Securing Nt Against Weak Nt Pass Attack

#16 northernsky

Private First Class

Group: Members
Posts: 34
Joined: 27-December 03

Posted 30 December 2003 - 12:48 PM

Hmmm, securing against a weak password attack......Unless anybody starts brute forcing you, as long as you don't use a weak password (6 char. with numbers/letters usually works well enough) Most people only really go for the easy kills anyway.

#17 Krogoth

Private First Class

Group: Members
Posts: 101
Joined: 23-December 03

Posted 01 January 2004 - 09:48 AM

let's think of a password with the combination of letters and numbers.
eg. t3st(4u&7ry.

i think this will be safe else you can use a firewall to block port 139.

#18 eXist

Private First Class

Group: Members
Posts: 110
Joined: 30-December 03

Posted 02 January 2004 - 05:59 PM

If you don't need NetBIOS on, apart from using a GOOD password, you could chuck all this in a batfile and run it:

net share /delete C$ /y
net share /delete D$ /y
net share /delete E$ /y
net share /delete F$ /y
net share /delete IPC$ /y
net share /delete ADMIN$ /y
net stop "Remote Registry Service"
net stop "Computer Browser"
net stop "Server" >> server.txt
net stop "REMOTE PROCEDURE CALL"
net stop "REMOTE PROCEDURE CALL SERVICE"
net stop "Remote Access Connection Manager"
net stop "telnet"
net stop "messenger"
net stop "netbios"
net stop "Net Logon"
net stop "TCP/IP NetBIOS Helper Service"

#19 Guest_f0cker_*

Group: Guests

Posted 07 January 2004 - 07:52 PM

Shares can be added remotely using rmtshare.exe from microsoft

#20 t_gillum

Private

Group: Members
Posts: 16
Joined: 06-January 04

Posted 08 January 2004 - 05:43 AM

Yeah you could just get rid of the admin hidden shares but the only thing is that once you restart they get shared agian. That creates sorta a hassle if you know what i mean

#21 Guest_mal.one_*

Group: Guests

Posted 15 January 2004 - 05:46 AM

i don't know if i'm right but as far as i know dameware is at least able to recreate the default admin shares , so i'm a bit sceptic about that shares deleting thing ...

greetz

#22 Guest_TrIaNguLaR_*

Group: Guests

Posted 18 January 2004 - 08:02 AM

very long passwds means lot better chances of you not getting hacked ;)

#23 Guest_nulladd_*

Group: Guests

Posted 18 January 2004 - 09:08 AM

windows stores both the lm and ntlm hashes, because lm hashes are less secure you can turn them off if your not worried about compatability with older windows versions

go here:
Control Panel ->Administrative Tool -> Local Security Settings
->Local Policies -> Security Options
and change the values in "Network Security: do not store lan manager hash....." and "Network Security: lan manager authentication level

BTW northernsky

Quote

6 char. with numbers/letters usually works well enough

that can be brute forced in seconds

#24 Spookie

Staff Sergeant

Group: Specialist
Posts: 293
Joined: 21-December 03

Posted 18 January 2004 - 03:16 PM

Heres some information for you regarding passwords, you may find of assistance.

CISSP Security Management and Practices

My pref. is passwords that are 8 characters in length which contain Upper Case - Lower Case - Special Characters - and numbers.

Beauty is only a light switch away

#25 Guest_robmilman_*

Group: Guests

Posted 02 March 2004 - 12:59 PM

Sorry, but I wanted to get back to the Dameware part of this thread.

I found this post from a Google search looking for a way to prevent Dameware from being installed by unauthorized users.

Setting restrict anonymous higher than 1 and disabling the administrative shares wasn't a great solution. This is what I ended up doing after getting nowhere with Dameware support.

I created a file in the %SystemRoot%\System32 folder called DWRCS.exe. Then I explicitly denied access to that file for everyone except the Domain Admins. Testing this on various W2K servers in our organization proved that no one but Domain Admins can install Dameware Mini Remote on our servers.

I hope that was clear enough, being my first post here.

Regards.

#26 technoboy

Private First Class

Group: Members
Posts: 120
Joined: 10-January 04

Posted 04 March 2004 - 11:50 AM

you could also disable auto share:

Quote

Set WshShell=CreateObject("Wscript.Shell")

WshShell.RegWrite "HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\AutoShareWks","0","REG_DWORD"
wscript.echo "��ɹ�"
set WshShell=nothing

#27 -8-

Private

Group: Members
Posts: 5
Joined: 23-March 04

Posted 16 May 2004 - 05:48 AM

Hi guys, here comes my 2 cents.

As well as using capital letters and numbers in yer password you could try using a non-standard ascii character (smething i read). Basically pick a number between 155 and 210 (rough guess on the numbers, but any number between that range will give you the non-standard character) hold down ALT key and type yer number in, try it in a word processor or notepad. This number and ALT will produce ONE character. simply insert this somewhere in yer password. So you get this "password(ALT-179)". Apparently i can't spell to save my life, but these charaters are said to beat most password cracking software (LC3).

I hope that was helpful, (can i have my two cents back now?)

:ph34r:

#28 hottzo

Private First Class

Group: Members
Posts: 78
Joined: 26-January 04

Posted 17 May 2004 - 10:43 AM

i believe the above batch script should do the job, also @ the begining add "@echo off" so that there will be no output 4 selected action:D also u can add the string to run the batch script in registry... HKLM\Software\Microsoft\Windows\CurrVers\Run, and add the the path of ur batch script....hf

(2 Pages)
←
1
2

You cannot start a new topic
You cannot reply to this topic

Forums: Securing Nt Against Weak Nt Pass Attack - Forums