Good guys annouce security weaknesses, the bad guys keep them to themselves...

This page will attempt to list all known NT Exploits used in hacking NT security, and application security related to an NT system. If you know of hacks, security bugs, patches, workarounds, or additional information which may be relevant to this list, please e-mail us nthacks@hidata.com. Non-hyperlinked attacks below exist but I haven't gotten around to writing a page on it.

Thanks to the NT security mailing list at ntsecurity@iss.net, sister (or copycat) sites such as http://www.ntshop.net/security/exploits.htm, and contributors to this list.

If you wish to subscribe to the NT security mailing list, send mail to request-ntsecurity@iss.net and, in the text of your message (not the subject line), write: subscribe ntsecurity.

Bill Stout

Trojans Dlls Password Syncronizing DLL abuse Rollback.exe Renamed Executables Application Attacks MS Office 7.0 FileManager hole MS Access 1.0/2.0 SIDs MS Word/Excel Macro virus Passwords Guessing/Brute force Snooping Cracking (decrypting) Password caching Direct access Ntfsdos.exe Linux ntfs Other Local Attacks Win32K Crash

Denial of Service Ping of Death SYN Attack IIS Crash (GET ../..) CPU Attacks (Telnet to port XX) Unauthorized File deletion SMB Crash (Dir ..\) Snooping Nbtstat Scanners Sniffing data Man in the Middle SMB Hijacking SMB Downgrade (force clear text passwords) SMB 0.12 encrypted handshake intercept TCP Sequence Number Prediction Registry attacks Registry open to guest access Registry automatic write by .reg files Webserver attacks CGI/Active Server Perl & cgi-bin IIS Guest access same as Domain User IIS .BAT/.CMD IIS Dot dot /..\.. IIS Truncate IIS Redirect Application security bugs Frontpage 1.1 Default permissions MS Office 7.0 FileManager hole Systems Management Server Microsoft SNA AS/400 shared LU ID FTP Server Passive connection support Browsers Active-X Java Javascript Cookies COM/OLE

Security Checklists - Coming soon

Site Survey - Coming soon

Robert Malmgren created a most impressive FAQ at http://www.it.kth.se/~rom/ntsec.html

Community Connection, the maker of a 128-bit encrypted version of the Apache webserver called Stronghold, has a NT Hack site at http://www.c2.net/hackmsoft/.

A comprehensive NT Security book and more info is available from Tom Sheldon at: http://www.ntresearch.com.

At least three other NT Security books are due someday from Charlie Rutstein, Trusted Informations Systems, and Mark Joseph Edwards/Peter Cardin/Andy Pozo.

Windows, Windows NT, Microsoft, and IIS are trademarks of Microsoft Corporation.