Full Disclosure mailing list archives
RE: Test your windows OS
From: "Sean Crawford" <sean01 () accnet com au>
Date: Tue, 5 Oct 2004 05:06:31 +1000
Alex Wrote--------------> ---> Oooo my... ---> Got around 12 of win32 executable crashes on my Win2K server with all ---> patches... ---> This is much better tool that MS Baseline Security analyzer :-( Alex I don't know why you would run it on a working server??.....did you want to reboot anyway or something?. It's not exactly pen testing.. So what did you learn? Thanks. Sean. ---> From: "Berend-Jan Wever" <skylined () edup tudelft nl> ---> To: <full-disclosure () lists netsys com> ---> Sent: Monday, October 04, 2004 11:39 AM ---> Subject: [Full-disclosure] Test your windows OS ---> ---> ---> > Hi all, ---> > ---> > Wanna do a quick test to see if the programmers that wrote ---> your windows ---> operating system have any clue as to what there doing ? Run ---> these commands ---> from cmd.exe in the system32 directory: ---> > ---> > for %i in (*.exe) do start %i ---> %n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n%n ---> > for %i in (*.exe) do start %i ---> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.... (type as much "A"-s as ---> cmd.exe allows on one line.) ---> > ---> > Each command will execute every program in your system32 ---> directory, most ---> of them will either ignore the parameter or report an error because the ---> parameter doesn't make sence... But on my win2k system I found ---> 6 programs ---> vulnerable to these very simple formatsting and BoF tests.... ---> grpconv even ---> gives EIP 0x00410041, can it be any easier? ---> > ---> > These are not vulnerabilities in itself: you cannot gain ---> access or elevate ---> priviledges but I just wanted to let you know that these ---> programmers did a ---> sloppy job. ---> > ---> > Cheers, ---> > SkyLined _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Test your windows OS Berend-Jan Wever (Oct 04)
- Re: Test your windows OS KF_lists (Oct 04)
- Re: Test your windows OS Alex (Oct 04)
- RE: Test your windows OS Sean Crawford (Oct 04)
- Re: Test your windows OS Berend-Jan Wever (Oct 04)
- Re: Test your windows OS Steve Wray (Oct 05)
- Re: Test your windows OS Vincent Archer (Oct 05)