lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat Sep  3 05:29:51 2005
From: jmcguire81 at cox.net (John McGuire)
Subject: LSADump2 Crashing Windows

I have also had this happen to me, but have not had any luck in narrowing
down the exact culprit. As you stated, it does not appear to just be tied to
MS patches. I have a series of virtual machines running at various patch
levels, and none of them will crash. Running it on my fully patched laptop,
however, will crash every time.  If you happen to find the answer off this
list, please post it. I'd love to know more about it. Thanks

 

John

 

 

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of oh face
Sent: Friday, September 02, 2005 11:42 AM
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] LSADump2 Crashing Windows

 

In my recent experience, LSADump2 has been crashing Windows boxes. I was
able to verify this on fully patched Windows XP and 2003. In further
examination, LSADump2, when executed, killed the "lsass" process, and with
the "winlogon" process still running, the system was forced to reboot. As
far as I know, LSADump2 is utilizing a DLL injection technique to dump the
contents of LSA secrets.

Question:
1. Has anyone had this experience? If so, is there a safe method to execute
this tool?
2. When I tested LSADump2 on various Windows boxes, not all fully patched
boxes were affected by this issue. What configuration of Windows is exactly
causing "lsass" to fail? 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050902/6ba6d854/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ