A reboot isn't helpful coz the machines come back up and start scanning the whole internet again. And the clueless admins probably won't even notice. A proper no data loss shutdown without having to upload a program is preferable. I tried shutting down NT 4.0 using cmd.exe, rundll32.exe and user32.dll stuff and no luck so far :(. With a shutdown the admins should notice and eventually fix things. If they don't then the server probably wasn't doing anything useful (just scanning the internet :) ) so it might as well be shut down :). Any ideas welcome. Cheerio, Link. At 03:57 AM 04-11-2000 -0800, Robert Freeman wrote: >>From my experience, without an active monitoring agent, any process may >request a legal system reboot. A more efficient method would be to use >malicious code to reboot, blue screen, or black screen (yes, black screen!). >I haven't continued virii-esque development past NT4 SP6, but I imagine the >techniques would still work as well as pass right through any monitoring >agent. I have a lot of free time these days so I might see what I can cook >up for 2000/XP. > >regards. > >----- Original Message ----- >From: "Lincoln Yeoh" <lyeohat_private> >To: <foobat_private>; <supergateat_private> >Cc: <vuln-devat_private> >Sent: Friday, November 02, 2001 6:35 PM >Subject: Re: (pointless?) overflow in tftp.exe (Was: Re: twlc advisory: >possible overflow in ms ftp client) > > > >> Is it possible to use it shutdown those Code Red/Nimda NT servers >remotely? >> Does IIS by default have enough permissions to shutdown the whole computer >> or must it do some set privilege thing? >> >> Cheerio, >> Link.
This archive was generated by hypermail 2b30 : Sun Nov 04 2001 - 18:53:41 PST