lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Sat Sep  3 03:46:03 2005
From: 0h.fac3 at gmail.com (oh face)
Subject: LSADump2 Crashing Windows

In my recent experience, LSADump2 has been crashing Windows boxes. I was 
able to verify this on fully patched Windows XP and 2003. In further 
examination, LSADump2, when executed, killed the "lsass" process, and with 
the "winlogon" process still running, the system was forced to reboot. As 
far as I know, LSADump2 is utilizing a DLL injection technique to dump the 
contents of LSA secrets.

Question:
1. Has anyone had this experience? If so, is there a safe method to execute 
this tool?
2. When I tested LSADump2 on various Windows boxes, not all fully patched 
boxes were affected by this issue. What configuration of Windows is exactly 
causing "lsass" to fail?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050902/5ac64dbc/attachment.html

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux