Results 1 to 10 of 10

Thread: Windows2000 security questions....

  1. #1
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Posts
    167

    Windows2000 security questions....

    Hey fellas, i have few questions that have been bothering me.

    Background: this is taking place on a windows2000 pro network(maybe server ed. not sure)

    1. My friend downloaded a registry editing tool, (RegTickPro I believe..and yes its Tick). And it had an auto admin feature to it. To my surprise, he can log in w/ admin rights under the guest account. From there he deleted the existing password for Admin and picked his own, w/o even knowing the orginal password. Was their something in the registry that was changed in order for this to take effect? Because w/ my knowledge Guest accounts can not access the regedit/regedt32. However I did a google search and found some info on and autoadmin exploit. Though i didn't get much info. I was wondering if any of you guys know anything about this reg key/exploit.

    2. This pertains to the above question. I wanted my friend to make an account w/ admin rights on my computer remotely. Because I can't install software w/ guest. So i told him to go to Computer Management and connect to my IP. Then from their go to local group/hosts tab(I forget the exact name of the tab) and from their create an account for me. However, under guest account he can create a guest account for me, though when he is logged in as Admin, he can not access that tab in computer management when connected to my computer. It won't let him, I forget the error and i'll try to find out the error tommorrow. Any ideas on any other ways to add an account remotely. I looked throught the "NET" (Specificly net user) commmands and there seems to be no feature to do so.

    3. And do you guys know of any good tools to allow someone to change registry keys remotely. (and yes I know that "Remote Registry" must be a running service.)

    Hey thanks a lot for the help. And I hope you dont' think i'm trying to hack this network, i just want to install Microsoft Dev Studio and maybe Macromedia Flash.

    Thanks again fellas

    Fusion

    Special thanks to "thehorse13" for always helping me

  2. #2
    Senior Member
    Join Date
    Feb 2003
    Posts
    211
    you better visit this link mate. http://www.sysinternals.com/ntw2k/fr.../psinfo.shtml. follow the clues and i hope it works.

    When I lay me down to sleep, Pray the LORD my soul to keep.
    If I die before i wake, Pray the LORD my soul to take.

    http://www.AntiOnline.com/sig.php?imageid=389

  3. #3
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Posts
    167
    Thanks man, I'll try that tool.

  4. #4
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Posts
    167
    the tool failed. but thanks anyways

  5. #5
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    If you have administrator rights, you can remotely edit his registry from registry editor (regedt32), the option to connect to another computer is right in the file menu...

    I am wanting to say you can also do it from the command line, but I would stick from the registry editor...


    /neb
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    I just looked at this tool. There is an option to sign in automatically as the admin on the box it is installed on. This tool is very similar to TweakUI, another GUI that allows you to make REG changes though a nice little front-end.

    Anyway, after looking at all the settings, this is the only one that I an think of that *may* have been used but my guess is that there is more info that is missing from you post.

    Do you have credentials to your current admin account?
    If you don't there are a few tools out there that you can use to recover it and/or reset it.
    If you have certain services running i.e. remote registry, your buddy may be able to make reg changes across the wire.

    Ask him for a step-by-step then post it here so I can see exactly what he did with this tool. My guess is that he used it on your machine, not his. Also, do you have a little AD network running? If so and he has Admin rights on the AD network he will be able to login to your box no matter what the local admin account is set to. Domain rights always take precidence over local rights.

    I hope this helps.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Posts
    167
    He ran regedt32 and he succesfully connected to my computer. Though all of the keys were grayed out and he could not make any changes. Doesnt' make any sense why it wouldn't work. And by default Remote Registry is turned on every computer

    Hey thehorse13, do you know what that tool is called?(the one you mentioned if your first paragraph).

    And the tool he executed is located here http://regshot.ist.md/ (i think...) All this program does is edit the registry, though it contained a button to edit the autoadmin key and what it does is set the value from 0 to 1. Well what he did(on his own computer), he enabled autoadmin(setting value to 1), then under logon info (in the program) he put in his computers name(domain) and login user name. So then he logged off, and logged back on to the same account. And i guess he had admin rights.

    Though this doesn't work for any other computer. And I know he doesnt' know that much, so i believe him when he said thats all he did.

    well thanks for all ur help so far. I'm going to read up on AD networks, because i'm not sure what they are.

    Fusion

  8. #8
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    OK Fusion, you have listed 2 tools. RegShot is used to compare changes in the registry after some actions are taken or directory structure changes. This is a nice diagnostic tool but nothing more. The other tool, RegTickPro, is used to lockdown the registry through a nice GUI front-end.

    From what I see, neither of the two can change password hashes. This leads me to believe that your buddy has done additional things to change your local admin account or he has used the auto admin feature in RegTickPro.

    The other tool is called TweakUI. You can find it at www.download.com or through a google search. It is a very common windows tool.

    As for remote registry, unless he has domain level admin rights or local admin rights on your box, he wont be able to change the ACLs on your registry keys. I would advise you to shut that service down because as others may be quick to point out, there are some ways around this. This explanation assumes that you play by M$ networking rules.

    Hope this helps ya out.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  9. #9
    Junior Member
    Join Date
    Jul 2001
    Posts
    12
    go to control panel > administrative tools > services and disable "REMOTE REGISTRY SERVICE"...

    That should fix your problem

    Hope this is what you were looking for
    NOONE DIES A VIRGIN ...LIFE F***K\'S YOU ANYWAY!!!!!

  10. #10
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    Quote Originally Posted by br_fusion
    And I hope you dont' think i'm trying to hack this network, i just want to install Microsoft Dev Studio and maybe Macromedia Flash.
    Wouldn't it be easier to talk to your admin about it?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •