Re: Win2K Local DoS?

[pantera () BALANCEPOINTGOLF COM]

Hi there,

To kill a process in Win2k (even services.exe) drop to a command
prompt, type kill <pid>

> Oliver Friedrichs says:
> ! Once you have execute permission on a Windows system there's not
> ! alot limiting you from using resources.
>
> Very true, I fail to see the use of a local DoS. If you want to kill the
> machine the 'shutdown' feature comes to mind.
>
> Dimitry Andric says:
> ! It simply checks for some reserved names, such as services.exe,
> lsass.exe or
> ! winlogon.exe, and refuses to even _try_ a OpenProcess() +
> TerminateProcess()
> ! call on these.
>
> This is an interesting limitation/feature. I'm glad to see you also
> realised the potential for trojans here! However I'm not quite sure to
> understand how you would not be able to use an OpenProcess() for
> something called services.exe. I actually made a small app, renamed it
> services.exe and ran it. Surely enough, it showed as a duplicate
> services.exe in my task manager, and there was no way i could kill it.
> Cool.
>
> IMHO, this is a rather serious flaw in the task manager. Imposing
> restrictions or assuming a critical process by a string match on its
> name is not even bad, its downright evil (i wonder if i rename my
> account administrator... heh). Maybe someone should contact MS?
>
> M.