HostedDB - Dedicated UNIX Servers

nt-part2_56 Analysis of the Security of  Windows NT 1 March 1999 56 Arguments are the same as in the previous experiment. With just SP1 installed in the system, the machine froze, and we had to reboot it. With just SP3, the machine froze for approximately 45 seconds. The hotfix offered by Microsoft seems to work. 7.6  Confidentiality Attacks 7.6.1  NTFSDOS Description. As previously mentioned it is possible to boot an NT system with a dif- ferent operating system from a floppy drive, and then mount an NTFS volume from this operating system. The implications of this is that any system with a floppy drive, or which is bootable with another OS, is insecure. One example of such a driver is NTFSDOS    Intent. With the NTFSDOS utility, see appendix D.3.1, we will try to read an NTFS volume. We intend to carry out the attack as follows. 1.  We will create a MSDOS boot floppy disk and put a copy of NTFSDOS on it. 2.  We will then boot the target system from this floppy. 3.  When the OS (now MS-DOS) is up and running, we will start NTFSDOS and hope- fully every file on any drive on the target system will be readable by us. Result. We did as specified above. After that, all files in the NTFS partition were read- able. Comment. If it is possible to read the NT file system, then it is also possible to read the SAM database. Information in this database includes hashed and encrypted passwords, which can be gathered by an attacker once s/he knows the internal file structure. Both the encryption methods and the way encryption keys are generated are known. 7.6.2  NTRecover (read-only version) Description. Apparently it is possible, under certain circumstances, to remotely mount an NTFS partition over a serial line. This implies that any person with physical access to an NT machine, a (portable) computer and a serial cable can read the NT machine’s NTFS volume. One example of such a tool is NTRecover. Intent. We will install and configure the system as specified in appendix D.3.4. In this experiment we will use the read-only version of NTRecover. Result.  We installed and configured the utility and the equipment, which was an easy task and took less then 20 minutes. We were, after this phase, able to read the whole NTFS volume on the client machine. 7.6.3  RedButton Description. The RedButton bug makes it possible to connect anonymously to an NT machine and enumerate users and shares as well as reading and modifying some parts of the registry. One of the reasons for anonymous logon, as we understand it, is the fol- lowing. In order to manage trust in a convenient way the administrator in the trusting