Enumerating User Accounts

[swoodsmcse]

I have a problem that i would like to get help on. I have been contacted by a person who says that he was able to gain access anonymously to my user accounts on a Win2K server. He has emailed me the list and it shows the user logon name, whether or not it has a password, and whether or not a password is required. He says he is able to get all of this information over the internet without authenticating. Does anyone know how he is doing this and more importantly how can i prevent this from happening. Thanks

 

[RiezalR]

swood,

There are many ways this is possible. It might be a security hole in your server, it might be an open share or it might be some vulnerable software. If you dont have AV on your machine, it might even be a Trojan horse. One way you can find out, is to do a security scan on your server. The attacker might have done that on your machine and found a hole. Then again, there are just too many possibilities. To narrow it down, you need to check what ports are open on your server and check which are vulnerable. The good thing about this is, that the attacker actually notified you, which is a very good thing to do in this case. Before some lame hacker comes along and does some malicious activity in your machine, you should cover all your holes. Lets just hope the 1st attacker did not do anything bad already

Prevention? well, again there are many options. Firewalls and the likes. But firstly and more importantly is, you need to locate that hole. Find what is making your machine vulnerable and shut it down. If you would like to discuss this further in more 'privacy', you can contact me at c0dex@asia.com. Good luck!