Top Vulnerabilities to Windows Systems
W1 Internet Information Services (IIS)
W2 Microsoft Data Access Components (MDAC) --
Remote Data Services
W3 Microsoft SQL Server
W4 NETBIOS -- Unprotected Windows Networking
Shares
W5 Anonymous Logon -- Null Sessions
W6 LAN Manager Authentication -- Weak LM Hashing
W7 General Windows Authentication -- Accounts
with No Passwords or Weak Passwords
W8 Internet Explorer
W9 Remote Registry Access
W10 Windows Scripting Host
Top Vulnerabilities to Unix Systems
U1 Remote Procedure Calls (RPC)
U2 Apache Web Server
U3 Secure Shell (SSH)
U4 Simple Network Management Protocol (SNMP)
U5 File Transfer Protocol (FTP)
U6 R-Services -- Trust Relationships
U7 Line Printer Daemon (LPD)
U8 Sendmail
U9 BIND/DNS
U10 General Unix Authentication -- Accounts with No
Passwords or Weak Passwords
Which do you think are the easiest for kiddies?
Author: ShaolinTiger, Location: Kuala Lumpur, MalaysiaPosted: Fri Dec 06, 2002 11:37 am Post subject: ---- Internet Information Services (IIS) - Unicode.
Secure Shell (SSH) - The sploit comes as a binary and spawns a listener for you.
Both very easy.
Author: flw, Location: U.S.A.Posted: Fri Dec 06, 2002 9:48 pm Post subject: ----
Quote:
Secure Shell (SSH) - The sploit comes as a binary and spawns a listener for you.
Very True. Just had to do somework on this exact issue today.
Author: Jason, Posted: Sat Dec 07, 2002 2:29 am Post subject: Re: SANS Top 20 Threats ----
fastlanwan wrote:
Which do you think are the easiest for kiddies?
Anything that comes complete with 'sploit, one line manual and a lolly pop