The Crux of NT Security - Phase 2

by Hal Flynn
Sept. 19, 2017 0 comments Symantec

Before actually touching on how to secure an NT host from all those script kiddies, let's talk about NT intrusion technique. In order to do that, we need to understand how NT is accessed from across a network. NT was not built as a multi-user operating system (other than Terminal Server versions... they assume a whole new can of worms which we won't discuss here). Without modification, there is no way to establish an interactive shell account with an NT server. Thus, attackers generally gain access to a machine without the ability to execute commands on the local machine. They can read files from the server and write files to the server just like any user with proper rights can access a share... but the server will not execute code for them. For instance, a user may have access to a share with the executable winword.exe in it. The user may have rights to overwrite the file or delete the file, but they do not have rights to make the server launch the file. When they launch the file from

https://www.symantec.com/connect/articles/crux-nt-security-phase-2