Vulnerability Development mailing list archives
Re: Win2K Local DoS?
From: pantera () BALANCEPOINTGOLF COM
Date: Sat, 5 Aug 2000 12:59:41 -0700
Hi there, To kill a process in Win2k (even services.exe) drop to a command prompt, type kill <pid>
Oliver Friedrichs says: ! Once you have execute permission on a Windows system there's not ! alot limiting you from using resources. Very true, I fail to see the use of a local DoS. If you want to kill the machine the 'shutdown' feature comes to mind. Dimitry Andric says: ! It simply checks for some reserved names, such as services.exe, lsass.exe or ! winlogon.exe, and refuses to even _try_ a OpenProcess() + TerminateProcess() ! call on these. This is an interesting limitation/feature. I'm glad to see you also realised the potential for trojans here! However I'm not quite sure to understand how you would not be able to use an OpenProcess() for something called services.exe. I actually made a small app, renamed it services.exe and ran it. Surely enough, it showed as a duplicate services.exe in my task manager, and there was no way i could kill it. Cool. IMHO, this is a rather serious flaw in the task manager. Imposing restrictions or assuming a critical process by a string match on its name is not even bad, its downright evil (i wonder if i rename my account administrator... heh). Maybe someone should contact MS? M.
Current thread:
- Win2K Local DoS? Kevin Stephenson (Aug 03)
- Re: Win2K Local DoS? Dimitry Andric (Aug 03)
- Re: Win2K Local DoS? Alexander Sanda (Aug 03)
- Re: Win2K Local DoS? LordRaYden (Aug 05)
- <Possible follow-ups>
- Re: Win2K Local DoS? Oliver Friedrichs (Aug 03)
- Re: Win2K Local DoS? Maxime Rousseau (Aug 05)
- Re: Win2K Local DoS? Dimitry Andric (Aug 05)
- Re: Win2K Local DoS? Kevin Stephenson (Aug 06)
- Re: Win2K Local DoS? Mikael Olsson (Aug 08)
- Re: Win2K Local DoS? Nicolas Rachinsky (Aug 09)
- Re: Win2K Local DoS? Dimitry Andric (Aug 05)
- Re: Win2K Local DoS? pantera (Aug 05)
- Re: Win2K Local DoS? bfiero (Aug 09)
- Re: Win2K Local DoS? Timothy J. Miller (Aug 10)
- Re: Win2K Local DoS? Richard Rager (Aug 14)
- Re: Win2K Local DoS? Timothy J. Miller (Aug 10)