lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <200310120849853.SM03236@jim>
From: arcturus at secrev.net (Arcturus)
Subject: Who Cried Wolf???!? (or, Who's Shell32.exe?) [was: Local DoS in windows]

In reference to the alleged DoS in Windows... 

FIRST AND FOREMOST

IF YOU DOWNLOAD AND INSTALL SOMEONE ELSE'S CORE WINDOWS FILES ONTO YOUR
SYSTEM, YOU CANNOT EXPECT YOUR SYSTEM TO OPERATE IN THE FASHION THAT IT WAS
ORIGINALLY PRODUCED.  (see the definition of Stupidity, below)  

<soapbox rant>And as far as "bipin gautam"'s website, it's a very poor
excuse for someone that doesn't understand operating systems.  For example,
his Bypass WinXP Logs "TRICK" assumes that the guest account is not
disabled, and that my system won't shutdown when the security event log
cannot be written to.  This "trick" will not work in any reasonably
configured environment.  His other "Tricks" are nothing more than a lack of
understanding of a GUI system, and OS.  While he claims to have forwarded
these to Microsoft, I'm sure that they view these with the same "So What"
attitude that I have.  No bug, no threat, no skill.  This "hunter" makes
assumptions that everyone allows "guest" access to systems, and that
"normal" users have direct access to critical windows system files.  If this
is true of any system, that guest access is enabled without any
restrictions, ANY SYSTEM can be SUBVERTED.</soapbox rant>.

Regarding the "Local DoS in windows", I have the same results as "Joe".  It
does NOT effect my Windows XP system.  Details of the system are under my
signature block.

A short system summary:
AMD T-Bird Processor, 1.4
512Mb RAM.
Dual Monitor, with an NVIDIA and ATI Adapters.
Fully Licensed XP
Fully Licensed Office 2003
SQL 2000 Running on Box
I AM NOT RUNNING SOMEONE ELSE'S HACKED SOFTWARE.

I use this box as my workstation at home, and my test bed for work.  I have
not seen any issues relating to any DoS on my box, unless I begin
downloading files and starve my 100 Mbps Network.

I suggest that the persons who reported this "bug" ("bipin gautam") learn
how to use the performance monitor, and determine what processes and/or
threads are actually running the box at 100% utilization, as it sounds that
they are running an out-of-date video driver, or as Joe suggests, they have
hacked their own shell32.dll to death.

Just my 2?, YMMV.

-
Arcturus
CISSP, CCSE+, CNX.

Stupidity:  This is the act of doing the same thing over and over again, and
expecting a different result each time.

System Summary:

OS Name	Microsoft Windows XP Professional
Version	5.1.2600 Service Pack 1 Build 2600
OS Manufacturer	Microsoft Corporation
System Name	<Like I'm telling you>
System Manufacturer	System Manufacturer
System Model	Product Name
System Type	X86-based PC
Processor	x86 Family 6 Model 4 Stepping 4 AuthenticAMD ~1400 Mhz
BIOS Version/Date	Award Software International, Inc. 6.00 PG, 3/7/2001
SMBIOS Version	2.3
Windows Directory	C:\WINDOWS
System Directory	C:\WINDOWS\System32
Boot Device	\Device\HarddiskDmVolumes\DFFDg0\Volume1
Locale	United States
Hardware Abstraction Layer	Version = "5.1.2600.1106
(xpsp1.020828-1920)"
User Name	<See System Name>
Time Zone	Eastern Standard Time
Total Physical Memory	512.00 MB
Available Physical Memory	11.70 MB
Total Virtual Memory	873.43 MB
Available Virtual Memory	320.10 MB
Page File Space	617.95 MB
Page File	C:\pagefile.sys

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Joe
Sent: Saturday, October 11, 2003 9:32 PM
To: Full-Disclosure@...ts.netsys.com
Cc: bugtraq@...urityfocus.com
Subject: RE: [Full-Disclosure] Local DoS in windows.

Umm nope, not on my XP SP1 machine. I have about 15 windows running and avg
1% utilization. I do your little trick and there is no change. 

Though maybe it is because my machine is one of those really fast 900Mhz
PIII's. 

Maybe the problem is you are running a hacked version of shell32.dll from
http://www.geocities.com/visitbipin/ and he screwed it up. 

Thanks for playing.

   joe


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of bipin gautam
Sent: Friday, October 10, 2003 1:18 PM
To: Full-Disclosure@...ts.netsys.com
Cc: bugtraq@...urityfocus.com

--- [Affected] ---
We have only tried it in windows Xp.

--- [Bug Details] ---
http://www.geocities.com/visitbipin/win_dos.jpg
The image is self explanatory...

--- [Description] ---
When you click to "any" close, maximize or minimize button's in windows Xp,
[No matter whether it's IE or a WordPad] surprisingly there is 100% CPU use
at the instant and it continues............ until you release the button!
Moreover, we've noticed if you continuously click the button for a long time
[... not release it and hold ON ] we've seen gradual/slow rise in page-file
use too...!!!

--- [Conclusion] ---
Hell... local DoS! That could be used by employees working at different
terminal..... (O;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ