Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Shutting down windows NT remotely (without winnt toolkit)?

From: "Evans, TJ" <tjevans () kpmg com>
Date: Fri, 9 Nov 2001 21:32:42 -0500 
In the autoexec.nt, maybe?

Also ... sysinternals.com ... you can run psshutdown on your machine and
*possibly* shutdown the remote box ... a la:
        Psshutdown -t 50 -m "YOUR SERVER IS INFECTED, CLEAN IT!" -f
\\InfectedServersIP
... <no -r should do a shutdown, with a -r it is a restart ... >


Thanks!
TJ

 -----Original Message-----
From:   Marshal [mailto:marshal () marshal-soft com] 
Sent:   Friday, November 09, 2001 8:08 AM
To:     Lincoln Yeoh
Cc:     Robert Freeman; foob () return0 net; supergate () twlc net;
vuln-dev () securityfocus com
Subject:        Re: Shutting down windows NT remotely (without winnt
toolkit)?

Lincoln Yeoh wrote:


At 12:06 AM 05-11-2000 -0800, Robert Freeman wrote:


A reboot is helpful unless the NT box is not password protected or has an
agent to automatically enter the password upon startup. Until an admin

shows

up the box is basically useless.



AFAIK the services still start after a reboot. So the trojaned box still
scans the whole internet. 



I don't for NT but a 'echo your box has a trojan' 'pause' in 
autoexec.bat would do the trick on a windows 95/98 machine..probably 
something similair is possible on NT?


-- 
grt, marshal

[ url  : http://www.startplaza.nu | security news & links    ]
[ url  : http://www.heknet.com    | security news & exploits ]
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.         
*****************************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: