|
-
March 6th, 2002, 02:03 PM
#1
 XP Remote Admin Tool
So, I am a new user of the new win xp.I just got me a WinXp box about a month ago. Over all, I have been impresses by its GUI, and all the cool little features.Very user freindly, with out being painstakingly obnoxious. One lil section that gets me, is the administration tools folder. I havent got a real chance to play with it....but as it seems you can request a call for "assistence" and WINDOWS will accept RAT connections from a specified Ip address.
Now, I have talked with some other Tech's up here, and the VERY few that have used this RAT, say that on the client side, you have just about every option you could imagine. You even get a screenshot every second or so. Windows even politly disables the server sides mouse and keyboard FOR you.
How sweet.
Question: How are these requests for assitence made?
This I am sure could be easily exploited. I am sure a simple script could activate this "call for help". And just think the security hole it would create, if an evildoer created a worm that ran this script. Replicating itself over and over and over. Thousands, if not millions could be effected by this. Hopefully forcing Microsoft to release a patch. (Yeah Right)
Question: Does .vbs work the same in Xp as it does in 98? Meaning can somone create a .vbs script in an HTML page and write somesort of assistence request program to there disk simply by clicking? Kinda like the "GodMesage" exploit.
It is better to be HATED for who you are, than LOVED for who you are NOT.
THC/IP Version 4.2
-
March 6th, 2002, 02:22 PM
#2
I can't answer your question sorry but i would like to ad a little thing...
It's installed in the default installation!
A big trojan build in windows! 
-
March 6th, 2002, 03:56 PM
#3
Hey Dr. Toker,
I think normally there are a couple of ways the "call for assistance" is made. Either with an instant messaging program or by e-mail. The person wanting the assistance sends the person they want to invite an invitation by e-mail or instant messenger. This invitation includes a password that the person accepting the invitation must use. The inviter can also set a time limit on how long the invitation stays open. Where did you get your XP box? Mine is an HP and it came with a pre-loaded help section that tells how to use Remote Assistance and other stuff on the computer. You can also disable the Remote Assistance feature and make it impossible (afaik) for assistance invitations to be sent from your box. Believe me, I have! Hth 
For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
(Romans 6:23, WEB)
-
March 6th, 2002, 03:58 PM
#4
http://www.microsoft.com/windowsxp/p...st/default.asp
try this link. also, i would likle to warn you that windows xp has numerous options that can exploited that are installed by default. it would be in your best interest to go through your system and disable these. yes it may look pretty but it is also very exploitable. m$ really screwed up by releasing it so fast without proper testing. be sure to check the patches and find any you think you need.
-
March 6th, 2002, 04:06 PM
#5
Yes to what VanEck said. You might want to go to the Windows Update site if you haven't. They have already released some patches for Windows Xp including the one for the Universal Plug and Play service. I also got a program from Steve Gibson's site http://www.grc.com called Unplug and Pray that can disable or reenable it at will. You might also want to disable NetBios if you haven't already. You probably already know this stuff though. But if you don't, reply or PM me and I'll try to tell you how.
For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
(Romans 6:23, WEB)
-
March 6th, 2002, 04:11 PM
#6
Thanx Guys
Thanks for all the info.......Preach, can you expand on your first post about the invitation to remote admin.
Question: Does .vbs work the same in Xp as it does in 98? Meaning can somone create a .vbs script in an HTML page and write somesort of assistence request program to there disk simply by clicking? Kinda like the "GodMesage" exploit.
It is better to be HATED for who you are, than LOVED for who you are NOT.
THC/IP Version 4.2
-
March 6th, 2002, 04:41 PM
#7
I think that it would Dr. Toker...somebody was asking me about RA....yes this could be quite exploitable. Not good
-
March 6th, 2002, 05:11 PM
#8
Member
I agree with preacherman481 about disabling netbios. Also YES vb scipts do execute on an xp box. Could be used to expoit your system. To fix that you can open up explorer and click tools/folder options. Then click on the file types tab. Scroll down untill you see .vbs and .vbe. By defalt you can see that these extentions are opened with the Microsoft windows base. If you cange the defalt action to edit, Notepad will be opened and your system is safe. You will be able to view the files befor you open them to make sure they are not expoits. This technique can be used with all scipting languages that interpite the windowd scipting host. I know that the DOD (department of defense) disables .wsc , .wsh , .ws , .wsf , .vbs , .vbe , .js , .jse.
Hope this was helpfull.
LATER-
__________________________
Computers make sense people
DON\'T.
-
March 6th, 2002, 05:48 PM
#9
IT was more helpfull than you think. Thank you so ****ing much
*Dr Toker rolls a joint and passes it to guru..
It is better to be HATED for who you are, than LOVED for who you are NOT.
THC/IP Version 4.2
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote