Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Shutting down windows NT remotely (without winnt toolkit)?

From: "Robert Freeman" <freem100 () chapman edu>
Date: Mon, 6 Nov 2000 02:47:13 -0800
----- Original Message -----
From: "Lincoln Yeoh" <lyeoh () pop jaring my>
Subject: Re: Shutting down windows NT remotely (without winnt toolkit)?



So is it impossible to remotely shutdown (properly) a default install NT
machine (no reskit stuff, just infected with codered/nimda)?


It is possible to create a fake install on a single command line which
forces a reboot (albeit properly). I have adapted some code I found
elsewhere to illustrate:

cmd /C @ECHO OFF & cd/d %temp% & echo [version] > z.inf & echo
signature=$chicago$ >> z.inf & echo [defaultinstall] >> z.inf & rundll32
setupapi,InstallHinfSection DefaultInstall 1 %temp%\z.inf & del z.inf

A cheap fix would be to modify the above example to also rename say the
Winsock DLL's so when the box reboots, it is unable to start network
services.

regards.

----------------------------------------------------
Sign Up for NetZero Platinum Today
Only $9.95 per month!
http://my.netzero.net/s/signup?r=platinum&refcd=PT97
Previous By Date Next
Previous By Thread Next

Current thread: