NT TS / Win 2K and F7 - Enter bug

From: liamhat_private
Date: Tue Jul 31 2001 - 22:44:10 PDT

Next message: Knud Erik Højgaard: "Re: Remote ICQ Sound Desactivation"

Previous message: Cisco Systems Product Security Incident Response Team: "UPDATED: Cisco Security Advisory: "Code Red" Worm - Customer Impact"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've got this working, albeheit differently on Win NT/Terminal Server, and
2K Terminal server. Here's an interesting little obfuscation exploit that
works:

1) Log on to TS
2) run cmd.exe
3) do the F7 - Enter exploit

This hangs the cmd.exe window, and this task cannot be ended normally.

Now:

4) Log on as an administrator
5) Bring up Terminal Server Administration
6) Log off the user above

The user's will disappear from the list.

However, the user will still be logged on!
Not only that, but the user can continue to excecute commands (except
cmd.exe) for about 1/2 hour (didn't time it, so I'm not 100% sure).

Also note, Terminal Server Administration may hang in this state when you
try to do a user list.

Cheers,
Liam

Next message: Knud Erik Højgaard: "Re: Remote ICQ Sound Desactivation"
Previous message: Cisco Systems Product Security Incident Response Team: "UPDATED: Cisco Security Advisory: "Code Red" Worm - Customer Impact"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 08:58:47 PDT