Vulnerability Development mailing list archives
Re: Shutting down windows NT remotely (without winnt toolkit)?
From: "Robert Freeman" <freem100 () chapman edu>
Date: Mon, 6 Nov 2000 02:47:13 -0800
----- Original Message ----- From: "Lincoln Yeoh" <lyeoh () pop jaring my> Subject: Re: Shutting down windows NT remotely (without winnt toolkit)?
So is it impossible to remotely shutdown (properly) a default install NT machine (no reskit stuff, just infected with codered/nimda)?
It is possible to create a fake install on a single command line which forces a reboot (albeit properly). I have adapted some code I found elsewhere to illustrate: cmd /C @ECHO OFF & cd/d %temp% & echo [version] > z.inf & echo signature=$chicago$ >> z.inf & echo [defaultinstall] >> z.inf & rundll32 setupapi,InstallHinfSection DefaultInstall 1 %temp%\z.inf & del z.inf A cheap fix would be to modify the above example to also rename say the Winsock DLL's so when the box reboots, it is unable to start network services. regards. ---------------------------------------------------- Sign Up for NetZero Platinum Today Only $9.95 per month! http://my.netzero.net/s/signup?r=platinum&refcd=PT97
Current thread:
- Re: twlc advisory: possible overflow in ms ftp client, (continued)
- Re: twlc advisory: possible overflow in ms ftp client Syzop (Nov 01)
- Re: twlc advisory: possible overflow in ms ftp client supergate (Nov 01)
- Re: twlc advisory: possible overflow in ms ftp client supergate (Nov 01)
- (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) foob (Nov 02)
- Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) supergate (Nov 02)
- Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) Lincoln Yeoh (Nov 03)
- Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) Robert Freeman (Nov 04)
- Shutting down windows NT remotely (without winnt toolkit)? Lincoln Yeoh (Nov 04)
- Re: Shutting down windows NT remotely (without winnt toolkit)? Robert Freeman (Nov 05)
- Re: Shutting down windows NT remotely (without winnt toolkit)? Lincoln Yeoh (Nov 08)
- Re: Shutting down windows NT remotely (without winnt toolkit)? Robert Freeman (Nov 08)
- Re: Shutting down windows NT remotely (without winnt toolkit)? Marshal (Nov 09)
- (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) foob (Nov 02)
- Re: twlc advisory: possible overflow in ms ftp client Syzop (Nov 01)