My Favorite WinNT Hacks, Bombs, Holes, and other Exploits...

Notice: The links provided on this page are intended to serve two purposes. First and foremost, to highlight how insecure your Win 95/NT system might be. Second, I do so enjoy poking at Microsloth's so-called "superior" products...

NT Exploits:
* Need I say more? -- Back Orifice
OK, so cDc still hasn't gotten BO working under NT -- they forecast a couple weeks, but that was months ago. Currently, if your running NT, then BO is not a problem for you. However...
* There's NetBus...
Quite similar to Back Orifice, but it definitely does affect NT systems...
* NT4.0 SP4 - local user can gain admin privileges and/or full control
* Remote Explorer "virus"
* Many holes in Microsoft FrontPage extensions
* Wingate LogFile service hole
* MS Personal Web Server security hole
* Another MSIE 4.0 overflow - exec arbitrary code...
* Wingate telnet redirection
* NT port binding insecurity
* Obtaining Domain Admins access on a LAN
* Windows NT NtOpenProcessToken Vulnerability
* Win95 Vulnerabilities
* Windows NT SAM permission Vulnerability
* How to become administrator on an NT box...
* Bad registry permissions on NT allows users to defeat security restrictions
* Spy on IE users' files
* SNMP holes in Windoze NT 4.0
* NT LSA secrets
* NT file execution path
* NT case insensitive filename problems
* NT password replacement program
* Microsoft's Win95 stores your password in plaintext in the system registry.
* NT 4.0 Stupid default SMB mount permissions
* Windows NT NTML Auto-Authentication
* Windows NT password hash retrieval
* WinNT/Win95 Automatic Authentication Vulnerability (IE Bug #4)
* Windows Screensaver bug
NT killers:
* NT login Denial-of-Service attack
* The "Bonk"/"Boink"/"NewTear" NT/Win95 fragmentation attack
* The LAND attack (IP Denial of Service)
* Linux and Windows IP fragmentation (Teadrop) bug
* Ping-o'-death (More Info...)
* Out-of-band bug
* WinNuke Testing Ground
* Windows NT/95/3.11 Out Of Band (OOB) data barf (HowTo:)
* Microsoft IIS Boundary Condition Vulnerability
* M$ IIS DOS long URL vulnerability: HowTo
* ICMP vulnerability in Windows 95 and NT 4.0
* TCP SYN Flooding and IP Spoofing Attacks
* NT SetThreadPriority() hole
* NT Syscalls insecurity
* SPOOLSS.EXE memory leak
* WINS nameservice (137/UDP) flood attack
* NT chargen flood
* NT fragmentation attack
* Another way to crash NT DNS server.
* NT crash via extra long username in Winpopup
* STOP 0x0A when IBM Warp Client Connects to NT 4.0 due to SMB MPX
NT Security resources:
* AXENT's "SWAT" site
* Donahue's Known NT Exploits site
* ntbugtraq.com
* Savill's NT FAQ
* Another NT Security FAQ
* Systems Internals site
* Microsoft Security Advisor
* WinNT ServicePack #4
* WinNT Post SP4 hotfixes
Site Index:
* Campus network resources
* Personal Interests & links
* Resume
* Background music
Contact Information:
Work:
 Donald L. Meyer
 202-B Orn. Hort. Bldg. (MC:631)
1107 S. Dorner Drive
Urbana, IL 61801

Phone: (217) 244-5653
E-mail: <dlmeyer@uiuc.edu>

Home:
3202 Douglas Woods Drive
Urbana, IL 61802

Phone: (217) 344-2182
Fax:    (217) 344-2183
Last modified: 3:42pm on 2/27/99
Comments to: dlmeyer@uiuc.edu