?? ntsec.html
字號(hào):
of letters, symbols, and numbers<br>
<b><tcg></b> again, I love your stylw<br>
<b><tcg></b> style, rather<br>
<b><Samcon></b> :)<br>
<b><tcg></b> man<br>
<b><tcg></b> noone guess passwords today<br>
<b><Cypher></b> that's it for passwords<br>
<b><TTT></b> There is a simple way to get a good password:<br>
<b><Cypher></b> questions? (elad?)<br>
<b><TTT></b> Take a phrase you remember always<br>
<b><TTT></b> e.g.<br>
<b><elad></b> yeah<br>
<font color="#ff0000">*** Rockin_lad has joined #bsrf</font><br>
<b><TTT></b> The Matrix is a great Movie<br>
<font color="#ff0000">*** _zach- has quit IRC (Quit: yyhythythtnnt)</font><br>
<b><elad></b> who is the real slim shady?<br>
<b><TTT></b> then take every first letter<br>
<b><TTT></b> and put it together<br>
<b><Cypher></b> elad, u?! ;)<br>
<b><TTT></b> so you got a good "base" for a password<br>
<b><TTT></b> and you remember it always<br>
<b><elad></b> tmiagm is a bad password<br>
<b><Samcon></b> this has a real connection to the lecture<br>
<b><TTT></b> as I said, it is a base<br>
<b><m0ded></b> aaa is worse<br>
<b><Rockin_lad></b> Hello room <br>
<b><Rockin_lad></b> am I late ?<br>
<b><Sub></b> yes<br>
<b><m0ded></b> yeah u are<br>
<b><Cypher></b> anyhow, if there are no more questions, lets continue<br>
<b><Cypher></b> hey rockin_lad, a bit, yes<br>
<b><Rockin_lad></b> oh shit <br>
<b><QX-Mat></b> I have a question<br>
<b><Slayer[reading_eating]></b> me too<br>
<b><Rockin_lad></b> damn analog dialups<br>
<b><Cypher></b> shoot, QX-Mat, Slayer<br>
<b><QX-Mat></b> When calculating user ages under NT, what is the age set from
(enum_xxxx_xxxx etc)<br>
<b><elad></b> ok i'm out<br>
<b><tcg></b> ;\<br>
<font color="#ff0000">*** _sniper- has joined #bsrf</font><br>
<font color="#ff0000">*** _sniper- is now known as sniper</font><br>
<b><Slayer[reading_eating]></b> the only way to crack the share pass is brute
force?<br>
<b><Cypher></b> QX-Mat, user age? i'm not following....<br>
<font color="#ff0000">*** SpiderMan has joined #bsrf</font><br>
<b><Sub></b> i gotta go<br>
<b><TTT></b> Hi, spider!<br>
<b><QX-Mat></b> Never mind<br>
<b><SpiderMan></b> hi<br>
<b><Sub></b> cya all<br>
<b><Cypher></b> Slayer, no, u could also try a dictionary attack<br>
<font color="#ff0000">*** Sub has quit IRC (Quit: gone)</font><br>
<b><QX-Mat></b> I say later with more info<br>
<b><SpiderMan></b> wow there are a lot of people here, is there a lecture?<br>
<b><m0ded></b> yeah god damniut<br>
<b><TTT></b> jep, spider<br>
<b><Samcon></b> yep<br>
<b><m0ded></b> shut up<br>
<b><Cypher></b> lets continue<br>
<b><TTT></b> NT-Security<br>
<b><Slayer[reading_eating]></b> yeah i now is there any other way then guess
attacks<br>
<b><Cypher></b> next issue - Permissions<br>
<b><Rockin_lad></b> bye<br>
<b><Cypher></b> organize them! there is no purpose of giving everyone access
to all directories...<br>
<font color="#ff0000">*** Olaf has quit IRC (Ping timeout)</font><br>
<b><Cypher></b> keep users to their home dirs, and don't let them browse away<br>
<b><m0ded></b> Read-Only<br>
<b><Rockin_lad></b> registry maybe ?!<br>
<b><Rockin_lad></b> take the encryped password and decrypt it , would that work
?<br>
<b><Slayer[reading_eating]></b> i guess no<br>
<b><Cypher></b> Rockin_lad, u cannot decrypt passwords<br>
<b><Cypher></b> they use assimetric functions - one-way<br>
<b><tcg></b> 1 way encryption<br>
<b><tcg></b> ;\<br>
<b><tcg></b> bbl<br>
<b><Cypher></b> next - The Administrator account<br>
<b><Rockin_lad></b> no , I just guessd , I think they have programs for that<br>
<b><Cypher></b> Rockin_lad, they do something else<br>
<b><Cypher></b> not decryption<br>
<b><Cypher></b> which is, sadly, a built-in NT account u have no way of deleting.
but u can rename it.....<br>
<b><Cypher></b> now, what good will a rename do?<br>
<b><tcg></b> people wont guess it ;\<br>
<b><Cypher></b> and the default password is <blank>, btw....<br>
<b><dr3x></b> evil script kiddies wont know what account to h4x0r<br>
<b><Cypher></b> right :) although this sound to simple, most ppl first try
the Administrator:<blank> and Guest:Guest combinations<br>
<font color="#ff0000">*** Slayer[reading_eating] is now known as Slayer</font><br>
<font color="#ff0000">*** sanke has joined #bsrf</font><br>
<b><dr3x></b> I know i do!<br>
<b><Cypher></b> so that rename will stop most script kiddies<br>
<b><dr3x></b> (oops)<br>
<b><Cypher></b> hehe :)<br>
<b><sanke></b> Hey Qx<br>
<b><Cypher></b> which just seek the net for "test-my-kEwL-haX0r-skilZ"
purposes and have no intention for your system, specifically<br>
<font color="#ff0000">*** snider has joined #bsrf</font><br>
<font color="#ff0000">*** sniper has quit IRC (Ping timeout)</font><br>
<b><snider></b> [19:37] [snider PING reply]: 41secs ............shit<br>
<b><Cypher></b> so a fair solution is to rename that account and password it.<br>
<b><Cypher></b> then create another account, named Administrator, but with absolutely
NO permittions<br>
<b><dr3x></b> honey pot?<br>
<b><Cypher></b> that's another anti-script-kiddie countermeasure<br>
<b><TTT></b> dr3x, no<br>
<b><Cypher></b> dr3x, kinda yeah :)<br>
<b><dr3x></b> cant you set the Administrator account to set off all sorts of
alarms?<br>
<b><TTT></b> A honeypot would act more aggressive, does it?<br>
<b><Rockin_lad></b> correct me if I'm wrong , but aint the pass file supposed
to somewhere under HKWEY_LOCAL_MACHINE/SAM OR SOMETHING ?<br>
<b><dr3x></b> thatd make sense<br>
<b><Cypher></b> besides, u could audit and see when someone tryes to access that
account.... and KILL KILL KILL :)<br>
<b><dr3x></b> yeah,<br>
<b><Cypher></b> dr3x, u can write on-logon scripts<br>
<b><Cypher></b> rockin_lad, yes<br>
<b><Cypher></b> we'll get to that<br>
<b><Rockin_lad></b> k<br>
<font color="#ff0000">*** _zach- has joined #bsrf</font><br>
<b><Cypher></b> of and btw, u also should set a real good password: something
like - "try_and_hax0r_me_u_dumbas" ;-) so he won't have it easy<br>
<b><Cypher></b> getting your "zero permittions" account also :)<br>
<b><dr3x></b> hehehe<br>
<b><Cypher></b> question time<br>
<b><QX-Mat></b> me<br>
<font color="#ff0000">*** tcg has quit IRC (Quit: ircII EPIC4-0.9.1 -- Accept no limitations)</font><br>
<b><QX-Mat></b> Back with that thing earlier<br>
<b><QX-Mat></b> For example: <br>
<b><QX-Mat></b> # Win32-NT :)<br>
<b><QX-Mat></b> use Win32::NetAdmin;<br>
<b><QX-Mat></b> UserGetAttributes("", $_, $password, $passwordAge,
$privilege, $homeDir, $comment, $flags, $scriptPath)<br>
<b><QX-Mat></b> <br>
<b><QX-Mat></b> The user/password age is a number, but this number is not the
seconds since the passwords was<br>
<b><QX-Mat></b> activated, but the seconds (or days/minuets?) from 1980 sometime
untill the password was created<br>
<b><QX-Mat></b> plus the actual age.<br>
<b><QX-Mat></b> Ex: 1980 to today is 20 years + say 1 since the user made their
password, then you do<br>
<b><QX-Mat></b> (((((21*365)+5)*24)*60)*60), but I'm<br>
<b><QX-Mat></b> not sure of the exact date in 1980?<br>
<font color="#ff0000">*** ZipIt has joined #bsrf</font><br>
<b><Cypher></b> are u asking what password age is measured in? days i believe....<br>
<b><QX-Mat></b> yes, but from?<br>
<b><Cypher></b> its the time since the password was set<br>
<b><Cypher></b> or changed, of course<br>
<b><QX-Mat></b> That's not how it works out of.... and I did read it was set
from a data in the 80's<br>
<font color="#ff0000">*** wallk has joined #bsrf</font><br>
<b><Cypher></b> perhaps in nt3.51? or did u read about nt4/5?<br>
<b><QX-Mat></b> same, user attributes are the same...<br>
<font color="#ff0000">*** ZipIt has quit IRC (Killed (NickServ (GHOST command used by wallk)))</font><br>
<font color="#ff0000">*** wallk is now known as zipit</font><br>
<b><QX-Mat></b> it was because of Nt 3.51 though<br>
<font color="#ff0000">*** zipit is now known as ZipIt</font><br>
<b><Cypher></b> i'll check that out, can't give u a full answer now<br>
<b><QX-Mat></b> ok<br>
<b><Cypher></b> its a novice lecture, after all :)<br>
<b><ZipIt></b> Hello all#<br>
<b><Cypher></b> lets continue then<br>
<b><Cypher></b> hey ZipIt<br>
<b><Cypher></b> next issue of the day is - Lockout and Audit policies<br>
<b><Rockin_lad></b> will be covering , Microfosf Exchange ?<br>
<b><Cypher></b> if there is a thing users hate is complex passwords and lockouts<br>
<b><Cypher></b> no<br>
<b><Rockin_lad></b> oh , okay then <br>
<b><Cypher></b> but as an admin, u _must_ set a complex passwords and a lockout
policy<br>
<b><Rockin_lad></b> lockout ?!<br>
<b><Cypher></b> (therefor being hated by the users) :)<br>
<b><Rockin_lad></b> he he<br>
<b><Cypher></b> Lockout means that the system locks up after a certain number<br>
<b><ZipIt></b> But what a user wants is not always the best thing...<br>
<b><Cypher></b> of invalid login attempts<br>
<font color="#ff0000">*** sanke has quit IRC (Ping timeout)</font><br>
<b><Rockin_lad></b> oh I see , <br>
<b><Samcon></b> screw the users<br>
<b><Cypher></b> ZipIt, absolutelly correct!<br>
<font color="#ff0000">*** Olaf has joined #bsrf</font><br>
<b><Cypher></b> i recommend setting the invalid attemps to 3 or 5, and the lockout
time to about 10 minutes (or more, if u desire)<br>
<b><Cypher></b> that's actually the time in which the user cannot try any logins<br>
<b><Cypher></b> (also an anti-script-kiddie countermeasure)<br>
<font color="#ff0000">*** _quato_ has joined #bsrf</font><br>
<b><Cypher></b> if he tryes 3 or even 5 attemps and then looses connection he'll
just (usually) backaway<br>
<b><_quato_></b> greetings<br>
<b><ZipIt></b> Cypher - What about Auditing failed attemps<br>
<b><ZipIt></b> ?<br>
<b><Cypher></b> getting to it now :)<br>
<b><ZipIt></b> soz<br>
<b><Cypher></b> Auditing is another _very_ important issue in sec.<br>
<b><_caps></b> was just reading the logs.., about setting a "lifetime"
for passwords, that isn't a real good idea if you are running a big network
that has to be dynamic<br>
<b><Cypher></b> its help u see all those invalid logins or ever successfull ones<br>
<b><_caps></b> users can't always check for new passwords<br>
<b><Cypher></b> _caps, but imagine someone gets one "unlimited" password.....<br>
<b><QX-Mat></b> my neighbors on BBC2<br>
<b><Cypher></b> save that to the questions time (soon to be) plz<br>
<font color="#ff0000">*** Sub has joined #bsrf</font><br>
<b><ZipIt></b> But if there's 1 thing Admin's hate... and thats "wading"
through MB's of Audit logs<br>
<b><Cypher></b> Auditing lets u monitor all sorts of security related activity
on your machine/network<br>
<b><_quato_></b> greetings Samcon<br>
<b><_caps></b> okay :) was just reading logs and thought i'll note on that.<br>
<b><Cypher></b> ZipIt, normal admins, just hate logs :)<br>
<b><ZipIt></b> lol<br>
<b><Cypher></b> but they use and read them, anyhow :)<br>
<b><_zach-></b>; some..<br>
<b><_zach-></b>; :)<br>
<b><Cypher></b> so the conclusion is - read your logs!!! don't underestimate
the great power of the written word! ;-)<br>
<b><Samcon></b> ?<br>
<b><Cypher></b> now - before i move to NTFS - questions<br>
<font color="#ff0000">*** sniper has joined #bsrf</font><br>
<font color="#ff0000">*** sniper has quit IRC (Quit: plec la mama acasa !!! :))))</font><br>
<font color="#ff0000">*** snider has quit IRC (Ping timeout)</font><br>
<b><Cypher></b> anyone?<br>
<b><QX-Mat></b> With Win32::EventLog, you can make perl cypher though to check
for "naughty" things<br>
<font color="#ff0000">*** DigitalFallout has joined #bsrf</font><br>
<font color="#ff0000">*** Samcon has quit IRC (Quit: Women, You can't dig them and you can't dig them
?? 快捷鍵說(shuō)明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號(hào)
Ctrl + =
減小字號(hào)
Ctrl + -