Vulnerability Development mailing list archives
Shutting down windows NT remotely (without winnt toolkit)?
From: Lincoln Yeoh <lyeoh () pop jaring my>
Date: Mon, 05 Nov 2001 10:42:51 +0800
A reboot isn't helpful coz the machines come back up and start scanning the whole internet again. And the clueless admins probably won't even notice. A proper no data loss shutdown without having to upload a program is preferable. I tried shutting down NT 4.0 using cmd.exe, rundll32.exe and user32.dll stuff and no luck so far :(. With a shutdown the admins should notice and eventually fix things. If they don't then the server probably wasn't doing anything useful (just scanning the internet :) ) so it might as well be shut down :). Any ideas welcome. Cheerio, Link. At 03:57 AM 04-11-2000 -0800, Robert Freeman wrote:
From my experience, without an active monitoring agent, any process mayrequest a legal system reboot. A more efficient method would be to use malicious code to reboot, blue screen, or black screen (yes, black screen!). I haven't continued virii-esque development past NT4 SP6, but I imagine the techniques would still work as well as pass right through any monitoring agent. I have a lot of free time these days so I might see what I can cook up for 2000/XP. regards. ----- Original Message ----- From: "Lincoln Yeoh" <lyeoh () pop jaring my> To: <foob () return0 net>; <supergate () twlc net> Cc: <vuln-dev () securityfocus com> Sent: Friday, November 02, 2001 6:35 PM Subject: Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client)Is it possible to use it shutdown those Code Red/Nimda NT serversremotely?Does IIS by default have enough permissions to shutdown the whole computer or must it do some set privilege thing? Cheerio, Link.
Current thread:
- twlc advisory: possible overflow in ms ftp client supergate (Nov 01)
- Re: twlc advisory: possible overflow in ms ftp client Syzop (Nov 01)
- Re: twlc advisory: possible overflow in ms ftp client supergate (Nov 01)
- <Possible follow-ups>
- Re: twlc advisory: possible overflow in ms ftp client supergate (Nov 01)
- (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) foob (Nov 02)
- Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) supergate (Nov 02)
- Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) Lincoln Yeoh (Nov 03)
- Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) Robert Freeman (Nov 04)
- Shutting down windows NT remotely (without winnt toolkit)? Lincoln Yeoh (Nov 04)
- Re: Shutting down windows NT remotely (without winnt toolkit)? Robert Freeman (Nov 05)
- Re: Shutting down windows NT remotely (without winnt toolkit)? Lincoln Yeoh (Nov 08)
- Re: Shutting down windows NT remotely (without winnt toolkit)? Robert Freeman (Nov 08)
- Re: Shutting down windows NT remotely (without winnt toolkit)? Marshal (Nov 09)
- (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) foob (Nov 02)
- Re: twlc advisory: possible overflow in ms ftp client Syzop (Nov 01)