Damon Cortesi's blog

Musings of an entrepreneur.

A Couple Notes About Security

| Comments

Kasia has a good post about secure access to your server that includes some very good points about securing SSH, a very common means of remote authentication and one that is also currently being exploited.

How about a common source of trouble in Windows networks? Blank or weak Administrator passwords on workstations. Even though Windows XP resolves this by not letting you use blank passwords across the network, there are enough Win2K machines out there to still cause trouble. One easy way to check it is with a simple FOR loop. Say you have a text file of IP addresses or host names that you would like to check. You can run this command:

C:>for /F %i IN (hostlist.txt) DO net use \%i\IPC$ /u:administrator “” && IF ERRORLEVEL 0 echo Blank Admin - %i >> blankadmins.txt
You can hack that up to be prettier, but that gets the job done.

Now say you didn’t want to bother with getting those hostnames into the text file. You could make this a little bit easier on yourself if you wanted to check a specific domain:

C:>FOR /F “skip=3 tokens=1*” %i IN (‘net view /domain:DomainName’) DO net use %i\IPC$ /u:administrator “” && IF ERRORLEVEL 0 echo Blank Admin - %i >> blankadmins.txt
This will loop through all the computer names displayed by the net view command and try to auth to the IPC$ share as administrator using a blank password. Note: If you use this command in a batch file, you have to use %%i. See ‘help for’ for more info.

Now go see how many of your local admin passwords are blank. ;)