Print
Discuss
Send to friend
RSS feedsI take it all back. There I was, dismissing the lovely Britney Spears as little more than an expert in the art of 'making a little go a long way', when I was rudely corrected. According to one website, the diminutive Louisiana virgin has an in-depth knowledge of Windows NT4. What's more, she isn't shy about letting the world know about it.
Contrary to popular perception, it seems that young Britney has more than one string to her bow. Not only can she belt out 'Hit me baby, one more time' with consummate ease but she's also a dab hand when it comes to hacking NT web servers. Using just a handful of easily downloadable tools, a website called 'Britney's Guide to Hacking NT in 5 easy steps' demonstrates how easy it can be to access an IIS web server.
And it really can be very easy indeed: use NMAP to enumerate the remote system, use NetCat to identify the server, use a few Unicode tricks to access otherwise 'closed' folders, use MDAC to get at the Security Accounts Manager database, where you can then run the L0phtCrack password cracker to reveal some passwords. And so on.
Britney takes IIS to the cleaners and beyond. Clearly she's been studying for her MCSE in IIS without anybody noticing. Or maybe she's bought a copy of the top-selling Hacking Exposed, written by Stuart McClure who seems to have helped Britney with her black hat exploits (see www.hackingexposed.com).
You won't be able to access Britney's handiwork at www.britneyspears.com but at www.interphaze.org/bits/britneysnthackguide.html. As you might have guessed by now, this has nothing at all to do with dear old Britney, but is merely a cheap ploy by McClure to demonstrate how childishly simple it is to compromise a very common (if not popular) web server. Why, it's so easy, even Britney could do it.
As with so many hacking web pages that appear and disappear with alarming regularity, you may not find the web page I'm droning on about. There is, of course, an excellent way around the 'Page not found' problem - use the excellent Google search engine which, rather thoughtfully, caches every page it indexes, preserving Britney's handiwork in all its glory.
Red alert
Some of the loopholes described in Britney's guide are old hat and have since been closed. Panic over, you might think, but you'd be wrong. Microsoft seemingly releases a neverending stream of security updates for all its products: the big problem is getting users to apply them. Recently IIS was subject to the Code Red distributed denial of service worm, which exploited a security loophole that Microsoft had closed a month previously.
The patch was tiny, freely available and took seconds to download and install. Some 160,000 subscribers to Microsoft's security warnings were notified but, despite all this, a significant proportion of IIS sites failed to apply it.
Quite reasonably users complained that, instead of fixing buggy software, Microsoft's focus should be on locking down systems to prevent activity that could be compromising. Belatedly, Microsoft has released two invaluable tools that will help admins nail down their servers: HFNet Check and the IIS lockdown tool, both of which can be downloaded from Microsoft's Downloads site.
The former reports on whether a server has had the latest patches applied. The lockdown tool performs such vital chores as automatically removing script mappings, disabling Active Server Pages, the index server web interface, server-side includes, internet printing and distributed authoring and so on. Together, these tools would have stopped the Code Red worm in its tracks had everybody installed and used them.
Oops I hacked it again
Clearly, this is all 'good stuff' but equally clearly these tools really shouldn't be necessary. By default this software ought to ship in its most secure mode and then the rights, permissions and services should be added as necessary, rather than ship wide open and rely on system administrators to close off redundant features.
This isn't a new request, nor is it particularly difficult to implement. However, whether the NT user base will take advantage of these tools to enhance their systems' security, is another matter.
The number of vulnerabilities is appalling and malicious hackers are exploiting them at an ever-increasing pace. Make no mistake: there's no room for complacency when it comes to running networks. You have to keep your finger firmly placed on the pulse of security alerts and updates.
After all, you wouldn't want Britney let loose in your network, now would you?
See also:
All Hacking and Cyber-crime
del.icio.us
Digg this
reddit!
