hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > General Network Security
vnet576
Sep 23 2003, 11:24 PM
Don't think thats how they did it. I tried deleting net.exe on my home computer and within a few seconds windows added a new net.exe.
vnet576
Sep 23 2003, 09:36 PM
Recently I found a server that was secured using a very interesting method. The net command was disabled. The server was win2k btw. Now how could they have disabled this command...

QUOTE

c:\>net start
'net' is not recognized as an internal or external command, operable program or batch file.
ReCoN
Sep 23 2003, 10:38 PM
i *think* they deleted the net.exe in the system dir
flame
Sep 23 2003, 11:06 PM
or maybe just maybe they un "path"d it ...
try going inside win directory or maybe
dir /s net.exe
then go to that directory it found net in...
or maybe just upload it (and also netcat.exe sure is usefull)

tenka
Sep 23 2003, 11:46 PM
lies..... you cant delete it

c:\windows\system32\net.exe start
- try dat/? unsure.gif
vnet576
Sep 24 2003, 12:23 AM
Like I said its not that u can't delete it...its just that windows restores it immediately.

No..."net.exe start" also gave me the same error on that server. If someone could figure out how he did it..it would be a very good way of securing servers.
SeNe
Sep 24 2003, 12:33 AM
u can rename it and after that rename another file like: nc.exe to net.exe so next time someone type wont get any result.
or u can remove privileges of the files from desktop so when someone tryes to access the file he gonna get ACCESS DENIED
Sh4dowWalker
Sep 26 2003, 08:58 AM
'Disabling' net command can be achieved in 2 ways.
First off you need to look for ALL net.exe's:
dir /a /s c:\net.exe

Then you can:
1. rename all net.exe's at a time
or
2. delete all net.exe's at a time


Windows can restore this file from few sources. Just make sure that you renamed/deleted ALL net.exe's at the same time. Make a simple bat script for this. For me bat works without problems. But if your Win is still restoring this file then you can play a little with AT command to schedule executing of this bat at startup. smile.gif
One more thing to know. Even if you succesfully renamed/deleted net.exe then Windows can alert an user with security message giving him an opportunity to reinstall this file from CD (an entry in event log is made also). This is called as Windows File Protection and is introduced in Win2000 and WinXP.
Protected files are: .sys, .dll, .ocx, .ttf, .fon i .exe

More information about Windows File Protection can be found here.


cool.gif
vnet576
Sep 26 2003, 07:29 PM
QUOTE (Sh4dowWalker @ Sep 26 2003, 08:58 AM)
One more thing to know. Even if you succesfully renamed/deleted net.exe then Windows can alert an user with security message giving him an opportunity to reinstall this file from CD (an entry in event log is made also). This is called as Windows File Protection and is introduced in Win2000 and WinXP.
Protected files are: .sys, .dll, .ocx, .ttf, .fon i .exe

Hmm...that is an interesting thing that you mentioned and I didn't know that windows would notify the user with that message.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.