hi i saw many articles and threads like this one hxxp://info-x.co.uk/docview.asp?id=39 about securing windows etc etc, but there are some problems, where i have no solution....
i made these steps but the system isnīt secure, and this really really suxxx.... netbios is disabled, but you can still logon with such an dameware crap made a bat file like..
CODE
@echo off net share /delete C$ /y net share /delete D$ /y net share /delete E$ /y net share /delete F$ /y net share /delete G$ /y net share /delete H$ /y net share /delete I$ /y net share /delete J$ /y net share /delete K$ /y net share /delete L$ /y net share /delete M$ /y net share /delete N$ /y net share /delete O$ /y net share /delete P$ /y net share /delete Q$ /y net share /delete R$ /y net share /delete S$ /y net share /delete T$ /y net share /delete U$ /y net share /delete V$ /y net share /delete W$ /y net share /delete X$ /y net share /delete Y$ /y net share /delete Z$ /y net share /delete ADMIN$ /y net share /delete IPC$ /y net share /delete lwc$ /y net share /delete print$ /y net stop messenger net stop netbios
and i couldnīt believe my eyes that someone can still logon o_O i stopped and disabled about 12 - 20 services but it doesnīt work, holy win2000 shit
and then i tried to make telnet server runnning like it is described in link above. server runs but i canīt logon... whats the problem ?! ;o/
plz help thanx guys
p.s.: donīt tell me "use search" or such a shit, i really dunno why i have these probs, i read 2 days threads about securing but no chance. i dunno what to do so plz help me. donīt want my sys to be infected....
mfg
mortello
Jun 11 2004, 05:48 PM
First of all, is this your server, or do you have perms to do what you're doing ? because if you don't, maybe you should play too much into that comp, leaving traces of your act and all...
Back to the main question. There will always be a way to get in the computer, anyway you try to secure it. The best way to secure a computer is and will always be to unplug the internet....however, that isn't what you want it seems, so I'd say that you should backdoor the computer so that you can still get back in if that is necessary. You can also disable dameware without playing with the shares as far as I know. But as far as share and telnet is concerned, I can't help you much....but like I said, securing a comp aint always easy to do, and even if its secure, what tells you that there isn't another exploit out there that can enter that comp if it wants too.
KoNh
Jun 11 2004, 08:03 PM
this is the one missing
net stop server /y <-- it will stop all shares and rpc services
or u can still change local policy just keep in mind a good sysop will see any change made when it comes to user rights so stopping a service is obvious.
SeNSeMaNN
Jun 11 2004, 08:19 PM
rpc and all this crapīs stopped already......
manu
Jun 11 2004, 09:13 PM
Hey,
Why can't you install a FIREWALL dude? Ok ok, you read a lot, hey hey, I will send you another one, Could you go through it?
Heres the link, Download it and see whether it will help you or not. Oh, A long read.
If nothing works, Buy a nice large C0ND0M and cover your PC, Nice, will be protected. ... To make sure, Use two together
Manu
SeNSeMaNN
Jun 11 2004, 09:26 PM
lol what a bad joke ^^
i just wanna sec ONE home webserver not a company this would take me weeks to read.... but thanx ^^
manu
Jun 11 2004, 09:28 PM
QUOTE
lol what a bad joke ^^
i just wanna sec ONE home webserver not a company this would take me weeks to read.... but thanx ^^
In fact, this was a reply I got from one of my friend in this FORUM itself long back when I talked seriously about some security things. I just shared it BOSS. Come on, be protected always.
Ok, could u answer some questions please? Well, you should think of these steps when you consider Security.
1. Did u rename your Admin account and disable Guest? 2. What password policy you have set? Could you do the following steps?
1) Open up MMC. 2) Add the Group Policy Snap-in, selecting local computer 3) Go to Windows settings > Security Settings > Account Policy 4) Change "Passwords must meet complexity requirements" to Enabled
3. Did u clean up your network Bindings?
Go to your NETWORK properties and disable CLIENT FOR MICROSOFT NETWORK and FILE AND PRINT SHARING etc thingies.
4. Do you have a firewall installed and your OS is up to date? 5. Ok, you want to share some folders, did you configure the SECURITY tab properly, like remove EVERYONE group from there?
6. Do you have an antivirus installed?
Well well, after doing everything, just disable those unwanted Services too, yup, the thing you did already.
Do a Online Penetration Test too, Go to Sygate.com and well, Follow the below link for these kind of things.. http://grc.com/freepopular.htm Since it is windows, Never forget to update your OS,FIREWALL and ANTIVIRUS things. Otherwise you will be screwed. Take care man, You have a lot to do. Have a good time there around your Server.
Manu
manu
Jun 11 2004, 09:56 PM
Ok, a little addition to my last post.
Your To-Do List
Continue from my previous post.....
Now that you established a solid foundation, it is relatively easy to maintain a secure system I told you. Try to perform the following tasks on a regular basis.
1. Run the Microsoft Baseline Security Analyzer check - Do this once or twice a month to keep track of any security issues and hotfixes that Microsoft has to offer for your version of Windows.
2. Update your virus definitions - AVG and most commercial antivirus software can be scheduled to automatically check for updates and install them if needed. Take advantage of this feature and schedule regular updates, but double-check frequently to make sure that the updates are taking place.
3. Run the Port Probe and Shields UP! test - Do this once or twice a month to make sure your system is still tightly secured against intruders.
4. Check for Spyware - Do this as needed, preferably after every software installation to make sure no unwanted software was introduced to your system.
Thanks, I got to go now, Hope that you have got something to do.
Manu
SeNSeMaNN
Jun 11 2004, 09:58 PM
n1 post manu, works fine, but one last thing... how to handle this telnet service ? how can i login for remote adinistration this machine ?! does it log ?
open localhost port
then it asks if i will share my pwd i type no
then type in user then type in pwd enter
but doesnt connect o_O
mfg
manu
Jun 11 2004, 10:06 PM
Dude, could you go to the following page too and spend a little time there?
Hey, i didnt understand your telnet problem, Copy the error you get, Then can help you better. Hey, you can fix it yourself, Come on man.
Manu
SeNSeMaNN
Jun 11 2004, 10:12 PM
i would fix but there is no error msg
user: myuser pwd: *******
and then it stops, doesnīt login me, ports etc are opened
manu
Jun 11 2004, 10:21 PM
Restart your computer.
May help
Manu
manu
Jun 11 2004, 10:29 PM
Ok, I will write a little about Telnet here..
By default, the Telnet service supplied with Windows 2000 requires NTLM authentication. However, if Windows 2000 is configured to use Kerberos as its default authentication method, then Telnet users are not able to obtain access to domain/AD resources including network validation. To allow clear text passwords,
Run tlntadmn.exe Select Display / change registry settings Select NTLM Change the default setting from 2 to 0 to disable the NTLM requirement To start the telnet server, at the commandline:
net start tlntsvr
As a service, it can be start/stopped/paused as you need. It can be automatically started in all Windows 2000 Professional workstations if you want to support them remotely.
Are you still having problems my friend?
Hey, you can configure a logon banner and automatically execute commands at log on (map drives and so on). When a user connects, the Telnet service runs the file %systemroot%\System32\login.cmd. The login.cmd file is global and applies to all Telnet users who connect to the system. You can modify the script to include commands based on the %username% variable that execute other scripts as applicable to specific users. By default, login.cmd causes a simple banner to display the changes to the folder referenced by the %homedrive% and %homepath% variables. However, you can modify the script to change the banner or to include additional commands to customize the Telnet session's behavior.
You can restrict users from gaining access to Windows 2000 via Telnet:
If there is a local group named TelnetClients, W2k allows only users who are members of this group can access the computer via Telnet.
Manu
SeNSeMaNN
Jun 11 2004, 10:40 PM
hm, doesnīt login
Microsoft ® Windows ™ Version 5.00 (Build 2195) Welcome to Microsoft Telnet Service Telnet Server Build 5.00.99206.1 login: admin password: ********
then nothing goes on.. its correct that i should logon with an admin axx of the box ? ^^
greetz
manu
Jun 11 2004, 10:41 PM
Well, may be my last post in this thread. Are you running a Webserver dude? If yes, please download a free tool SECURE IIS Standard from Eeye team and install it. Heres the link.
Microsoft Ū Windows T Version 5.00 (Build 2195) Welcome to Microsoft Telnet Service Telnet Server Build 5.00.99206.1 login: admin password: ********
then nothing goes on.. its correct that i should logon with an admin axx of the box ? ^^
greetz
Dude, I am getting sleepy, now it is 1.50 Am here in Kuwait, Cant hold more.. See you tomorrow.. My brain is dead.
Manu
SeNSeMaNN
Jun 11 2004, 10:46 PM
kk see ya tomorrow...... ^^
yes win2000 webserver
manu
Jun 12 2004, 08:15 AM
My friend,
You have disabled some services with your script, right?.. Could you go back and enable all of them and carefully disable one by one. But, wait a moment. After enabling all those processes, Try to telnet. Just a try m8.
Manu
SeNSeMaNN
Jun 12 2004, 08:40 AM
*g* i disabled windows network and spooler shit of the network connection, restarted, and now server is fuc*ed up o_O omg
manu
Jun 12 2004, 08:48 AM
You are screwed..!! Lol.. People make mistakes...!!
Well, let me tell you dude, Be patient before jumping into anything. Use your damn brain. Think think think before doing anything. You can do it man,
Manu
SeNSeMaNN
Jun 12 2004, 08:49 AM
perhaps it is because:
net stop server /y ??? this automatically stops net logon etc..
so second try..... n1 that the server is @ home *g*
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
... To make sure, Use two together 
Well, may be my last post in this thread. Are you running a Webserver dude? If yes, please download a free tool SECURE IIS Standard from Eeye team and install it. Heres the link.
