From my experience, without an active monitoring agent, any process may request a legal system reboot. A more efficient method would be to use malicious code to reboot, blue screen, or black screen (yes, black screen!). I haven't continued virii-esque development past NT4 SP6, but I imagine the techniques would still work as well as pass right through any monitoring agent. I have a lot of free time these days so I might see what I can cook up for 2000/XP. regards. ----- Original Message ----- From: "Lincoln Yeoh" <lyeohat_private> To: <foobat_private>; <supergateat_private> Cc: <vuln-devat_private> Sent: Friday, November 02, 2001 6:35 PM Subject: Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: possible overflow in ms ftp client) > Is it possible to use it shutdown those Code Red/Nimda NT servers remotely? > Does IIS by default have enough permissions to shutdown the whole computer > or must it do some set privilege thing? > > Cheerio, > Link. > > ---------------------------------------------------- Sign Up for NetZero Platinum Today Only $9.95 per month! http://my.netzero.net/s/signup?r=platinum&refcd=PT97
This archive was generated by hypermail 2b30 : Sun Nov 04 2001 - 08:25:31 PST