CVE-1999-0534

A Windows NT user has inappropriate rights or privileges, e.g. Act as System, Add Workstation, Backup, Change System Time, Create Pagefile, Create Permanent Object, Create Token Name, Debug, Generate Security Audit, Increase Priority, Increase Quota, Load Driver, Lock Memory, Profile Single...

Think of a use webshell to run the system password of the way-vulnerability warning-the black bar safety net

Haiyang the webshell has a switch is to control what logged in webshell. Assumed to have been the target of the webshell, and collected some of the password, and the target has no ftp, mssql like the port is open, then we can be used to run the system password, try luck. Specific: Modify...

CVE-1999-0506

A Windows NT domain user or administrator account has a default, null, blank, or missing password...

Microsoft Windows NT 4.0/SP1/SP2/SP3/SP4/SP5 - RASMAN Privilege Escalation

source: https://www.securityfocus.com/bid/645/info Any authenticated NT user ie domain user can modify the pathname for the RASMAN binary in the Registry. The next time the RAS Service is started, the trojan service referenced by the RASMAN pathname will be executed with system privileges. This...

Microsoft Windows NT 4.0 SP5 Terminal Server 4.0 - Pass the Hash with Modified SMB Client

Microsoft Windows NT 4.0 SP5 Terminal Server 4.0 - Pass the Hash with Modified SMB Client source: https://www.securityfocus.com/bid/233/info A modified SMB client can mount shares on an SMB host by passing the username and corresponding LanMan hash of an account that is authorized to access the...