Hackers Toolkit 2 - Win NT Exploits & Texts

Win NT Exploits & Texts
NT Password Appraiser
ntpass.html Section Download	Successful HTTP requests can go unlogged.	Author:? Size:10kb Rating (?)

Microsoft Exchange Server v5.0 Buffer Overflow
exchange5.html Section Download	Simple SMPT overflow.	Author:? Size:1.37kb Rating (?)

IIS 4.0 Request Logging
iis4.html Section Download	Successful HTTP requests can go unlogged.	Author:? Size:1.77kb Rating (?)

0.12 Encrypted Handshake Intercept
012.htm Section Download	NTs' dialect of LanManager (SMB NTLM 0.12) can be intercepted during the session_setup_andx phase.	Author:? Size:1.09kb Rating (?)

AS/400 Shared LU
as400.htm Section Download	Users inherit first users permissions on AS/400 shared folders.	Author:? Size:968b Rating (?)

A url such as
aurlsuch.htm Section Download	A URL such as 'http://www.domain.com/..\..' allows you to browse and download files outside of the webserver content root directory.	Author:? Size:1.07kb Rating (?)

Automatic write of .reg files
automati.htm Section Download	Files with '.reg' extention automatically write to the registry with current user privileges on open.	Author:? Size:858b Rating (?)

Using telnet to access a webserver via HTTP port 80
cpuattacks.htm Section Download	Multiple service ports (53, 135, 1031) are vunerable to 'confusion'.	Author:? Size:2.74kb Rating (?)

DLL Exploits
dlls.htm Section Download	System DLLs are called by applications and the registry, and can be replaced with trojaned/virused versions.	Author:? Size:1.04k Rating (?)

.Doc Files Become Trojans/Virii
docfiles.htm Section Download	Executables renamed as .xxx files run as executable from command line. Executables can be renamed with any extension and run from the command prompt or batch file.	Author:? Size:1.07kb Rating (?)

Downgrade (force clear text passwords)
downgrad.htm Section Download	A system can be configured to negotiate SMB dialect to LanManager v2.0 which prompts the client to send a users' password in cleartext without the users' knowledge.	Author:? Size:1.40kb Rating (?)

Filemanager Hole
filemana.htm Section Download	When an administrative user starts File Manager in Windows NT 3.51 from MS Office 7.0 Shortcut Bar, he will able to see files in a folder (directory) for which he has no access permissions.	Author:? Size:1.30kb Rating (?)

Unauthorized File Deletion
filepriv1.htm Section Download	Unauthorized users can delete files they otherwise do not have access to.	Author:? Size:1.00kb Rating (?)

Default Permissions
fpdefault.htm Section Download	In FrontPage 1.1, the IUSR_* account is granted Full Control to the _vti_bin directory and Shtml.exe.	Author:? Size:984b Rating (?)

Passive Connection Support
ftppassi.htm Section Download	The FTP service allows passive connections to be established based on the port address given by client.	Author:? Size:1.14kb Rating (?)

Crashing IIS
getcrash.htm Section Download	Using a telnet application to get to a webserver via HTTP port 80, and typing "GET ../.." will crash IIS.	Author:? Size:1.05kb Rating (?)

Guessing brute force.
guessing.htm Section Download	Systems can be accessed by password dictionary attacks.	Author:? Size:1.44kb Rating (?)

Guest access same as Domain User.
guesta.htm Section Download	Anonymous users have same access rights as Domain Users.	Author:? Size:.99kb Rating (?)

Linux NTF's
linuxntf.htm Section Download	NT secured filesystem (NTFS) can be read from Linux, bypassing filesystem security.	Author:? Size:902b Rating (?)

MS Access v1.0/1.2 SIDs Exposed
msaccess.htm Section Download	A User SID can be read from a v1.0 database and pasted over a SID in the MSysAccounts table in the SystemDB, allowing someone to access a database as a different user.	Author:? Size:999b Rating (?)

NBTstat
nbtstat.htm Section Download	'Nbtstat -a nodename' or 'Nbtstat -A ipaddress' will display much information about a remote node	Author:? Size:1.17kb Rating (?)

NTFSdos.exe
ntfsdos.htm Section Download	NT secured filesystem (NTFS) can be read from DOS/Windows/Windows 95, bypassing filesystem security.	Author:? Size:1.08kb Rating (?)

Open to Guest Access
opento.htm Section Download	Everyone has remote access to an NT systems' registry by default.	Author:? Size:1.07kb Rating (?)

Passwd Sniffing DLL
passwdll.htm Section Download	A password sniffing dll.	Author:? Size:2.00kb Rating (?)

Ping of Death
pingof.htm Section Download	Large packet pings (PING -l 65527 -s 1 hostname) otherwise known as 'Ping of Death' can cause a blue screen of death on 3.51 systems.	Author:? Size:1.20kb Rating (?)

Creating output files
redirect.htm Section Download	A URL such as http://www.domain.com/scripts/script_name%0A%0D>PATH\target.bat will create an output file 'target.bat''.	Author:? Size:785b Rating (?)

Rollback.exe
rollback.htm Section Download	Rollback.exe wipes out all registry entries, and forces a reinstall of NT.	Author:? Size:961b Rating (?)

Scanners
scanners.htm Section Download	Malicious hackers use scanners to find security holes unknown to administrators.	Author:? Size:1.79kb Rating (?)

Sending a commmand line to a server
sendinga.htm Section Download	Information server allows the use of Batch files as CGI apps.	Author:? Size:1.28kb Rating (?)

Sequence Number Prediction
sequence.htm Section Download	TCP Session Security can be hijacked.	Author:? Size:794b Rating (?)

SMB Hijacking
smb.htm Section Download	SMB Sessions can be hijacked.	Author:? Size:1.45kb Rating (?)

Crashing SMB
smbcrash.htm Section Download	Sending this command will crash a smb session....	Author:? Size:1.20kb Rating (?)

Snooping
snooping.htm Section Download	Information can be copied from the network.	Author:? Size:1.08kb Rating (?)

The Attack
synattack.htm Section Download	Attacking a NT station with SYN flood.	Author:? Size:3.81kb Rating (?)

A URL file can be truncated.
truncate.htm Section Download	A URL file can be truncated.	Author:? Size:848b Rating (?)

Win32K Crash
win32k.htm Section Download	How to crash the system.	Author:? Size:732kb Rating (?)