• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

What do you make of this?? - Event Viewer logs

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
INFOSECNYC
Just Arrived
Just Arrived


Joined: 16 Oct 2002
Posts: 0
Location: Earth

Offline

PostPosted: Sun Mar 30, 2003 4:27 am    Post subject: What do you make of this?? - Event Viewer logs Reply with quote

Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 642
Date: 3/26/2003
Time: 11:38:17 AM
User: LAPTOP\Administrator
Computer: LAPTOP
Description:
User Account Changed:
-
Target Account Name: Administrator
Target Domain: LAPTOP
Target Account ID: LAPTOP\Administrator
Caller User Name: Administrator
Caller Domain: LAPTOP
Caller Logon ID: (0x0,0x80F5)
Privileges: -

------------------------------------------------------------
Event Type: Failure Audit
Event Source: Security
Event Category: Account Management
Event ID: 627
Date: 3/26/2003
Time: 11:38:14 AM
User: LAPTOP\Administrator
Computer: LAPTOP
Description:
Change Password Attempt:
Target Account Name: Administrator
Target Domain: LAPTOP
Target Account ID: LAPTOP\Administrator
Caller User Name: Administrator
Caller Domain: LAPTOP
Caller Logon ID: (0x0,0x80F5)
Privileges: -
----------------------------------------------------------------------------
Event Type: Failure Audit
Event Source: Security
Event Category: Account Management
Event ID: 627
Date: 3/26/2003
Time: 11:38:10 AM
User: LAPTOP\Administrator
Computer: LAPTOP
Description:
Change Password Attempt:
Target Account Name: Administrator
Target Domain: LAPTOP
Target Account ID: LAPTOP\Administrator
Caller User Name: Administrator
Caller Domain: LAPTOP
Caller Logon ID: (0x0,0x80F5)
Privileges: -
----------------------------------------------------------------------
Event Type: Failure Audit
Event Source: Security
Event Category: Account Management
Event ID: 627
Date: 3/26/2003
Time: 11:37:30 AM
User: LAPTOP\Administrator
Computer: LAPTOP
Description:
Change Password Attempt:
Target Account Name: Administrator
Target Domain: LAPTOP
Target Account ID: LAPTOP\Administrator
Caller User Name: Administrator
Caller Domain: LAPTOP
Caller Logon ID: (0x0,0x80F5)
Privileges: -
--------------------------------------------------------------------
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 642
Date: 3/26/2003
Time: 11:37:29 AM
User: LAPTOP\Administrator
Computer: LAPTOP
Description:
User Account Changed:
-
Target Account Name: Guest
Target Domain: LAPTOP
Target Account ID: LAPTOP\Guest
Caller User Name: Administrator
Caller Domain: LAPTOP
Caller Logon ID: (0x0,0x80F5)
Privileges: -

-----------------------------------------------------------------
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 642
Date: 3/26/2003
Time: 11:37:28 AM
User: LAPTOP\Administrator
Computer: LAPTOP
Description:
User Account Changed:
'Password Not Required' - Enabled
Target Account Name: Guest
Target Domain: LAPTOP
Target Account ID: LAPTOP\Guest
Caller User Name: Administrator
Caller Domain: LAPTOP
Caller Logon ID: (0x0,0x80F5)
Privileges: -
-----------------------------------------------------------------
Event Type: Failure Audit
Event Source: Security
Event Category: Account Management
Event ID: 627
Date: 3/26/2003
Time: 11:37:27 AM
User: LAPTOP\Administrator
Computer: LAPTOP
Description:
Change Password Attempt:
Target Account Name: Administrator
Target Domain: LAPTOP
Target Account ID: LAPTOP\Administrator
Caller User Name: Administrator
Caller Domain: LAPTOP
Caller Logon ID: (0x0,0x80F5)
Privileges: -
--------------------------------------------------------------------
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 627
Date: 3/26/2003
Time: 11:37:23 AM
User: LAPTOP\Administrator
Computer: LAPTOP
Description:
Change Password Attempt:
Target Account Name: Guest
Target Domain: LAPTOP
Target Account ID: LAPTOP\Guest
Caller User Name: Administrator
Caller Domain: LAPTOP
Caller Logon ID: (0x0,0x80F5)
Privileges: -

------------------------------------------------------------
Can anyone explain the above? Thanks.
------------------------------------------------------------
This is a standalone server (wink2kserver/IIS).
What you see above is from Event Viewer, Security.
LAPTOP is the name of the computer.


Last edited by INFOSECNYC on Sun Mar 30, 2003 5:33 am; edited 4 times in total
Back to top
View user's profile Send private message
Giro
New Member
New Member


Joined: 25 Mar 2004
Posts: 22
Location: England

Offline

PostPosted: Sun Mar 30, 2003 5:15 am    Post subject: Reply with quote

Did anyone see it?? I didnt just thought it was a 127.0.0.1 scan.
Back to top
View user's profile Send private message
ThePsyko
SF Mod
SF Mod


Joined: 17 Oct 2002
Posts: 16777178
Location: California

Offline

PostPosted: Sun Mar 30, 2003 5:31 am    Post subject: Reply with quote

Either that or somebody took an early lunch and left their laptop unlocked and logged in
Back to top
View user's profile Send private message Send e-mail
flw
Forum Fanatic
Forum Fanatic


Joined: 27 May 2002
Posts: 16777215
Location: U.S.A.

Offline

PostPosted: Mon Mar 31, 2003 5:43 am    Post subject: Reply with quote

basic info on events:

Event ID 627 : NT AUTHORITY\ANONYMOUS is trying to change a password

Event ID 642: You can use the Client User Name, Client Domain, and Client Logon ID fields to identify the user who changed the account (as you use the Caller User Name, Caller Domain, and Caller Logon ID fields).
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register