|\===================================================================/|
| \         SWAT MAGAZINE ISSUE TWENTY FIVE JANUARY 2000            / |
|  \_______________________________________________________________/  |
|  /===============================================================\  |
| /=================    Hacking WIndows 2000         ===============\ |
|/==================        By _Smurf_               ================\|

Happy New Year ! 

Here i will show you some new hacking information on another Microsoft
product.Windows 2000

Here we go.

Microsoft has made security "invisible" to the future home user: 
during the install the installer is prompted for a Administrator 
password - which they set. The installer is also asked to supply the 
name of the person the product is to be registered to - for example
"The _Smurf_". If the machine is not going to be joined to a domain, 
and they never are in the case of a home user, Windows 2000 then 
silently takes this name and creates an ADMINISTRATIVE user out of it 
and does NOT set a password for this account. It then sets values in 
the Winlogon registry key to Autologon the user without having to go 
through the rigmarole of Control+Alt+Deleting. This security is made 
invisible to the user.

Unfortintally the default telnet the service is not started.
well we can enable it remotley ! how u can ask ! heres how..
the service can be started remotely by an administrator using DCOM. 
All we need then is an Administrative UserID and password. which we 
know, if we know who Win2k is regged to. All we need to do to find out 
who is logged onto a particular machine is issue the following command
from our machine:
nbtstat -A IP
and we can get the name of the user currently logged on - for the home
user it'll be the "The _Smurf_" account.

What we need is another way to get the telnet service started.
One way to do this is embed some VBScript in HTML or e-mail


<OBJECT id =tlnt classid="clsid:FE9E48A4-A014-11D1-855C-00A0C944138C"></OBJECT>


If an HTML document is opened with this script in it the telnet server 
will be silently launched.

This information was found by and was used by me :o)
David Litchfield
http://www.arca.com
http://www.infowar.co.uk/mnemonix/




Thanks For Reading. Keep Hacking..
_Smurf_
ICQ   : 19084839
Email : the.smurf@virgin.net