hi
i saw many articles and threads like this one hxxp://info-x.co.uk/docview.asp?id=39 about securing windows etc etc, but there are some problems, where i have no solution....
i made these steps but the system isnīt secure, and this really really suxxx....
netbios is disabled, but you can still logon with such an dameware crap
made a bat file like..
Full Version: How To Sec Win2000 Serv System Right Way..
| CODE |
@echo off net share /delete C$ /y net share /delete D$ /y net share /delete E$ /y net share /delete F$ /y net share /delete G$ /y net share /delete H$ /y net share /delete I$ /y net share /delete J$ /y net share /delete K$ /y net share /delete L$ /y net share /delete M$ /y net share /delete N$ /y net share /delete O$ /y net share /delete P$ /y net share /delete Q$ /y net share /delete R$ /y net share /delete S$ /y net share /delete T$ /y net share /delete U$ /y net share /delete V$ /y net share /delete W$ /y net share /delete X$ /y net share /delete Y$ /y net share /delete Z$ /y net share /delete ADMIN$ /y net share /delete IPC$ /y net share /delete lwc$ /y net share /delete print$ /y net stop messenger net stop netbios |
and i couldnīt believe my eyes that someone can still logon o_O
i stopped and disabled about 12 - 20 services but it doesnīt work, holy win2000 shit
and then i tried to make telnet server runnning like it is described in link above. server runs but i canīt logon... whats the problem ?! ;o/
plz help
thanx guys
p.s.: donīt tell me "use search" or such a shit, i really dunno why i have these probs, i read 2 days threads about securing but no chance. i dunno what to do so plz help me. donīt want my sys to be infected....
mfg
First of all, is this your server, or do you have perms to do what you're doing ? because if you don't, maybe you should play too much into that comp, leaving traces of your act and all...
Back to the main question. There will always be a way to get in the computer, anyway you try to secure it. The best way to secure a computer is and will always be to unplug the internet....however, that isn't what you want it seems, so I'd say that you should backdoor the computer so that you can still get back in if that is necessary. You can also disable dameware without playing with the shares as far as I know. But as far as share and telnet is concerned, I can't help you much....but like I said, securing a comp aint always easy to do, and even if its secure, what tells you that there isn't another exploit out there that can enter that comp if it wants too.
Back to the main question. There will always be a way to get in the computer, anyway you try to secure it. The best way to secure a computer is and will always be to unplug the internet....however, that isn't what you want it seems, so I'd say that you should backdoor the computer so that you can still get back in if that is necessary. You can also disable dameware without playing with the shares as far as I know. But as far as share and telnet is concerned, I can't help you much....but like I said, securing a comp aint always easy to do, and even if its secure, what tells you that there isn't another exploit out there that can enter that comp if it wants too.
this is the one missing
net stop server /y <-- it will stop all shares and rpc services
or u can still change local policy
just keep in mind a good sysop will see any change made
when it comes to user rights so stopping a service is obvious.
net stop server /y <-- it will stop all shares and rpc services
or u can still change local policy
just keep in mind a good sysop will see any change made
when it comes to user rights so stopping a service is obvious.
rpc and all this crapīs stopped already......
Hey,
Why can't you install a FIREWALL dude? Ok ok, you read a lot, hey hey, I will send you another one, Could you go through it?
Heres the link, Download it and see whether it will help you or not. Oh, A long read.
http://nsa.www.conxion.com/win2k/guides/w2...urityguides.zip
Cool, Heres another link too, from the gr8 Microsoft itself. Dude go through it if you have "time". Well, a little more than a week, Lol.
http://www.microsoft.com/downloads/details...&displaylang=en
If nothing works, Buy a nice large C0ND0M and cover your PC, Nice, will be protected.
... To make sure, Use two together 
Manu
Why can't you install a FIREWALL dude? Ok ok, you read a lot, hey hey, I will send you another one, Could you go through it?
Heres the link, Download it and see whether it will help you or not. Oh, A long read.
http://nsa.www.conxion.com/win2k/guides/w2...urityguides.zip
Cool, Heres another link too, from the gr8 Microsoft itself. Dude go through it if you have "time". Well, a little more than a week, Lol.
http://www.microsoft.com/downloads/details...&displaylang=en
If nothing works, Buy a nice large C0ND0M and cover your PC, Nice, will be protected.
... To make sure, Use two together Manu
lol what a bad joke ^^
i just wanna sec ONE home webserver not a company this would take me weeks to read.... but thanx ^^
i just wanna sec ONE home webserver not a company this would take me weeks to read.... but thanx ^^
| QUOTE |
lol what a bad joke ^^ i just wanna sec ONE home webserver not a company this would take me weeks to read.... but thanx ^^ |
In fact, this was a reply I got from one of my friend in this FORUM itself long back when I talked seriously about some security things. I just shared it BOSS. Come on, be protected always.
Ok, could u answer some questions please? Well, you should think of these steps when you consider Security.
1. Did u rename your Admin account and disable Guest?
2. What password policy you have set? Could you do the following steps?
1) Open up MMC.
2) Add the Group Policy Snap-in, selecting local computer
3) Go to Windows settings > Security Settings > Account Policy
4) Change "Passwords must meet complexity requirements" to Enabled
3. Did u clean up your network Bindings?
Go to your NETWORK properties and disable CLIENT FOR MICROSOFT NETWORK and FILE AND PRINT SHARING etc thingies.
4. Do you have a firewall installed and your OS is up to date?
5. Ok, you want to share some folders, did you configure the SECURITY tab properly, like remove EVERYONE group from there?
6. Do you have an antivirus installed?
Well well, after doing everything, just disable those unwanted Services too, yup, the thing you did already.
Do a Online Penetration Test too, Go to Sygate.com and well, Follow the below link for these kind of things..
http://grc.com/freepopular.htm
Since it is windows, Never forget to update your OS,FIREWALL and ANTIVIRUS things. Otherwise you will be screwed. Take care man, You have a lot to do. Have a good time there around your Server.
Manu
Ok, a little addition to my last post.
Your To-Do List
Continue from my previous post.....
Now that you established a solid foundation, it is relatively easy to
maintain a secure system I told you. Try to perform the following
tasks on a regular basis.
1. Run the Microsoft Baseline Security Analyzer check - Do this once or twice
a month to keep track of any security issues and hotfixes that Microsoft
has to offer for your version of Windows.
2. Update your virus definitions - AVG and most commercial antivirus software
can be scheduled to automatically check for updates and install them if
needed. Take advantage of this feature and schedule regular updates, but
double-check frequently to make sure that the updates are taking place.
3. Run the Port Probe and Shields UP! test - Do this once or twice a month to
make sure your system is still tightly secured against intruders.
4. Check for Spyware - Do this as needed, preferably after every software
installation to make sure no unwanted software was introduced to your
system.
Thanks, I got to go now, Hope that you have got something to do.
Manu
Your To-Do List
Continue from my previous post.....
Now that you established a solid foundation, it is relatively easy to
maintain a secure system I told you. Try to perform the following
tasks on a regular basis.
1. Run the Microsoft Baseline Security Analyzer check - Do this once or twice
a month to keep track of any security issues and hotfixes that Microsoft
has to offer for your version of Windows.
2. Update your virus definitions - AVG and most commercial antivirus software
can be scheduled to automatically check for updates and install them if
needed. Take advantage of this feature and schedule regular updates, but
double-check frequently to make sure that the updates are taking place.
3. Run the Port Probe and Shields UP! test - Do this once or twice a month to
make sure your system is still tightly secured against intruders.
4. Check for Spyware - Do this as needed, preferably after every software
installation to make sure no unwanted software was introduced to your
system.
Thanks, I got to go now, Hope that you have got something to do.
Manu
n1 post manu, works fine, but one last thing... how to handle this telnet service ? how can i login for remote adinistration this machine ?! does it log ?
open localhost port
then it asks if i will share my pwd
i type no
then type in user
then type in pwd
enter
but doesnt connect o_O
mfg
open localhost port
then it asks if i will share my pwd
i type no
then type in user
then type in pwd
enter
but doesnt connect o_O
mfg
Dude, could you go to the following page too and spend a little time there?
http://www.markusjansson.net/esecuring.html
Hey, i didnt understand your telnet problem, Copy the error you get, Then can help you better. Hey, you can fix it yourself, Come on man.
Manu
http://www.markusjansson.net/esecuring.html
Hey, i didnt understand your telnet problem, Copy the error you get, Then can help you better. Hey, you can fix it yourself, Come on man.
Manu
i would fix but there is no error msg
user: myuser
pwd: *******
and then it stops, doesnīt login me, ports etc are opened
user: myuser
pwd: *******
and then it stops, doesnīt login me, ports etc are opened
Restart your computer.
May help
Manu
May help
Manu
Ok, I will write a little about Telnet here..
By default, the Telnet service supplied with Windows 2000 requires NTLM authentication. However, if Windows 2000 is configured to use Kerberos as its default authentication method, then Telnet users are not able to obtain access to domain/AD resources including network validation. To allow clear text passwords,
Run tlntadmn.exe
Select Display / change registry settings
Select NTLM
Change the default setting from 2 to 0 to disable the NTLM requirement
To start the telnet server, at the commandline:
net start tlntsvr
As a service, it can be start/stopped/paused as you need. It can be automatically started in all Windows 2000 Professional workstations if you want to support them remotely.
Are you still having problems my friend?
Hey, you can configure a logon banner and automatically execute commands at log on (map drives and so on). When a user connects, the Telnet service runs the file %systemroot%\System32\login.cmd. The login.cmd file is global and applies to all Telnet users who connect to the system. You can modify the script to include commands based on the %username% variable that execute other scripts as applicable to specific users. By default, login.cmd causes a simple banner to display the changes to the folder referenced by the %homedrive% and %homepath% variables. However, you can modify the script to change the banner or to include additional commands to customize the Telnet session's behavior.
You can restrict users from gaining access to Windows 2000 via Telnet:
If there is a local group named TelnetClients, W2k allows only users who are members of this group can access the computer via Telnet.
Manu
By default, the Telnet service supplied with Windows 2000 requires NTLM authentication. However, if Windows 2000 is configured to use Kerberos as its default authentication method, then Telnet users are not able to obtain access to domain/AD resources including network validation. To allow clear text passwords,
Run tlntadmn.exe
Select Display / change registry settings
Select NTLM
Change the default setting from 2 to 0 to disable the NTLM requirement
To start the telnet server, at the commandline:
net start tlntsvr
As a service, it can be start/stopped/paused as you need. It can be automatically started in all Windows 2000 Professional workstations if you want to support them remotely.
Are you still having problems my friend?
Hey, you can configure a logon banner and automatically execute commands at log on (map drives and so on). When a user connects, the Telnet service runs the file %systemroot%\System32\login.cmd. The login.cmd file is global and applies to all Telnet users who connect to the system. You can modify the script to include commands based on the %username% variable that execute other scripts as applicable to specific users. By default, login.cmd causes a simple banner to display the changes to the folder referenced by the %homedrive% and %homepath% variables. However, you can modify the script to change the banner or to include additional commands to customize the Telnet session's behavior.
You can restrict users from gaining access to Windows 2000 via Telnet:
If there is a local group named TelnetClients, W2k allows only users who are members of this group can access the computer via Telnet.
Manu
hm, doesnīt login
Microsoft ® Windows ™ Version 5.00 (Build 2195)
Welcome to Microsoft Telnet Service
Telnet Server Build 5.00.99206.1
login: admin
password: ********
then nothing goes on.. its correct that i should logon with an admin axx of the box ? ^^
greetz
Microsoft ® Windows ™ Version 5.00 (Build 2195)
Welcome to Microsoft Telnet Service
Telnet Server Build 5.00.99206.1
login: admin
password: ********
then nothing goes on.. its correct that i should logon with an admin axx of the box ? ^^
greetz
Well, may be my last post in this thread. Are you running a Webserver dude? If yes, please download a free tool SECURE IIS Standard from Eeye team and install it. Heres the link.http://www.eeye.com/html/Products/SecureIIS/Download.html
Manu
| QUOTE |
| hm, doesnīt login Microsoft Ū Windows T Version 5.00 (Build 2195) Welcome to Microsoft Telnet Service Telnet Server Build 5.00.99206.1 login: admin password: ******** then nothing goes on.. its correct that i should logon with an admin axx of the box ? ^^ greetz |
Dude, I am getting sleepy, now it is 1.50 Am here in Kuwait, Cant hold more.. See you tomorrow.. My brain is dead.
Manu
kk see ya tomorrow...... ^^
yes win2000 webserver
yes win2000 webserver
My friend,
You have disabled some services with your script, right?.. Could you go back and enable all of them and carefully disable one by one. But, wait a moment. After enabling all those processes, Try to telnet. Just a try m8.
Manu
You have disabled some services with your script, right?.. Could you go back and enable all of them and carefully disable one by one. But, wait a moment. After enabling all those processes, Try to telnet. Just a try m8.
Manu
*g* i disabled windows network and spooler shit of the network connection, restarted, and now server is fuc*ed up o_O omg
You are screwed..!! Lol.. People make mistakes...!!
Well, let me tell you dude, Be patient before jumping into anything. Use your damn brain. Think think think before doing anything. You can do it man,
Manu
Well, let me tell you dude, Be patient before jumping into anything. Use your damn brain. Think think think before doing anything. You can do it man,
Manu
perhaps it is because:
net stop server /y ???
this automatically stops net logon etc..
so second try..... n1 that the server is @ home *g*
net stop server /y ???
this automatically stops net logon etc..
so second try..... n1 that the server is @ home *g*
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
