Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] NT4 worm

from [Juha-Matti Laurio] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] NT4 worm
Date: Wed, 30 Aug 2006 23:03:59 +0300 (EEST) 
My point was to clarify if these reports are especially related to NT4 machines 
and the reply states they are.
I.e. when word 'NT4' was used in the title I made a conclusion that there was 
observations about infected NT4 machines.
Absolutely the exploit will work on W2K boxes.

BTW: Can someone confirm that Netapi32.dll (vulnerable component of MS06-040) 
is part of fully patched NT4.0 installation.
Thanks.

- Juha-Matti

H D Moore <fdlist@digitaloffense.net> wrote:

The exploit for NT 4.0 is *exactly* the same packet as the one you would also use on Windows 2000. I am suprised that this is considered a "NT 4" worm and not a "Windows 2000 (+NT 4.0)" worm. Is something specific about the exploit they use that prevents it from working on Windows 2000?

-HD

On Wednesday 30 August 2006 10:11, Juha-Matti Laurio wrote:
> Are the machines you have experience especially NT4.0 machines?
> It appears that one of the PoC's (public on Monday 28th Aug) lists the
> following information: "Systems Affected:
> *  Microsoft Windows 2000 SP0-SP4
> *  Microsoft Windows XP SP0-SP1
> *  Microsoft Windows NT 4.0"
>
> but reportedly it is tested against XPSP1 and W2KSP4 systems.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Secure OWA, Mark Senior
Next by Date:  Re: [Full-disclosure] Secure OWA, Brian Eaton
Previous by Thread:  Re: [Full-disclosure] NT4 worm, H D Moore
Next by Thread:  Re: [Full-disclosure] NT4 worm, Juha-Matti Laurio
Indexes:  [Date] [Thread] [Top] [All Lists]