Windows 95 and 98 Shares Remain a Target
Reported August 19, 1998 by Mark Joseph Edwards

VERSIONS AFFECTED

  • All Non-NT Windows Platforms

DESCRIPTION

Rhino9 released an updated version of their Legion program, which automates the locating and connecting of Windows-based shares. The software depends on the user NOT protecting their shares with passwords BEFORE connecting to the Internet. The software also has a brute-force password cracking plug-in that can be used to find passwords for shares that are protected

DEMONSTRATION CODE:

Download Legion (2MB) from this site now.

SOLUTION

ALWAYS password protect your Windows-based shares - AND - if you"re on an NT network, highly consider enabling User--Level protection. User-Level protection causes share connections to be authenticated by the NT Server instead of a simple user-defined password.

If you must use share-level protection (simple per-share passwords), then definitely employ complex and long passwords that include a wide variety of characters, such as a mixture of "!@#$%^&*()_+=-\[\]\}\{\\":";?><,./", numbers, and up/lower case letters. While passwords ARE in fact crackable by brute force over time, creating complex passwords helps to make brute force cracking attempts long and painful, and usually not worth the effort to the potential intruder.

To learn more about NT Security concerns, subscribe to NTSD

Credits
- Originally reported by Mark Joseph Edwards
- Posted on The NT Shop on August 19, 1998