INFOSEC Assessment and Vulnerability Windows Scanner version

Server report for 192.168.196.10
Produced Jan 28, 2002 at 9:12
Information is confidential and for internal use only

Base Server Information
Description Values
Server Name   192.168.196.10  
Domain Name    
Server Mode   Windows Server  
Server Uptime   24 hours 11 minutes 45 seconds  
Processor Speed (Mhz)   450  
Number of Processors   1  
Processor Vendor   GenuineIntel  
Physical Memory (MB)   160  
Operating System   Microsoft Windows 2000  
Service Pack Installed   Unknown  
Processor Revision   x86 Family 6 Model 5 Stepping 2  
BIOS Version   Phoenix ROM BIOS PLUS Version 1.10 A06  
BIOS Date   04/28/99  
Processor Type   Intel Pentium II or Pentium II Xeon or Celeron  
System Manufacturer   Dell Computer Corporation  
System Model   OptiPlex GX1 450MTbr+  
Available Disk Drives Found and Current Space Limits
Drive Letter Maximum Size Available Free Space
C:   2.00 GB   0.81 GB  
D:   2.00 GB   0.95 GB  
E:   2.00 GB   0.84 GB  
G:   3.87 GB   0.94 GB  
H:   4.00 GB   0.81 GB  
I:   19.01 GB   17.23 GB  



IP Addressing
Address Subnet Gateway DHCP
10.130.1.3   255.255.0.0     No  
192.168.196.10   255.255.255.248   192.168.196.9   No  



Current Local Security Auditing Settings
Auditable Event Setting
Process Tracking   None  
Restart and Shutdown System   Failure  
User/Group Mgmt   Success and Failure  
File and Object Access   None  
Security Policy Changes   Failure  
Logon and Logoff   Failure  
Use of User Rights   Failure  



List of Hotfixes found installed
Hotfix Name Description
Q147222/    
Q253934/   Windows 2000 Hotfix (Pre-Sp1) [See Q253934 for more information]  
Q259728/   Windows 2000 Hotfix (Pre-SP1) [See Q259728 for more information]  
Q280838/   Windows 2000 Hotfix (Pre-SP2) [See Q280838 for more information]  
Q285985/   Windows 2000 Hotfix (Pre-SP3) [See Q285985 for more information]  
Q291845/   Windows 2000 Hotfix (Pre-SP2) [See Q291845 for more information]  
Q293826/   Windows 2000 Hotfix (Pre-SP3) [See Q293826 for more information]  



List of Local User Accounts and Configuration Settings
User Name Comment User UID # Last Logon Last Logoff Disabled Password Expires Account Expires Password Locked Account Locked Out No Password Required
Administrator   Built-in account for administering the computer/domain   500   Mon Jan 28 09:08:49 2002   Mon Jan 28 09:08:49 2002   NO   NO   NO   NO   NO   NO  
Guest   Built-in account for guest access to the computer/domain   501   Never   Never   YES   NO   NO   YES   NO   YES  
home     1003   Wed Sep 26 16:29:40 2001   Wed Sep 26 16:29:40 2001   NO   YES   YES   NO   NO   NO  
IUSR_NASHVILLE2000   Built-in account for anonymous access to Internet Information Services   1001   Mon Jan 28 09:09:36 2002   Mon Jan 28 09:09:36 2002   NO   NO   NO   YES   NO   YES  
IWAM_NASHVILLE2000   Built-in account for Internet Information Services to start out of process applications   1002   Mon Jan 28 09:09:37 2002   Mon Jan 28 09:09:37 2002   NO   NO   NO   YES   NO   YES  
SQLAgentCmdExec   SQL Server Agent CmdExec Job Step Account   1012   Never   Never   NO   NO   NO   YES   NO   NO  
TsInternetUser   This user account is used by Terminal Services.   1000   Never   Never   NO   NO   NO   YES   NO   YES  



List of Local Groups and Members
Group Name Domain or Server Account User Name
Administrators   UKSTAP0030   administrator  
Guests   UKSTAP0030   Guest  
Guests   UKSTAP0030   TsInternetUser  
Guests   UKSTAP0030   IUSR_NASHVILLE2000  
Guests   UKSTAP0030   IWAM_NASHVILLE2000  
Users   NT AUTHORITY   INTERACTIVE  
Users   NT AUTHORITY   Authenticated Users  
Users   UKSTAP0030   home  
Users   UKSTAP0030   SQLAgentCmdExec  
NASHVILLE2000 Admins   BUILTIN   Administrators  



Installed Server Services and Status
Display Name Service Name State Account Executable Startup
Adiscon EvntSLog   Adiscon EvntSLog   Stopped   LocalSystem   I:\syslog\evntslog.exe   Manual  
Alerter   Alerter   Running   LocalSystem   H:\WINNT\System32\services.exe   Automatic  
Network Associates Alert Manager   AlertManager   Running   LocalSystem   H:\PROGRA~1\NETWOR~1\NETSHI~1\AMGRSRVC.EXE   Automatic  
Apache   Apache   Stopped   LocalSystem   "H:\Program Files\Apache Group\Apache\Apache.exe" --ntservice   Manual  
Application Management   AppMgmt   Stopped   LocalSystem   H:\WINNT\system32\services.exe   Manual  
ASGMonitor   ASGMonitor   Stopped   .\administrator   c:\winnt\system32\srvany.exe   Manual  
BlackICE   BlackICE   Stopped   LocalSystem   "H:\Program Files\Network ICE\BlackICE\blackd.exe"   Manual  
Computer Browser   Browser   Running   LocalSystem   H:\WINNT\System32\services.exe   Automatic  
Indexing Service   cisvc   Stopped   LocalSystem   H:\WINNT\system32\cisvc.exe   Manual  
ClipBook   ClipSrv   Stopped   LocalSystem   H:\WINNT\system32\clipsrv.exe   Manual  
Distributed File System   Dfs   Running   LocalSystem   H:\WINNT\system32\Dfssvc.exe   Automatic  
DHCP Client   Dhcp   Running   LocalSystem   H:\WINNT\System32\services.exe   Automatic  
DHCP Server   DHCPServer   Stopped   LocalSystem   H:\WINNT\System32\tcpsvcs.exe   Manual  
Logical Disk Manager Administrative Service   dmadmin   Stopped   LocalSystem   H:\WINNT\System32\dmadmin.exe /com   Manual  
Logical Disk Manager   dmserver   Running   LocalSystem   H:\WINNT\System32\services.exe   Automatic  
DNS Server   DNS   Stopped   LocalSystem   H:\WINNT\System32\dns.exe   Disabled  
DNS Client   Dnscache   Running   LocalSystem   H:\WINNT\System32\services.exe   Automatic  
ACE-SNMP Element Manager   ELMTMGR   Stopped   LocalSystem   c:\ace-elmmgr\system\ElmServ.exe   Manual  
Enterprise Monitor   EMonitor   Running   LocalSystem   C:\EnterpriseMonitor\em50.exe   Automatic  
Event Log   Eventlog   Running   LocalSystem   H:\WINNT\system32\services.exe   Automatic  
COM+ Event System   EventSystem   Running   LocalSystem   H:\WINNT\System32\svchost.exe -k netsvcs   Manual  
Fax Service   Fax   Stopped   LocalSystem   H:\WINNT\system32\faxsvc.exe   Manual  
Internet Authentication Service   IAS   Running   LocalSystem   H:\WINNT\System32\svchost.exe -k netsvcs   Automatic  
IIS Admin Service   IISADMIN   Running   LocalSystem   H:\WINNT\System32\inetsrv\inetinfo.exe   Automatic  
Intersite Messaging   IsmServ   Stopped   LocalSystem   H:\WINNT\System32\ismserv.exe   Disabled  
Kerberos Key Distribution Center   kdc   Stopped   LocalSystem   H:\WINNT\System32\lsass.exe   Disabled  
Kiwi's Syslog Daemon   Kiwi's Syslog Daemon   Running   LocalSystem   H:\Program Files\Syslogd\Syslogd_Service.exe   Automatic  
Server   lanmanserver   Running   LocalSystem   H:\WINNT\System32\services.exe   Automatic  
Workstation   lanmanworkstation   Running   LocalSystem   H:\WINNT\System32\services.exe   Automatic  
License Logging Service   LicenseService   Running   LocalSystem   H:\WINNT\System32\llssrv.exe   Automatic  
TCP/IP NetBIOS Helper Service   LmHosts   Running   LocalSystem   H:\WINNT\System32\services.exe   Automatic  
TCP/IP Print Server   LPDSVC   Running   LocalSystem   H:\WINNT\System32\tcpsvcs.exe   Automatic  
Network Associates McShield   McShield   Running   LocalSystem   "H:\Program Files\Network Associates\NetShield NT\MCSHIELD.EXE"   Automatic  
Network Associates Task Manager   McTaskManager   Running   LocalSystem   H:\PROGRA~1\NETWOR~1\NETSHI~1\VSTSKMGR.EXE   Automatic  
Messenger   Messenger   Running   LocalSystem   H:\WINNT\System32\services.exe   Automatic  
NetMeeting Remote Desktop Sharing   mnmsrvc   Paused   LocalSystem   H:\WINNT\System32\mnmsrvc.exe   Automatic  
Distributed Transaction Coordinator   MSDTC   Stopped   LocalSystem   H:\WINNT\System32\msdtc.exe   Manual  
FTP Publishing Service   MSFTPSVC   Running   LocalSystem   H:\WINNT\System32\inetsrv\inetinfo.exe   Automatic  
Windows Installer   MSIServer   Stopped   LocalSystem   H:\WINNT\system32\msiexec.exe /V   Manual  
MSSQLServer   MSSQLServer   Stopped   LocalSystem   H:\MSSQL7\binn\sqlservr.exe   Automatic  
Network DDE   NetDDE   Stopped   LocalSystem   H:\WINNT\system32\netdde.exe   Manual  
Network DDE DSDM   NetDDEdsdm   Stopped   LocalSystem   H:\WINNT\system32\netdde.exe   Manual  
Net Logon   Netlogon   Stopped   LocalSystem   H:\WINNT\System32\lsass.exe   Manual  
Network Connections   Netman   Running   LocalSystem   H:\WINNT\System32\svchost.exe -k netsvcs   Manual  
Network News Transport Protocol (NNTP)   NntpSvc   Stopped   LocalSystem   H:\WINNT\System32\inetsrv\inetinfo.exe   Manual  
File Replication   NtFrs   Stopped   LocalSystem   H:\WINNT\system32\ntfrs.exe   Manual  
NT LM Security Support Provider   NtLmSsp   Stopped   LocalSystem   H:\WINNT\System32\lsass.exe   Manual  
Removable Storage   NtmsSvc   Running   LocalSystem   H:\WINNT\System32\svchost.exe -k netsvcs   Automatic  
Office Server Extensions Notification Service   OWSTimer   Running   LocalSystem   H:\Program Files\Microsoft Office\Office\OWSTIMER.EXE   Automatic  
Perl Socket Service   PerlSock   Running   LocalSystem   G:\Perl\bin\PerlSock.exe   Automatic  
PGPsdkService   PGPsdkServ   Running   LocalSystem   H:\WINNT\System32\PGPsdkServ.exe   Automatic  
PGPService   PGPService   Running   LocalSystem   "H:\Program Files\Network Associates\PGP for Windows 2000\PGPservice.exe"   Automatic  
Plug and Play   PlugPlay   Running   LocalSystem   H:\WINNT\system32\services.exe   Automatic  
IPSEC Policy Agent   PolicyAgent   Stopped   LocalSystem   H:\WINNT\System32\lsass.exe   Disabled  
Protected Storage   ProtectedStorage   Running   LocalSystem   H:\WINNT\system32\services.exe   Automatic  
Remote Access Auto Connection Manager   RasAuto   Stopped   LocalSystem   H:\WINNT\System32\svchost.exe -k netsvcs   Manual  
Remote Access Connection Manager   RasMan   Running   LocalSystem   H:\WINNT\System32\svchost.exe -k netsvcs   Manual  
Routing and Remote Access   RemoteAccess   Running   LocalSystem   H:\WINNT\System32\svchost.exe -k netsvcs   Automatic  
Remote Registry Service   RemoteRegistry   Running   LocalSystem   H:\WINNT\system32\regsvc.exe   Automatic  
Remote Procedure Call (RPC) Locator   RpcLocator   Stopped   LocalSystem   H:\WINNT\System32\locator.exe   Manual  
Remote Procedure Call (RPC)   RpcSs   Running   LocalSystem   H:\WINNT\system32\svchost -k rpcss   Automatic  
QoS RSVP   RSVP   Stopped   LocalSystem   H:\WINNT\System32\rsvp.exe -s   Manual  
Security Accounts Manager   SamSs   Running   LocalSystem   H:\WINNT\system32\lsass.exe   Automatic  
Smart Card Helper   SCardDrv   Stopped   LocalSystem   H:\WINNT\System32\SCardSvr.exe   Manual  
Smart Card   SCardSvr   Stopped   LocalSystem   H:\WINNT\System32\SCardSvr.exe   Manual  
Task Scheduler   Schedule   Running   LocalSystem   H:\WINNT\system32\MSTask.exe   Automatic  
RunAs Service   seclogon   Running   LocalSystem   H:\WINNT\system32\services.exe   Automatic  
System Event Notification   SENS   Running   LocalSystem   H:\WINNT\system32\svchost.exe -k netsvcs   Automatic  
Internet Connection Sharing   SharedAccess   Stopped   LocalSystem   H:\WINNT\System32\svchost.exe -k netsvcs   Manual  
Simple Mail Transport Protocol (SMTP)   SMTPSVC   Running   LocalSystem   H:\WINNT\System32\inetsrv\inetinfo.exe   Automatic  
SNMP Service   SNMP   Running   LocalSystem   H:\WINNT\System32\snmp.exe   Automatic  
SNMP-Sentry Framework   SNMP-Sentry   Stopped   LocalSystem   c:\snmp-sentry\system\FxServ.exe   Manual  
SNMP Trap Service   SNMPTRAP   Stopped   LocalSystem   H:\WINNT\System32\snmptrap.exe   Manual  
Print Spooler   Spooler   Stopped   LocalSystem   H:\WINNT\system32\spoolsv.exe   Manual  
SQLServerAgent   SQLServerAgent   Stopped   LocalSystem   H:\MSSQL7\binn\sqlagent.exe   Manual  
Performance Logs and Alerts   SysmonLog   Stopped   LocalSystem   H:\WINNT\system32\smlogsvc.exe   Manual  
Telephony   TapiSrv   Running   LocalSystem   H:\WINNT\System32\svchost.exe -k tapisrv   Manual  
Terminal Services   TermService   Running   LocalSystem   H:\WINNT\System32\termsrv.exe   Automatic  
Telnet   TlntSvr   Stopped   LocalSystem   H:\WINNT\system32\tlntsvr.exe   Manual  
Distributed Link Tracking Server   TrkSvr   Stopped   LocalSystem   H:\WINNT\system32\services.exe   Manual  
Distributed Link Tracking Client   TrkWks   Running   LocalSystem   H:\WINNT\system32\services.exe   Automatic  
Uninterruptible Power Supply   UPS   Stopped   LocalSystem   H:\WINNT\System32\ups.exe   Manual  
Utility Manager   UtilMan   Stopped   LocalSystem   H:\WINNT\System32\UtilMan.exe   Manual  
Windows Time   W32Time   Stopped   LocalSystem   H:\WINNT\System32\services.exe   Manual  
World Wide Web Publishing Service   W3SVC   Running   LocalSystem   H:\WINNT\System32\inetsrv\inetinfo.exe   Automatic  
Windows Management Instrumentation   WinMgmt   Running   LocalSystem   H:\WINNT\System32\WBEM\WinMgmt.exe   Automatic  
Windows Internet Name Service (WINS)   WINS   Stopped   LocalSystem   H:\WINNT\System32\wins.exe   Manual  
VNC Server   winvnc   Stopped   LocalSystem   "H:\Program Files\ORL\VNC\WinVNC.exe" -service   Manual  
WMDM PMSP Service   WMDM PMSP Service   Running   LocalSystem   H:\WINNT\System32\mspmspsv.exe   Automatic  
Windows Management Instrumentation Driver Extensions   Wmi   Running   LocalSystem   H:\WINNT\system32\Services.exe   Manual  
MySql   MySql   Stopped   LocalSystem   G:/php-nuke/m/bin/mysqld-shareware.exe   Disabled  



Installed Software Found Listed Under The Uninstall Key
Software Description
1st Page 2000 2.00 Free  
AY Spy  
AceHTML 4 Freeware  
ActivePerl Build 620  
ActivePerl build 518  
ActiveState Komodo 1.1.2 Build 23917  
ActiveState Perl Dev Kit Build 208  
Adobe Acrobat 4.0  
Advanced Administrative Tools  
Apache HTTP Server 1.3.22  
Aventail Connect 4.1.2  
BlackICE  
Citrix ICA Client  
Copernic 2001 Basic  
Cybercop Scanner  
DBTools  
EventReporter  
Excel Key - 4.1.1 Demo  
Extranet Access Client  
GNATBox  
HWTools  
IPsearch  
Java 2 Runtime Environment Standard Edition v1.3.1  
Kiwi Logfile Viewer  
Kiwi Syslog Daemon  
Kiwi's CatTools  
L0phtCrack 2.5  
LANgaurd Network Scanner  
MSN Messenger 4.6  
Microsoft FrontPage 98  
Microsoft Image Composer 1.5  
Microsoft Internet Explorer 6  
Microsoft Money 2001  
Microsoft Office 2000 SR-1 Professional  
Microsoft SQL Server 7.0  
NetLab for Win95/NT  
NetShield NT v4.0.3a (Licensed)  
Netscape Communicator 4.77  
New.net Application  
Office Server Extensions  
Opera 5 (Win32)  
PGP Desktop Security 7.0  
QuickCam  
RealDownload  
RealJukebox  
RealPlayer 5.0  
RealPlayer Basic  
Remote Desktop Connection  
Retina  
Sam Spade version 1.14  
SystemTools DumpSec  
TaxCut 2001  
UltraEdit-32 Uninstall  
Van Dyke Technologies SecureCRT 3.3  
Visio Enterprise  
Web Page Creator  
WebFldrs  
WebStripper  
WinVNC 3.3.3  
WinZip  
Windows 2000 Hotfix (Pre-SP1) [See Q259728 for more information]  
Windows 2000 Hotfix (Pre-SP2) [See Q280838 for more information]  
Windows 2000 Hotfix (Pre-SP2) [See Q291845 for more information]  
Windows 2000 Hotfix (Pre-SP3) [See Q285985 for more information]  
Windows 2000 Hotfix (Pre-SP3) [See Q293826 for more information]  
Windows 2000 Hotfix (Pre-Sp1) [See Q253934 for more information]  
Windows Media Player 7.1  
Windows Registry Guide  
b3d Projector  
inzider  
webHancer Customer Companion  



Local Security Policy Settings and Recommendations
Key Description Current Value Recommended Value Rating
Additional restrictions for anonymous connections   1   2   Recommended  
Allow server operators to schedule tasks (domain controllers only)   0   0   Recommended  
Allow system to be shut down without having to log on   0   Disabled   Critical  
Allowed to eject removable NTFS media   0   Administrators    
Amount of idle time required before disconnecting session   15   0x3c 60 minutes   Recommended  
Audit the access of global system objects   0   0   Recommended  
Audit use of Backup and Restore privilege   0   0   Recommended  
Automatically log off users when logon time expires   1   1   Critical  
Clear virtual memory pagefile when system shuts down   0   Disabled   Recommended  
Digitally sign client communication (always)   0   0   Recommended  
Digitally sign client communication (when possible)   1   1   Recommended  
Digitally sign server communication (always)   0   0   Recommended  
Digitally sign server communication (when possible)   0   1   Recommended  
Disable Ctrl+Alt+Del requirement for to logon   0   Disabled   Critical  
Do not display last username in logon screen   0   Enabled   Critical  
LAN Manager Authentication Level   0   1   Critical  
Message text for users attempting to log on       Critical  
Message title for users attempting to log on       Critical  
Number of previous logons to cache (in case domain controller is not available)   10   10 logons   Recommended  
Prevent system maintenance of server account password   0   Enabled   Recommended  
Prevent users from installing printer drivers   1   1   Recommended  
Prompt user to change password before expiration   14   0x0e 14 days   Recommended  
Recovery Console - Allow automatic administrative logon   0   Disabled    
Recovery Console - Allow floppy copy and access to all drives and all folders   0   Disabled    
Restrict CD-ROM access to locally logged-on user only   0   Disabled   Recommended  
Restrict floppy access to locally logged-on user only   0   Disabled   Recommended  
Encrypt or sign secure channel data (always)   0   Disabled   Recommended  
Encrypt secure channel data (when possible)   1   Enabled   Recommended  
Sign secure channel data (when possible)   1   Enabled   Recommended  
Require strong (Windows 2000) session key   0   Disabled   Recommended  
Send unencrypted password to connect to SMB servers   0   Disabled   Recommended  
Shut down system if unable to log security audits   0   Disabled   Recommended  
Smart card removal behavior   0   No Action   Recommended  
Strengthen default permissions of global system objects (e.g. Symbolic Links)   1   Enabled   Recommended  



Registry Settings Current and Recommended
Key Description Current Value Recommended Value Rating
Default Domain Name   UKSTAP0030   US   Info  
Number of Cached Logons   10   3   Info  
Automatic Admin Logon   0   0   Required  
Shutdown without loggin in   0   0   Required  
Restrict Anonymous network access   1   1   Required  
Restrict Null Sessions     1   Info  
Restrict adding Print Drivers   1   1   Info  
Restrict access to Command Scheduler   0   0   Required  
Disable CDROM Autorun   1   1   Info  
Enable truncationg file extensions   1   0   Info  
Idle Network time   15   30   Info  
Disable auto admin share creation     0   Info  
Reboot on BSOD   1   1   Info  
Dump swap on crash   1   1   Info  
Send alerts to     1   Info  
Restrict Application log     1   Required  
Restrict System log     1   Required  
Restrict Security log     1   Required  
Posix subsystem existance   Not Found   Not Found   Required  
OS/2 subsystem existance   Not Found   Not Found   Required  
Os2LibPath existance   Not Found   Not Found   Required  
Restrict 8.3 compatable file names   0   1   Info  
Authentication Scheme   0   1   Info  
Disable save password for RAS     1   Info  
Stop Known DLL Exploits   1   1   Required  
CDROM local access only   0   1   Info  
Floppy drive local access only   0   1   Info  
Disable IP Source Routing     1   Info  
Enable SynAttackProtection     2   Required  
W2K - Do not display last username   0   1   Required  
W2K - Legal Notice Caption     1   Required  
W2K - Legal Notice Text     1   Required  
W2K - Shutdown without loggin in   0   0   Required  
W2K - Terminal Server enabled     1    
W2K - Terminal Server version   5.0   5.0    
Def Watch   Not Found      
Nav Corp   Not Found      



Key Values of \System\CurrentControlSet\Services\EventLog\Application
Key Name Values
/DisplayNameFile   %SystemRoot%\system32\els.dll  
/DisplayNameID   256  
/File   %SystemRoot%\system32\config\AppEvent.Evt  
/MaxSize   524288  
/PrimaryModule   Application  
/Retention   0  
/   mnmsrvc  
/Sources   Visio Data CollectorADAL SNMPWSHWMDM PMSP ServiceWinsCtrsWinMgmtWinlogonWindows 3.1 MigrationW3CtrsVBRuntimeUserinitUserenvTlntsvrTimbuktu ProSysmonLogSQLServerProfilerSQLServerAgentSQLCTR70SpoolerCtrsSoftware InstallationSclgNtfySceSrvSceCliPlugPlayManagerPhone Book ServicePGPservicePGPsdkServPerlMsgPerfProcPerfOSPerfNetPerfmonPerflibPerfDiskPerfctrsOffline FilesOffice Web ServerOakleyntbackupMSSQLServerMsiInstallerMSDTC ClientMSDTCmnmsrvcMcLogEventMcAutoUpdateLPR Print MonitorLoadPerfLicenseServiceLANGuard Port ScannerKiwi's Syslog DaemonKiwi Syslog DaemonJava VMIPSECPolicyStorageIISInfoCtrsIISADMINIExploreHTTPEXThpmonHostMIBAgentFtpCtrsFrontPage 4.0FrontPage 3.0Folder RedirectionFile DeploymentFax ServiceEvntAgntEventSystemESENTEnterprise MonitorDrWatsonDiskQuotaDataTransformationServicesCOM+CiChkdskCertSvcAutochkApplication ManagementAPGTSApache ServiceAlertManagerAdiscon EvntSLogActive Server PagesApplication  



Key Values of \system\CurrentControlSet\Services\EventLog\Security
Key Name Values
/DisplayNameFile   %SystemRoot%\system32\els.dll  
/DisplayNameID   257  
/File   %SystemRoot%\System32\config\SecEvent.Evt  
/MaxSize   524288  
/PrimaryModule   Security  
/Retention   0  
/Security   0x  #  %  
/Sources   SpoolerSecurity Account ManagerSC ManagerNetDDE ObjectLSADSSecurity  



Key Values of \system\CurrentControlSet\Services\EventLog\System
Key Name Values
/DisplayNameFile   %SystemRoot%\system32\els.dll  
/DisplayNameID   258  
/File   %SystemRoot%\system32\config\SysEvent.Evt  
/MaxSize   524288  
/PrimaryModule   System  
/Retention   0  
/Sources   WorkstationWmiWINSWindows Script HostWindows File ProtectionWin32kWAMW3SVCW32TimeVgaSaveUPSultra66udfsTermServiceTermServDevicesTermDDtdiTCPMonTcpipsym_hisymc8xxsymc810StillImageSrvsparrowSNMPTRAPSNMPsndblstSMTPSVCSimbadsglfbsfloppyService Control ManagerServerserialscsiportScheduleSchannelSCardSvrSave DumpSAMRSVPRemovable Storage ServiceRemoteAccessredbookRdbssRasManRasAutoql2100ql1240ql10wntql1080PrintPptpMiniportPolicyAgentPGPdiskpcmciapciidepciparvdmparportparallelOSPFMibOSPFnullNtServicePackNTMSntfsnpfsNNTPSVCNetlogonNetDDENetBTNetBIOSNdisWanndisncrc710MupMSFTPSVCmsfsmsadlibMrxSmbmraid35xmouclassModemLsaSrvLPDSVClp6nds35LmHostsLDMSLDMlbrtfdcKerberosKDCkbdclassisapnpIPXSAPIPXRouterManagerIPXRIPIPXCPipsraidnIPSECIPRouterManagerIPRIP2IPNATHLPIPBOOTPintelideini910uIISMAPIISLOGIISCTLSIASi8042prtftdiskfs_recflpydiskflashpntfireportfdcfd16_700fastfateventlogEL90XefsE100BDnscacheDnsapidmiodmbootDistributed Link Tracking ServerDistributed Link Tracking ClientdiskperfdiskDHCPServerDhcpDfsSvcDfsDriverdeckzpsxDCOMdac960ntcpqfws2ecpqfcalmcpqarry2cpqarraychangercdromCdmcdfscdaudiocd20xrntbuslogicBrowserbeepAtmElanAtmarpcatirage3atdiskatapiAsyncMacasc3550asc3350pascApplication Popupamsintami0ntAlerteraic78xxaic78u2aic116xaha154xadpu160macpiecacpiabp480n5abiosdskSystem  



Key Values of \System\CurrentControlSet\Services\Lanmanserver\parameters
Key Name Values
/autodisconnect   15  
/enableforcedlogoff   1  
/enablesecuritysignature   0  
/requiresecuritysignature   0  
/NullSessionPipes   COMNAPCOMNODESQL\QUERYSPOOLSSLLSRPCEPMAPPERLOCATORTrkWksTrkSvrCERTPlughNTCommand  
/NullSessionShares   COMCFGDFS$  
/Lmannounce   0  
/Size   3  
/Guid   MNPSCG<  
/CachedOpenLimit   0  
/IRPStackSize   8  
/MaxMpxCt   511  



Key Values of \System\CurrentControlSet\Services\RemoteAccess\Parameters\Ip
Key Name Values
/AllowClientIpAddresses   0  
/AllowNetworkAccess   1  
/EnableIn   1  
/UseDhcpAddressing   0  
/EnableRoute   1  
/NetworkAdapterGUID   {40FAA3CA-D08E-4464-AB8D-59A80F9EBF8E}  



Key Values of \System\CurrentControlSet\Services\SNMP
Key Name Values
/Type   16  
/Start   2  
/ErrorControl   1  
/ImagePath   %SystemRoot%\System32\snmp.exe  
/DisplayName   SNMP Service  
/DependOnService   EventLog  
/DependOnGroup    
/ObjectName   LocalSystem  
/Description   Includes agents that monitor the activity in network devices and report to the network console workstation.  



Key Values of \System\CurrentControlSet\Services\SNMP\Parameters
Key Name Values
/EnableAuthenticationTraps   1  
/NameResolutionRetries   16  



Key Values of \System\CurrentControlSet\Services\SNMP\Parameters\ExtensionAgents
Key Name Values
/1   SOFTWARE\Microsoft\LANManagerMIB2Agent\CurrentVersion  
/2   SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion  
/3   SOFTWARE\Microsoft\HostMIB\CurrentVersion  
/4   SOFTWARE\Microsoft\SNMPMIB\CurrentVersion  
/5   SOFTWARE\Microsoft\SNMP_EVENTS\CurrentVersion  
/6   SOFTWARE\Microsoft\ACS\CurrentVersion  
/7   SOFTWARE\Microsoft\IGMPMibAgent\CurrentVersion  
/8   SOFTWARE\Microsoft\IPMulticastMibAgent\CurrentVersion  
/9   SOFTWARE\Microsoft\RIPMibAgent\CurrentVersion  
/10   SOFTWARE\Microsoft\OSPFMibAgent\CurrentVersion  
/11   SOFTWARE\Microsoft\BOOTPMibAgent\CurrentVersion  
/12   SOFTWARE\Microsoft\IPXMibAgent\CurrentVersion  
/13   SOFTWARE\Microsoft\WINSMibAgent\CurrentVersion  
/14   SOFTWARE\Microsoft\IASAgent\CurrentVersion  
/0   Software\Microsoft\W3SVC\CurrentVersion  
/15   Software\Microsoft\MSFTPSVC\CurrentVersion  
/McALSNMP   SOFTWARE\McAfee\McAlSNMP\CurrentVersion  
/19   SOFTWARE\Microsoft\DHCPMibAgent\CurrentVersion  
/PerfAgent   SOFTWARE\Microsoft\PerformanceAgent\CurrentVersion  
/20   SOFTWARE\Microsoft\MSSQLServer\SNMP\CurrentVersion  



Key Values of \System\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers
Key Name Values



Key Values of \System\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities
Key Name Values
/kaitli2   4  
/noaccess   4  



Key Values of \System\CurrentControlSet\Services\TCPIP\Parameters
Key Name Values
/NV Hostname   ukstap0030  
/DataBasePath   %SystemRoot%\System32\drivers\etc  
/NameServer    
/ForwardBroadcasts   0  
/IPEnableRouter   0  
/Domain   home.com  
/Hostname   ukstap0030  
/SearchList    
/UseDomainNameDevolution   1  
/EnableICMPRedirect   0  
/DeadGWDetectDefault   0  
/DontAddDefaultGatewayDefault   1  
/EnableSecurityFilters   0  
/AllowUnqualifiedQuery   0  
/PrioritizeRecordData   1  
/NV Domain   home.com  



Key Values of \System\CurrentControlSet\Services\TCPIP\Parameters\PersistentRoutes
Key Name Values



Key Values of \System\CurrentControlSet\Services\MSFTPSVC\Parameters
Key Name Values
/MajorVersion   5  
/MinorVersion   0  
/InstallPath   H:\WINNT\System32\inetsrv  
/AllowGuestAccess   0  
/EnablePortAttack   0  



Key Values of \System\CurrentControlSet\Services\MSFTPSVC\Parameters\Vitual Roots
Key Name Values



Key Values of \system\CurrentControlSet\Services\W3SVC\Parameters
Key Name Values
/MajorVersion   5  
/MinorVersion   0  
/InstallPath   H:\WINNT\System32\inetsrv  
/CertMapList   H:\WINNT\System32\inetsrv\iiscrmap.dll  
/AccessDeniedMessage   Error: Access is Denied.  
/Filter DLLs    
/LogFileDirectory   H:\WINNT\System32\LogFiles  



Key Values of \system\CurrentControlSet\Services\W3SVC\Parameters\Script Map
Key Name Values



Key Values of \system\CurrentControlSet\Services\W3SVC\Parameters\Virtual Roots
Key Name Values
//   C:\netsecadmin.com,,201  
//PBServer   H:\Program Files\Phone Book Service\Bin,,5  
//PBSData   H:\Program Files\Phone Book Service\Data,,1  
//MSOffice   H:\Program Files\Microsoft Office\Office\Scripts1\1033\,,205  
//cgi-bin   C:\netsecadmin.com\cgi-bin,,207  
//Printers   H:\WINNT\web\printers,,201  
//_vti_bin   H:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\40\isapi,,205  



Key Values of \SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Key Name Values
/WinVNC   "H:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper  
/ShStatEXE   "H:\Program Files\Network Associates\NetShield NT\SHSTAT.EXE" /STANDALONE  
/PrinTray   H:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe  
/LVComs   H:\WINNT\System32\LVComS.exe  
/RealTray   H:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER  
/New.net Startup   rundll32 H:\WINNT\NEWDOT~2.DLL,NewDotNetStartup  
/LoadQM   loadqm.exe  
/webHancer Agent   "H:\Program Files\webHancer\Programs\whAgent.exe"  



Key Values of \SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Key Name Values



Key Values of \SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
Key Name Values



Key Values of \SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Key Name Values



Key Values of \SOFTWARE\Microsoft\MSSQLServer\Setup
Key Name Values
/SQLPath   H:\MSSQL7  
/SQLDataRoot   H:\MSSQL7  
/SourcePath   F:  



Key Values of \SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion
Key Name Values
/checksum   7822c158ae7d4cd750da034b7dc37b47526edba6c365c54d4a2a37f30b6e1918aa8105ab7d9ead515134652719c9f63d8bd739d0f91a623cbe10600cc4554c7a9d0748c0a3c3c22e7a2598a73fed13  
/RegisteredOwner   bb  
/SerialNumber   2160263232  
/CurrentVersion   7.00.623  



Key Values of \Software\Microsoft\Windows\CurrentVersion\Uninstall
Key Name Values



Display of Selected Configuration Files
File = boot.ini
[boot loader]
 timeout=30
 default=multi(0)disk(0)rdisk(0)partition(2)\WINNT
 [operating systems]
 multi(0)disk(0)rdisk(0)partition(2)\WINNT="Microsoft Windows 2000 Server" /fastdetect
 signature(85c4d37b)disk(1)rdisk(0)partition(3)\WINNT="Microsoft Windows 2000 Advanced Server" /fastdetect
 multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT Server Version 4.00" 
 multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows NT Server Version 4.00 [VGA mode]" /basevideo /sos



Running Processes
PID Process CPU CPU-Time Memory PF Virtual Priority Threads
0   Idle   95.30   23:54:44   16   1   0   Unknown   1  
8   System   0.17   0:0:39   212   5238   24   Normal   47  
184   smss   0.00   0:0:0   348   628   1092   High   6  
212   csrss   0.00   0:0:27   1108   7376   1604   High   12  
236   winlogon   0.00   0:0:2   2480   5838   5620   High   17  
264   services   0.00   0:0:23   5384   6448   4756   Normal   38  
276   lsass   0.00   0:0:2   5424   2607   3432   High   14  
372   rundll32   0.00   0:0:0   4700   1251   3552   Normal   4  
456   svchost   0.00   0:0:0   3000   1560   2896   Normal   10  
484   Languard   0.00   0:5:19   968   4513   5392   Normal   6  
524   amgrsrvc   0.00   0:0:0   3240   846   1952   Normal   4  
544   em50   0.00   0:0:0   1392   1062   2828   Normal   5  
560   svchost   0.00   0:0:4   5912   14008   9052   Normal   30  
592   Syslogd_Service   0.00   0:0:0   4804   2269   4676   Normal   8  
688   llssrv   0.00   0:0:0   1916   478   724   Normal   10  
732   tcpsvcs   0.00   0:0:0   1552   936   2384   Normal   5  
752   Mcshield   0.00   0:1:18   4328   99162   2912   High   11  
792   VsTskMgr   0.00   0:0:0   2640   1610   3000   Normal   9  
856   mnmsrvc   0.00   0:0:0   1508   374   452   Normal   2  
908   OWSTIMER   0.00   0:0:2   3372   1908   2688   Normal   4  
920   PerlSock   0.00   0:0:1   1976   2208   10712   Normal   5  
932   PGPsdkServ   0.00   0:0:0   1616   512   460   Normal   4  
968   regsvc   4.01   0:0:2   1336   7552   632   Normal   4  
980   mstask   0.00   0:0:0   2336   1143   2424   Normal   8  
1000   snmp   0.00   0:0:0   2876   1606   3436   Normal   9  
1072   termsrv   0.00   0:0:0   3316   1047   1872   Normal   12  
1076   UEDIT32   0.00   0:0:33   2628   10137   2360   Normal   3  
1100   explorer   0.00   0:0:44   8096   133618   9884   Normal   17  
1108   winmgmt   0.00   0:0:10   176   6650   664   Normal   3  
1144   mspmspsv   0.00   0:0:0   1368   339   400   Normal   2  
1160   inetinfo   0.00   0:0:6   5300   4180   7736   Normal   31  
1184   PGPservice   0.00   0:0:0   2228   793   792   Normal   5  
1196   sqlmangr   0.00   0:0:0   2476   731   772   Normal   3  
1236   svchost   0.00   0:0:0   3044   893   1484   Normal   11  
1292   whAgent   0.00   0:0:2   4776   7715   4340   Normal   15  
1328   IEXPLORE   0.00   0:0:20   9912   9774   9848   Normal   14  
1336   dfssvc   0.00   0:0:0   1236   310   360   Normal   2  
1468   shstat   0.00   0:0:0   2768   772   1380   Normal   1  
1540   PGPtray   0.00   0:0:0   3836   1371   3172   Normal   6  
1576   OUTLOOK   0.00   0:2:1   6420   34775   9996   Normal   18  
1604   blackice   0.00   0:0:1   3336   846   1008   Normal   2  
1612   msmsgs   0.00   0:0:0   2356   2414   7472   Normal   7  
1628   loadqm   0.00   0:0:0   1936   1574   3056   Normal   7  
1640   realplay   0.00   0:0:21   3004   5490   3204   Normal   7  
1644   LVComS   0.00   0:0:0   1984   495   660   Normal   2  
1676   winmysqladmin.e   0.00   0:0:4   1640   1501   2684   Normal   2  
1932   dllhost   0.00   0:0:0   7136   1826   4232   Normal   30  
1984   cmd   0.00   0:0:0   80   1646   880   Normal   2  
2204   Copernic   0.00   0:0:15   1528   8841   7944   Normal   11  
2244   mstsc   0.00   0:0:12   3756   5484   7228   Normal   12  
2308   dllhost   0.00   0:0:0   3508   2791   1324   Normal   10  
2452   mdm   0.00   0:0:0   2116   671   724   Normal   4  
Check SQL SA account for bad passwords
Username Password Status
No SQL server connection established  



Query SNMP Service
Check SNMP access using default community strings Public and Private
Community Access
Public   Failed  
Private   Failed  



URL Exploit Scan of Web Server
Status Response Code URL used
FOUND   200   /_vti_inf.html  



Open TCPIP ports found
Port Number Description
21   ftp  
25   smtp  
80   http  
135   ntrpc-or-dce  
139   netbios-ssn  
443   https  
445   microsoft-ds  
515   printer  
1723   pptp  
3389   TermServ  
8080   WWW-Proxy