Vulnerabilities in Windows - 2 February 2012 - Blog - | LINUX - SECURITY |
Saturday, 2016-12-03, 6:36 PM
Welcome Guest | RSS
Statistics

Total online: 1
Guests: 1
Users: 0
Site menu
Our Documentations
1* METASPLOIT
Blog Category
# Only for beginners [39]
This category contains some introductions and tutorials about UBUNTU and BACKTRACK for those who just start using LINUX.
# Computer Security [11]
In this category, you will find all courses about the Informatique Security
# LINUX [2]
EVERYTHING ABOUT LINUX - UBUNTU & BACKTRACK - (NEWS, VIDEOS, TUTORIALS, ... )
# BackTrack 5 Tutorials [6]
In this categorie, I will post all tutorials about BackTrack5 (Installation, Configuration, Update, Hacking...)
# TechnicDynamic Tutorials [12]
Technic Dynamic is a source of education focused in the following categories of technology: (Computer - Design - Gadgets - Networking - Security) Link : http://technicdynamic.com
# Vishnuvalentino Tutorials [2]
He is a computer security specialist, and also freelance website designer. Read more : http://vishnuvalentino.com/about/
# Hackers News [6]
All news about the hackers of the world ...
# Tools [18]
All Security Tools
MEMES PICTURES [0]
Entries archive
Shopping


Follow us
facebook
Main » 2012 » February » 2 » Vulnerabilities in Windows
7:40 PM
Vulnerabilities in Windows
Vulnerabilities in Windows

Introduction 

Windows has always been maligned and criticized in terms of security it offers low or non-compliance with privacy. Free and true, these claims persist even today, this article is to describe some weaknesses inherent in this operating system, and only (mostly). 

First of all, worth remembering that the main attractions of Windows are easy to use and user friendliness. These are actually the result of multiple abstraction layers that prevent and end-user to be a computer expert to perform many tasks. Successive layers of abstraction are responsible for interpreting user commands by asking a number of assumptions. 

For example:
    on a single-user station, it is possible to dispense with the login window (and thus the appeal of the gina - the key combination Ctrl + Alt + Delete which is not accessible by applications) to directly connect without a password.
  • Web browsers allow the user to dispense with the management of passwords and personal information.
  • By default, the wireless client will prefer Windows automatic reconnection to a network, even if it does not have the baseline characteristics (only the SSID or network name must be identical).
  • implementations of ARP in Windows are themselves also simplified, paving the way for various attacks on local networks.
  • automatic execution of certain media provides direct access to the application they contain (CDRom, USB, etc.)
  • support for multiple multimedia formats used to display a multitude of comfort graphics, video, animations or games.
  • and so on.
All these simplifying assumptions are sources for potential attacks. The ARP spoofing / poisoning is a known example of a long time. Similarly, native wireless client in Windows are not suitable for professional use. 

But when is it the other features offered by Windows? What can be done with little skill and cost (your neighbors, your family)? This article, far from offering a manual for any hacking to everyone, is primarily intended to alert you and make you care when all your computer activities, to promote the value of anonymity on the Internet to advise the use of simple means of encryption and strong passwords ... 

Passwords 

The passwords are stored in the Windows SAM (system32/config) when the computer is alone. A version of backup is also often available in the "repair". It is possible to recover the encrypted version of the password with administrator rights (for single-user, that user) or simply by starting the computer using a CDRom specifically designed for this effect. For example with Ophcrack (http://ophcrack.sourceforge.net/), descendant of the famous L0phtcrack, improved by the cryptographic technique of Rainbow Tables (technical time-memory trade-off). Any password too short or insufficiently complex will be discovered immediately. 
Then come the need for "backward compatibility", that is to say, the compatibility with older Windows systems that are inherently less secure. If this option is enabled, passwords will be stored in two different formats, the first (LM - Lan Manager) is based on the DES and the second (NT) on the MD4. The latter is required by systems like Windows 95, Windows 98 or Macintosh. In essence, the second is much easier to crack than the other again is a matter of minutes. 
Finally, if the computer is a member of a Windows domain, the experts will tell you that the passwords are no longer present on the workstation, but only on the server (PDC XDC) authentication, the Sat contain therefore more interesting passwords. Yet this is not entirely true. All laptop users professional will tell you that even remotely, even disconnected, they can still authenticate (log) on their machines as if they were still connected to the network. In practice, this means that the password is always stored on the laptop, to allow the user to "log in" anywhere. So, if not in the SAM, where is this password stored? 
Just in memory "cache". Windows has the ability to store multiple accounts (with passwords) in the field. To see this, simply use the software suite "pwdump" which is actually the attack to add to his list. Furthermore pwdump6 always interested Sat, we can find "fgdump" (http://www.foofus.net/fizzgig/fgdump/) which is dedicated to the Windows cache. In the same way as before, the attacker will retrieve the encrypted passwords that are stored in cache for Windows. Then try to crack them later, to go quietly to the local station to the Windows domain. This convenient feature for travelers, however, can be désactvée for positions in the GPO. 

The configuration files 

Any Windows application tends to use configuration files that provide fairly explicit love to see too much information to malicious people. These files are often in text format (. Cfg,. Ini, etc) and can be read directly. Passwords, user names and logins are all easily retrievable data. 
Some applications take the precaution of storing information in a binary format that is more obscure. Or so we think. Unfortunately, passwords are strings and are often stored as such in the. Take the example of an ADSL router / wifi standard (Linksys or other) by exporting the configuration to make a backup, a simple search on content very often reveal the password in clear access of Directors while the rest of the file is encoded in any format. Not to mention the default passwords on all these devices are well known to hackers (admin/1234, etc). 
Many attacks could be carried out and by doing that research information ... 

Browsers 

Web browsers are widely used software. They see a lot of information, connection settings, credit card numbers, passwords, email addresses, etc.. In addition, they offer a multitude of functions, all the more obscure than the other, to make life easier for the user:
  • Cache web pages and images are stored temporarily (few months) in files on the computer in order to speed up their loading on the next visit the website concerned.
  • Cookies: Cookies are also stored in files, and their number is increasing exponentially, and their use has spread to most sites.
  • Additional data: Flash animations, for example, have any special conditions. They can use up to 100 KB of disk space without the user being consulted, and these data are not stored in one place the files in the browser, and are not purged when doing the "household ". It is even possible for multiple applications or web sites to share data ... Worse yet, the settings for this behavior can be done via a website in the case of flash drive.
  • the "AutoComplete" allows the browser to remember what the user writes in the forms in order to save time during his next visit.
  • ...
As can be expected, which was written by an application, an attacker can easily read and use. It is at least true for the features described above. History to realize easily, it is possible to find small tools and free scripts such as Foundstone (http://www.foundstone.com/resources/freetools.htm):
  • DumpAutoComplete will list you all that your browser (Firefox here) stored in the forms for completion.
  • Pasco will use the Internet Explorer cache files to rebuild the user activities. For example: 
    C: \ Documents and Settings \ username \ Cookies \ index.dat 
    C: \ Documents and Settings \ login \ UserData \ index.dat
  • Galleta will use the information contained in cookies saved by Internet Explorer the same way.

Files protected by passwords 

Last part of this little article, regular files protected by passwords (zip, rar, doc, xls, etc). It is important to note that the level of security offered by the majority of these applications has risen sharply in recent years, and zip rar now support a 128 or 256 bit AES encryption that can discourage most opponents. 
However, rather than directly attacking the encryption of files, it is much more efficient to get the password used by the user, including their personal files. For this, many tools exist such as the Perl script WYD (http://www.remote-exploit.org/index.php/Wyd): This script will scan all the files from the user to search for words or interesting numbers that will bring in a dictionary. This dictionary will then be used to attack the encrypted files and guess their passwords. 
This script is presented as much more effective than the "strings" command to find the useful words and limiting false positives. 

Conclusion:
In conclusion, it is clear that improvements in usability are often the effect of increasing weaknesses in the system. Windows is a good example, although not totally isolated. Another article will list a few places elsewhere that stores information on windows, in addition to those presented here. 
The user is and will remain the weak link in the chain of security through its use of software, simplifying its operations but also through its general behavior. This is what is called social engineering, a practice that has a very bright future and a success rate of disconcerting.
Category: # Computer Security | Views: 909 | Added by: Administrator | Rating: 0.0/0
Total comments: 1
1  
Concurs to Occupy 3rd of Hudson Yards System

Kohn Pedersen He AssociatesA rendering on the new system that Coach may anchor with Hudson Yards. Mayor Jordan Ur. Bloomberg said Tuesday that Instructor Inc. will buy over six hundred, 000 sq ft from the first system in the Hudson Yards site in a major step forward to the longgestating improvement task. http://www.lifeservsrilanka.com/buymarcbymarjacobsjp/marcbymarcjacobs.htmlマークバイマークジェイコブス "This deal means that industry has talked: The Much West Side's monetary potential has become a monetary actuality, " the particular mayor said making the headline, accompanied by city officers and real estate investment management.http://www.lifeservsrilanka.com/hit/katespade.htmlケイトスペード 財布 Instructor, the high end maker of purses along with leather things, would sit on the bottom third of a 1 . 7millionsquarefoot podium, for being on 30th Street and tenth Avenue. The particular tower is part of a offered 5. 5millionsquarefoot complicated, encompassing a second tower as well as a sevenstory list space, which would stretch around several hindrances, between 30th and 33rd Roads and 10th and 11th Avenues.http://www.lifeservsrilanka.com/hit/coach.htmlコーチ バッグ Construction on the initial structure is anticipated to begin next year also to be concluded through 2015.

Coach's chief executive officer, Lew Frankfort, said the company would certainly relocate its business headquarters and 1, 500 staff from its present offices along 34th Street towards the new building. Although the site will never be a new manufacturing centre, the staff people include artists who create Coach's trials, prototypes as well as limited edition merchandise. http://www.lifeservsrilanka.com/hit/fancymiumiu.htmlミュウミュウ バッグ The system is component of a proposed 26acre mixed work with project, becoming developed over lively railyards by Similar Companies, in partnership with Oxford Properties Group. Often the master plan for the venture includes 6 zillion square feet of commercial office space, 1 million sq ft of retail space, 5 various, 000 condominiums in nine residential buildings, any 150room motel, a ethnical center, and a new general public school. The web page could be reachable with a new off shoot of the No . seven subway range, and that is scheduled for being completed by simply November 2013. Christine Chemical. Quinn, the particular speaker of the City Council, praised Instructor for the judgement to move to Hudson Gardens. "Finally, we will supply you with a constructing as nice as the pocketbooks, very well she claimed.

Often the tower Coach will certainly occupy is adjacent to often the northernmost section of benefit Brand. It will likewise put with the complex's suggested cultural heart, which the designer Diller Scofidio and Renfro are helping to conceptualize. The mayor said he hoped that the ethnical center would house art scène, theatrical events, movie originel and, finally, Fashion Few days, which now takes place with Lincoln Heart. The city also declared that CSX Method of travel Inc. provides agreed in basic principle to donate the third and closing section of positive aspects Line raised railbed, which could encourage the park to be completed. The newest halfmile section, which hugs the West Side Railyards, operates west to 12th Avenue, by 30th Street in addition to 10th Avenue, and continues to the north to 34th Avenue. In 2004, CSX given the part of the High Line southern region of 30th Street to the metropolis. The new commitment, which is governed by final terms, will likely preserve some sort of spur that last longer than over 10th Opportunity at 30th Lane.

Name *:
Email *:
Code *:
Visitors

Share This On:
Google Translator
Search
Login form
Our poll
Rate my site
Total of answers: 17
Clock & Calendar

«  February 2012  »
SuMoTuWeThFrSa
   1234
567891011
12131415161718
19202122232425
26272829