_____________________________________________________________________ b u f f e r 0 v e r f l 0 w s e c u r i t y a d v i s o r y # 2 Advisory Name: NetOp, Bypass of NT Security to retrieve files Date: 12/4/00 Application: NetOp Remote Control Vendor: Danware WWW: www.netop.dk Severity: Any user can browse and even download files from the remote computer Author: axess ( axess@mail.com ) Homepage: www.b0f.com * Overview NetOp is a remote administrator control tool that allows you to capture the screen and it will act as if you were infront of it. Its a client / host based software. * The Problem By default there is no account set up for verify that you are authorised to use the host software running on the server and anyone that has an client f or it can access the screen. Default port 6502 is used. I have done a lot of testing of this and found out that most of the peo ple running it dont use the accounts that can be set up to verify with an account a nd password that u are allowed to use the host. They rely on the NT security with locking the screen that should be eno ugh. So if we log on we get a normal screen that says login with administrat or account. Not easy to bypass, but then there is a function that you can use calle d file transfer. I use that method and a screen that looks like explorer will appear and you can download sam._ or what ever file you want and start cracking it while just bypas sing all the NT security. * Vulnerable Versions Version 6 is the only one tested but i beleive all versions prior to that is vulnerable. * Fix 6.5 has just been released and uses the NT security that will fix this problem. copyright © 1999-2000 axess , buffer0verfl0w security www.b0f.com