Windows 2000 System Vulnerability Pretty Solution 1

zhaozj2021-02-08  205

Landing input method vulnerability

Here we first introduce a login error, which is often the input method of input method. When we start the Windows 2000 to log in to the prompt interface, any user can open a help bar of various input methods, and you can use some of these functions to access the file system, which means we can bypass Windows2000 users. Log in to the verification mechanism and access the entire system with the highest administrator privilege. Therefore, this vulnerability is very harmful, and when we enter the system, you can use the Terminal Server remote communication. This vulnerability attacks the system. The default Windows2000 system comes with this vulnerability in the input method: intelligent ABC, Microsoft Pinyin, internal code, full fight, double fight, Zheng code. So I feel that this vulnerability is the leak of the primary repair.

1. Delete the unwanted input method, such as Zheng code, etc.

2, but after all, we cannot delete all the own input methods. If we want to use a vulnerability input method, you can delete the help file of that input method. These help files typically in the HELP directory of Win2000 installation (eg: c: winnt), the corresponding help file is:

※ Winime.chm input method operation guide

※ Winsp.chm double spelling method help

※ Winzm.chm Zheng code input method help

※ Winpy.chm full spelling method help

※ WINGB.CHM internal code input method help

3, Microsoft has released the MS00-069 security announcement for this issue and gives a patch of Simplified Chinese Windows2000 and English WINDOWS2000 on the Internet. So please patch your patch as soon as possible.

NetBIOS information leakage

Next, let's talk about NetBIOS sharing invasion. This problem has never resolved from NT just released. And it has always been the most common intrusion of the NT system architecture. It is particularly worth mentioning that the IPC $ Null Session is known in the NT system. Although the SP3 can be restricted by modifying the registry. But I don't know why Windows2000 is still inoperable, I keep this empty dialogue. Then let's take a look at the empty session to bring what information to the invader:

NET USE / ServerIPC $ "/ user:" // This command is used to create an empty box

Net View / Server / / This command is used to view the shared resources of the remote server

Server Name Comment

-------------------------------------------------- -----

/ PC1

/ PC2

The command successfully completed.

The NET TIME / Server // This command is used to get the current time of a remote server.

NBTSTAT -A Server // This command is used to get the NetBIOS user name table of the remote server

Netbios Remote Machine Name Table

Name Type Status

---------------------------------------------

Null <00> Unique registered

Null <20> Unique Registered

Internet <00> Group register

Xixi <03> unique registered

INET ~ Services <1c> Group registered

Is ~ null ...... <00> Unique registered

Internet <1e> Group registered

Administator <03> Unique RegisteredInternet <1D> UNIQUE Registered

..__ msbrowse __. <01> Group registered

Mac address = 00-54-4f-34-d8-80

Look, just have used the commands that have been brought by several systems, so we have any way to get someone else to get so much information?

Only by simple modification registration table is once again.

HKEY-LOCAL_MACHINESYSTEMCURRENTCONTROSETCONTROLLLSA

Value Name: Restrictanonymous

Data Type: REG_DWORD

Value: 1

But if you don't need to open sharing. Then why not ban it? The method and NT4 in Windows2000 are slightly different. It does not limit TCP / IP bindings on Netbiso, but we can select advanced (V) options in the setup panel of the Internet Protocol (TCP / IP) property, then select TCP / IP filtering, then click to enable TCP / IP filtering Finally, only the TCP port is selected, and then you can add the port you want to open.

转载请注明原文地址:https://www.9cbs.com/read-2007.html

New Post(0)