29
May
Posted in Windows by carlosap |
Windows Vista Vulnerable to StickyKeys Backdoor
Monday March 12, 2007 at 8:11 am CST
Posted by Vinoo Thomas
Trackback
StickyKeys is an accessibility feature to aid handicapped users. It allows the user to press a modifier key, such as the Shift key, and have it remain active until another key is pressed. StickyKeys is activated by pressing the shift key or a modifier key five times in sequence and a beep is sounded. Sounds innocuous, right? Dead wrong!
Apparently, Windows Vista does not check the integrity of the file that launches StickyKeys “c:/windows/system32/sethc.exe” before executing it. Which means you could replace it with another executable and run it by depressing the shift key five times. A popular replacement is “cmd.exe.” After replacement, one could invoke this command prompt at the login prompt without the need to authenticate as shown in the below screenshot.
Invoking Sticky Keys
Once launched, it is possible to execute explorer.exe without authenticating and get a full desktop running under the credentials of the NT Authority\system account. And from this point on an attacker has full access to the system.
Launching desktop via Sticky Keys
This legacy backdoor method is not something new–Win 2000 and XP are also vulnerable. Applying the latest Windows updates insures that “sethc.exe” is protected by Windows file protection. In Vista replacing system files is a more difficult because of Trusted Installer. However, running the following two commands nullifies this.
takeown /f c:\windows\system32\sethc.exe
cacls c:\windows\system32\sethc.exe /G administrator:F
To execute the above commands successfully, it requires an administrator to be logged in; but a determined attacker can always find workarounds to exploit this built-in backdoor. In fact once a command prompt is obtained via this method, we can use it to create a new user, add this user to the administrators group via the net command and then use this account to rightfully log in using the following commands.
net user USERNAME /add
net localgroup administrators USERNAME
One can always argue that an attacker actually needs access to the machine to be able to pull this off. Of all the unauthorized system access incidents that organizations reported last year, roughly 27% were by internal employees. And it is this threat from within (disgruntled or naughty employees) that poses the greatest computer security threat to organizations today.
Another alarming feature of this backdoor is that an attacker can use this method to bypass login on terminal servers and workstations with the remote desktop enabled. Since no third-party tools are being installed on the system and we are using Microsoft’s own files to achieve this, it will be difficult to detect for a typical administrator.
Perhaps one can uninstall the Accessibility Tools feature, which is installed by default to avoid this fairly simple, yet potentially serious built-in backdoor. And don’t forget to hit the shift key five times and see what pops up on your desktop. 
15
Apr
Posted in Windows by carlosap |
Can ping VPN server only but not other resources
Can’t access the internal server when remote client establishes VPN
Can’t access the Internet while using VPN
Can’t access the remote network after unchecking “Use default gateway on Remote Network”
Destination not unreachable
Can’t access the remote network from VPN clients
Can’t ping each other in a Demand Dial VPN
Can my VPN server as a VPN server and also act as a router
Case Study – peer to peer route via VPN connection
Solved: connectivity issue after enabling Windows VPN
Laptop can’t VPN while Desktop can - VPN error 721
Solution for Peer to Peer VPN using the same IP range.
TTL expired in transit and Destination host unreachable
Can ping VPN server only but not other resources
Symptom: after establishing VPN, you can ping and access the VPN server, but not other servers and the network resources.
Cause: 1. incorrect NAT/Firewall settings.
2. ISA/Proxy blocking.
3. Disable IP routing/forwarding.
Can’t access the internal server when remote client establishes VPN
Symptoms: Two offices are connected using a vpn. Both offices run W2K servers, RAS & TS. When office A connects to Office B you can not connect to office A from anywhere except from office B. You can not connect using TS, or a vpn connection. In order to gain access to office A, you have to connect to office B, disconnect the client in RAS, then you can connect to office A.
Resolution: When establishing VPN to the office A, the routing table changes. To fix this issue, disable the “Use default gateway on remote network”" on the VPN client conenction. Or modify the routing table manually.
Can’t access the Internet while using VPN
Symptom: after establishing a VPN connection, you may not be able to access the Internet because the VPN takes over your existing connection and all traffic to use the VPN default gateway on the remote network. The remote network may not allow VPN clients to access the Internet via their gateway.
Resolutions:
1) If you don’t need to access the entire VPN resources, disable the “use default gateway on remote network” option in the properties of the VPN connection.
2) Edit route table manually if you know how to or check routing page on this web site.
3) For the security reason, some firewall/routers like Cisco PIX do not allow access the Internet after establishing the VPN and you cannot modify the routing table. You may setup split-tunnel.
Can’t access the remote network after unchecking “Use default gateway on Remote Network”
Symptom: After following above instruction and uncheck “Use default gateway on Remote Network” on VPN connection, you can’t access to the remote network any more. For example, your LAN network is 192.0.0.0 and default gateway is 192.0.0.1; the VPN is 192.0.1.0 and gateway 192.0.1.1.that is connecting to the remote network 10.0.0.0. After establishing the VPN connection and unchecking “Use default gateway on Remote Network”, your computer use 192.0.0.1 as gateway instead of 192.0.1.1 and can’t find a way to 10.0.0.0 network.
Resolution: you need modify the route table manually or refer to our Routing page on this web. Or check “Use default gateway on Remote Network” on VPN connection.
Can’t access the remote network from VPN clients
Symptoms: Your VPN client can ping/access the server but not other computers in the remote network.
Resolutions: 1) if you have two NICs in the VPN server, you may need to enable IP Routing. To do this, go to the RRAS>the Properties of the server>IP, check IP Routing.
2) Make sure you don’t uncheck Use the remote default gateway on VPN client’s VPN connection.
3) Make sure VPN client’s LAN and the remote LAN are using the different IP range and subnet.
4) Check routing table for troubleshooting.
Can my VPN server as a VPN server and also act as a router
SYMPTOMS: If you enable VPN on a server, the RRAS will accept incoming VPN connections only and secures the RRAS by enabling filters that only accept PPTP or L2TP traffic. Then network traffic over the VPN connections and the internal LAN connection are normal but the RRAS will not forward packets over the interface except PPTP or L2TP traffic.
RESOLUTION: If you want your server to be a VPN server and also act as a router, you should select Manually configured server from above options and configure the RRAS as a router.
Connectivity issue after enabling VPN in multihomed server
Symptoms: after you enable VPN on a server as a router or with two or more NICs, you may experience some issues. 1) the internal computers can’t access the Internet; 2) outside VPN clients can’t access the VPN server; 3) can’t access the server using TS and VNC form the internal or outside.
Causes: for the security reason, the RRAS modify the routing table and enable incoming VPN connections only so that no other forward packets over the interface except PPTP or L2TP traffic. For consultants, refer to case 090804RL.
TTL expired in transit and Destination host unreachable
Symptoms: After enabling VPN on a Windows 2000 server you may have these issues: 1. From the server, you receive “Destination host unreachable” when ping outside IP.
2. You receive Time out or “Reply from x.x.x.x: TTL expired in transit” when ping the server from outside.
Cause: Outside NIC Filter is enabled.
14
Mar
Posted in Windows by carlosap |
Solution:
In IIS, check properties of both the default web site and the Exchange virtual directory. On the directory security tab, click Edit under secure communications. Make sure ‘Ignore Client Certificates‘ is checked.
kris.
14
Mar
Posted in Windows by carlosap |
The web site you want to view requests identification. Please chose a certificate.
More Info.
25
Feb
Posted in Windows by carlosap |
Services to be enabled:
services.msc
Removable Storage
Plug And Play
10
Feb
Posted in Windows by carlosap |
Desactivar compartir Internet en el Servidor VPN
Paso 1. en Manage your Server
1. Remote Access / VPN Server
2. Routing and Remote Access
3. Seleccionar IP Routing
4. Seleccionar NAT / Basic Firewall
5. Seleccionar la Interfaz Local Area
6. En propiedades Seleccionar: Private interface connected to private network
Paso 1: Configure el servidor que es Enrutamiento y acceso remoto en ejecución para utilizar un fondo Dirección IP Estática
Windows 2000 Server
1. Haga clic en <UITERM>Inicio</UITERM>, seleccione <B>Programas</B>, <B>Herramientas administrativas</B> y, a continuación, haga clic en <B>Enrutamiento y acceso remoto</B>
2. Haga clic con el botón secundario en el servidor que ejecuta Enrutamiento y acceso remoto y a continuación, haga clic en Propiedades.
3. Haga clic en la ficha IP, haga clic en Grupo de direcciones estáticas y a continuación, haga clic en Agregar.
4. Escriba el inicio del intervalo de direcciones de Protocolo de Internet ( IP ) en el cuadro Dirección IP inicial, escriba el que finaliza el intervalo de direcciones IP en el cuadro Dirección IP final y a continuación, haga clic en Aceptar.
NOTA: Configura un grupo de direcciones IP estáticas en otro segmento de red que el segmento de red en el que reside la red de área local interna (LAN).
5. Haga clic aquí para seleccionar la casilla de verificación Activar Habilitar enrutamiento IP (si ya no está activado).
6. Haga clic en Aceptar.
7. Habilite el reenvío de TCP/IP. Para información adicional acerca de cómo habilitar el reenvío IP, haga clic en el número de artículo siguiente para ver el artículo en el Microsoft Knowledge Base:
230082 (http://support.microsoft.com/kb/230082/EN-US/) Cómo habilitar el reenvío de TCP/IP en Windows 2000
Paso 2: Configure las propiedades de clientes de VPN TCP/IP
Para deshabilitar la configuración Use Default Gateway on Remote Network en el elemento de conexión de acceso telefónico VPN en el equipo de cliente:
1. Haga doble clic en Mi PC y a continuación, haga clic en el vínculo de Conexiones de red y de acceso telefónico.
2. Haga clic con el botón secundario en la conexión VPN que desea cambiar y a continuación, haga clic en Propiedades.
3. Haga clic en la ficha Red, haga clic en Protocolo de Internet (TCP / IP) en la lista Esta conexión usa los componentes seleccionados y a continuación, haga clic en Propiedades.
4. Haga clic en Avanzadas y a continuación, haga clic para desactivar la casilla de verificación Utilizar la puerta de enlace o gateway predeterminada en la red remota.
5. Haga clic en Aceptar, haga clic en Aceptar y a continuación, haga clic en Aceptar.
17
Jan
Posted in Windows by carlosap |
Hay muchos programas para controlar ordenadores de forma remota, sin embargo FreeSSH Server te permite hacerlo de una forma segura y encriptada cosa que no hacen otros programas. El usuario puede abrir una consola remota o acceder a sus archivos ya que el programa incorpora un servidor SFTP.http://freesshd.com/index.php
20
Nov
Posted in Windows by carlosap |
Delete key:
HKEY_CLASSES_ROOT\CLSID\{7D23CCC6-A390-406E-AB67-2F8B7558F6F6}
then close it an reeregister asp.net with aspnet_regiis -i
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis.exe -i�
ǀ
Accessibility
Development
Games
Graphics & Pictures
Internet
Music & Video
Office
Operating Systems
Utilities
