Full Disclosure mailing list archives
Re: LSADump2 Crashing Windows
From: Dave Aitel <dave () immunitysec com>
Date: Sat, 03 Sep 2005 01:16:33 -0400
This is a bug in lsadump2 - there's a type mismatch in one of the functions, although I forget which one. Something is a pointer which shouldn't be, or vice versa. Once you fix that, it'll be good to go.
-dave John McGuire wrote:
I have also had this happen to me, but have not had any luck in narrowing down the exact culprit. As you stated, it does not appear to just be tied to MS patches. I have a series of virtual machines running at various patch levels, and none of them will crash. Running it on my fully patched laptop, however, will crash every time. If you happen to find the answer off this list, please post it. I’d love to know more about it. ThanksJohn -----Original Message-----*From:* full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] *On Behalf Of *oh face*Sent:* Friday, September 02, 2005 11:42 AM *To:* full-disclosure () lists grok org uk *Subject:* [Full-disclosure] LSADump2 Crashing WindowsIn my recent experience, LSADump2 has been crashing Windows boxes. I was able to verify this on fully patched Windows XP and 2003. In further examination, LSADump2, when executed, killed the "lsass" process, and with the "winlogon" process still running, the system was forced to reboot. As far as I know, LSADump2 is utilizing a DLL injection technique to dump the contents of LSA secrets.Question:1. Has anyone had this experience? If so, is there a safe method to execute this tool? 2. When I tested LSADump2 on various Windows boxes, not all fully patched boxes were affected by this issue. What configuration of Windows is exactly causing "lsass" to fail?------------------------------------------------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- LSADump2 Crashing Windows oh face (Sep 02)
- RE: LSADump2 Crashing Windows John McGuire (Sep 02)
- Re: LSADump2 Crashing Windows Dave Aitel (Sep 02)
- Re: LSADump2 Crashing Windows Nicolas RUFF (Sep 05)
- Re: LSADump2 Crashing Windows Nicolas RUFF (Sep 16)
- Re: LSADump2 Crashing Windows Nicolas RUFF (Sep 19)
- Re: LSADump2 Crashing Windows Dave Aitel (Sep 02)
- RE: LSADump2 Crashing Windows John McGuire (Sep 02)