From: RCS (ramseycs@bellsouth.net)
Date: Sun Sep 11 2005 - 23:07:18 EDT
Did you try running it with DEP turned off? pwdump (3 IIRC) did the same
thing to a Windows XP machine I was trying to do weak password testing on.
Turn it off temporarily, then try it.
Dedric Ramsey
Ramsey Consulting Services
----- Original Message -----
From: "Ghetti, Tim" <tghetti@air-worldwide.com>
To: "oh face" <0h.fac3@gmail.com>; <pen-test@securityfocus.com>;
<focus-ms@securityfocus.com>
Sent: Friday, September 09, 2005 4:17 PM
Subject: RE: LSADump2 Crashing Systems
I had this experience with a 2003 server domain controller fully
patched. It killed the lsass process and force rebooted. At the time I
was investigating an unrelated issue and thought that the reboot was due
to the other issue. I never investigated this issue, as it was highly
unlikely that anyone use the LSADump other than me.
> -----Original Message-----
> From: oh face [mailto:0h.fac3@gmail.com]
> Sent: Friday, September 02, 2005 5:31 PM
> To: pen-test@securityfocus.com; focus-ms@securityfocus.com
> Subject: LSADump2 Crashing Systems
>
> In my recent pen-test experience, LSADump2 has been crashing
> Windows boxes. I was able to verify this on fully patched
> Windows XP and 2003.
> In further examination, LSADump2, when executed, killed the "lsass"
> process, and with the "winlogon" process still running, the
> system was forced to reboot. As far as I know, LSADump2 is
> utilizing a DLL injection technique to dump the contents of
> LSA secrets.
>
> Question:
> 1. Has anyone had this experience? If so, is there a safe
> method to execute this tool?
> 2. When I tested LSADump2 on various Windows boxes, not all
> fully patched boxes were affected by this issue. What
> configuration of Windows is exactly causing "lsass" to fail?
>
> Cheers.
>
> --------------------------------------------------------------
> ----------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking
> applications on your website. Up to 75% of cyber attacks are
> launched on shopping carts, forms, login pages, dynamic
> content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website
> for vulnerabilities to SQL injection, Cross site scripting
> and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> --------------------------------------------------------------
> -----------------
>
>
>
----------------------------------------------------------------------------
-- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:52 EDT