nt-part2_62
Analysis of the Security of Windows NT
1 March 1999
62
7.8 Classification of weaknesses
A classification of the weaknesses is presented in the table below. The classification is
taken from [66] and adapts the viewpoint of intrusion techniques. It is based on a
scheme originally suggested by [48].
In our study, we have not presented any weaknesses in the last categories. That does
not imply that they do not exist. IS, DumpACL, KSA and C2CONFIG, see appendix
D.1, are all examples of utilities that satisfies this categories.
In the next section, we will compare the weaknesses found in NT with known UNIX
exploits.
TABLE 5. Classification of weaknesses in NT
Category
Weakness
NP5
Bypassing
Intended
Controls
Password attacks
Capture
Plain-text passwords 7.3.5
Guessing
Collisions in MD4 7.3.2
Deriving passwords from challenge/
response 7.4.2
L0phtCrack 7.7.5.2 and 7.7.5.3
Spoofing privileged programs
Parameter checks in system calls
7.3.3
Undocumented functions 7.3.4
NTCrash 7.5.1
Teardrop 7.5.4
GetAdmin 7.7.4
Utilizing weak authentication
Client Downgrading 7.4.1
Brezinskis man-in-the-middle 7.4.1
NTFSDOS 7.6.1
NTRecover 7.6.2 and 7.7.2
ERD Commander 7.7.1
NTLockSmith 7.7.3
RedButton 7.6.3
NP6 Active
misuse of
resources
Exploiting inadvertent write permissions
Resource exhaustion
CPUHog 7.5.3
Teardrop2 7.5.5
NP7 Passive
misuse of
resources
Manual Browsing
Automated searching
Using a per-
sonal tool
Using a pub-
liclyavailable
tool