Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] LSASS exploit win32 binary

from [Paul Tinsley] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] LSASS exploit win32 binary
Date: Wed, 28 Apr 2004 23:53:18 -0500 
look through the snort mailing lists or through the cvs rules, both
have rules for the lsass exploit.

On Wed, 28 Apr 2004 23:22:09 -0500, Chris Scott <cscott@fluidsmgmt.com> wrote:


Does anyone have snort sigs or any means of defending against the worms that
are exploiting this? Several acquaintances of mine which work for edu's are
reporting their networks being affected by this in a big way. They have 2k
machines which apparently broke when applied with the MS04-011 patch.

Am I correct in saying that LSASS cannot be disabled completely because the
Security Accounts Manager service which uses LSASS is required for normal
operation of Windows?


-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
bosborne@caltex.com.au
Sent: Tuesday, April 27, 2004 10:36 PM
To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] LSASS exploit win32 binary

for those who are testing... a "shutdown -a" will stop it shutting down
although a manual shutdown after that displays a "You do not have
permission to shut down this computer."

tested it on 3 xp boxes without appropriate patch, all crashed.

|---------+-------------------------------------->
|         |           "Chris Scott"              |
|         |           <cscott@fluidsmgmt.com>    |
|         |           Sent by:                   |
|         |           full-disclosure-admin@lists|
|         |           .netsys.com                |
|         |                                      |
|         |                                      |
|         |           28/04/2004 01:00 PM        |
|         |                                      |
|---------+-------------------------------------->


---------------------------------------------------------------------------

-----------------------------------|
  |
|
  |        To:      <Q.Long@city.ac.uk>, <full-disclosure@lists.netsys.com>
|
  |        cc:
|
  |        Subject: RE: [Full-Disclosure] LSASS exploit win32 binary
|


---------------------------------------------------------------------------

-----------------------------------|

Tested against Windows XP Pro without the appropriate patch, it crashes the
service and initiates a shutdown timer.

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
Q.Long@city.ac.uk
Sent: Tuesday, April 27, 2004 6:24 PM
Subject: [Full-Disclosure] LSASS exploit win32 binary

hi kids.
here's the compiled version of LSASS exploit from k-otik ...
http://users.volja.net/exceed/RLsasrv.zip

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Full-Disclosure] LSASS exploit win32 binary, Chris Scott
Next by Date:  Re: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow., Lan Guy
Previous by Thread:  RE: [Full-Disclosure] LSASS exploit win32 binary, Chris Scott
Next by Thread:  RE: [Full-Disclosure] LSASS exploit win32 binary, Stuart Fox (DSL AK)
Indexes:  [Date] [Thread] [Top] [All Lists]