QX-Mat></b> Unix's is unirotational<br>
<b><Cypher></b> SAM = part of the registry<br>
<b><Rockin_lad></b> or otherwise what soever<br>
<b><Cypher></b> and, despite "roomors", the password cannot be decrypted<br>
<b><Cypher></b> it can only be cracked<br>
<b><Rockin_lad></b> used to store information about users<br>
<b><Rockin_lad></b> and domains<br>
<b><Rockin_lad></b> oh<br>
<b><Rockin_lad></b> brute force ?<br>
<b><Cypher></b> there are two common methods:<br>
<b><Cypher></b> 1. Dictionary Attack<br>
<b><Cypher></b> meaning, to get a word, encrypt it, and compare to the hash<br>
<b><Cypher></b> same => this is the password, not => move to next word
in the dictionary<br>
<b><Cypher></b> and number 2 is Brute Forcing<br>
<b><Rockin_lad></b> wont that take alot of time ?<br>
<b><Cypher></b> which just generates those words<br>
<b><Rockin_lad></b> But brut ferce is very stupid <br>
<b><Cypher></b> yep, it'll probably take time<br>
<b><Cypher></b> yep again<br>
<b><Slayer></b> sometimes its the only way<br>
<b><Rockin_lad></b> there must be an interior bug<br>
<b><Cypher></b> that's why its is necessary to gather information first, so u
won't have to brute force it<br>
<b><Cypher></b> sometimes, u could social engeneer it out of the admin/user ;-)<br>
<b><Cypher></b> Rockin_lad, in assymetric algorithms?<br>
<b><DigitalFallout></b> That is a VERRY hard thing to do<br>
<b><Rockin_lad></b> so , can I have question now ?<br>
<b><Cypher></b> nope. its pure mathematics, no bugs there :-))<br>
<b><Cypher></b> shoot<br>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -