Microsoft pptp vpn vulnerabilities Exploits in Action


MS PPTP Vulnerabilities Overview



Download 2 Mb.
Pdf ko'rish
bet23/144
Sana16.01.2022
Hajmi2 Mb.
#372744
1   ...   19   20   21   22   23   24   25   26   ...   144
Bog'liq
microsoft-pptp-vpn-vulnerabilities-exploits-action 337

1.7 MS PPTP Vulnerabilities Overview
This document will cover in considerable detail 5 exploits of vulnerabilities 
in the Microsoft implementation of PPTP and real lab based demonstrations of 
the exploits in action.
The vulnerabilities are summarized as:
DoS (Denial of Service): Can cause system to crash by attacking TCP/IP 

port 1723 on the listening server.
DoS: Can cause system to crash by attacking GRE (protocol 47) 

listening port on server
DoS: Can cause system crash by attacking GRE (protocol 47) listening 

port on server (another variation).
Information Compromise: Retrieve and quickly crack LANMAN hash 

from MSCHAP version 1 clients.
Information Compromise: Retrieve and quickly crack NT hash from 

MSCHAP version 2 clients.
Information Compromise: Spoof VPN server to intercept VPN traffic log 

enough to retrieve client has information.
Some of these vulnerabilities are fixed in later implementations, but others still 
remain even in the latest versions of Windows NT, 2000, & XP fully patched and 
updated as of June 30
th
2002. There are a number of registry hacks and not so 
easily found hot-fixes that can reduce some of these risks, but these tests were 
done under the common practice that most administrators follow of just 
performing the quickly and easily implemented updates, and not the laborious 
manual manipulations that are required for some, but not necessarily all of 
these issues to be resolved.

Download 2 Mb.

Do'stlaringiz bilan baham:
1   ...   19   20   21   22   23   24   25   26   ...   144




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish